Skip to content

MrMeizhi/ysoserial-mangguogan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
base64.jpg
base64.jpg
 
 
create.jpg
create.jpg
 
 
detect.jpg
detect.jpg
 
 
execute.jpg
execute.jpg
 
 
ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar
ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar
 
 

Repository files navigation

ApereoCas反序列化回显与检测

0x01 前言

工具源码来源于

https://github.com/frohoff/ysoserial

改造思路来源于

https://www.00theway.org/2020/01/04/apereo-cas-rce/
https://www.anquanke.com/post/id/198842
https://www.freebuf.com/vuls/226149.html

0x02 使用方法

命令执行:

java -jar ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar encode CommonsCollections4

create execute CommonsCollections4 这个payload可以自行修改,选项可参考ysoserial的用法

检测:

java -jar ysoserial-managguogan-0.0.1-SNAPSHOT-all.jar decode base64string 1.txt

base64string应该注意把前面的杂乱数据去掉,比如 base64 detect xxx.txt是把序列化数据存入到xxx.txt文件中

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published