The principle of fastjson vulnerability exploitation?
A
The malicious json format payload is sent in the request packet. When the vulnerability is processing the json object, the @type field is not filtered, so that the attacker can pass in the malicious Templateslmpl class, and this class has a field called _bytecodes. Some functions will generate java instances based on this _bytecodes, which allows fastjson to pass in a class through the field, and then execute the constructor when the class is generated.
How to find shiro vulnerabilities?
A
When the login fails, it will return the rememberMe=deleteMe field or use shiroScan passive scanning to find out
Which vulnerabilities will be high-frequency A
a. Apache Shiro-related vulnerabilities
b. Fastjson vulnerability
c.Log4j
d. Upload vulnerability
e. Border network device assets + weak passwords
Tool topic
Q
What tools do you often use in penetration testing?
A
collect message
Nmap, Fofa, Shodan, zoomeye, webmaster tool, Bugscaner, tidal fingerprint, cloud fingerprint, Censys, whatwebWTFScan, subdomain digger, dnsdist6, WAFw0Of, Fping, arping, nping, nbtscan, whois, Layer subdomain collection tool, JSFindA
a. Apache Shiro-related vulnerabilities
b. Fastjson vulnerability
c.Log4j
d. Upload vulnerability
e. Border network device assets + weak passwords
Tool topic
Q
What tools do you often use in penetration testing?
A
collect message
Nmap, Fofa, Shodan, zoomeye, webmaster tool, Bugscaner, tidal fingerprint, cloud fingerprint, Censys, whatwebWTFScan, subdomain digger, dnsdist6, WAFw0Of, Fping, arping, nping, nbtscan, whois, Layer subdomain collection tool, JSFind packet capture analysis
Burp Suite, Wireshark, TrafficTools, fiddle r, hack firefox, proxifier, shadowsocks and other port scanning
Nmap, Zenmap, Masscan, Yujian port scanning tool, Hping3, Advanced_Port_Scanner, PortScan, netscan tools, blackwater, Unicornscan, nast, Knocker, IPscan, etc.
vulnerability scan
Nessus, AWVS, X-ray, Appscan, W3af, O penVAS,Skipfish,lynis, WPscan, Comod o HackerProof,Nexpose community,Vuln erability Manager Plus, Nikto等
directory scan or brute force
Dirbuster, Yujian directory blasting tool, dirsearch, dirb, ffuf, Dirmap, cansin, Wscan,
Webdirscan, SourceLeakHacker, fuff and other brute force crackers, wwwscan and other er, wwwscan and so on are used for RBI?