Skip to content

longofo/PaddingOracleAttack-Shiro-721

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.idea
 
 
src
 
 
target
 
 
README.md
 
 
debug.log
 
 
dependency-reduced-pom.xml
 
 
error.log
 
 
pom.xml
 
 

README.md

Shiro-721 Padding Oracle Attack

之前为了应急还是去搞了下这个漏洞...,这个漏洞在实际中应该不太可能攻击成功,不过学习下还是可以的。 代码写得有点丑,不过不要仅,能跑...

Usage

  1. 克隆项目,在项目下执行mvn clean package,会在target下生成两个jar包,PaddingOracleAttack-1.0-SNAPSHOT.jar带了依赖包,直接使用这个就行
  2. 执行java -jar PaddingOracleAttack.jar targetUrl rememberMeCookie blockSize payloadFilePath,例如: java -jar PaddingOracleAttack-1.0-SNAPSHOT.jar http://127.0.0.1:8080/samples-web-1.5.0-SNAPSHOT/ rememberMeCookie 16 payload.ser

注: payloadFilePath为恶意的序列化数据文件,可以使用ysoserial生成,尽量选择payload短的,不然爆破时间很长,够等。中途出错了可能需要重新运行,可能是服务器扛不住的原因...

参考:https://blog.skullsecurity.org/2016/going-the-other-way-with-padding-oracles-encrypting-arbitrary-data

免责声明:本工具仅供安全测试学习用途,禁止非法使用

About

Shiro-721 Padding Oracle Attack

Resources

Readme

Stars

57 stars

Watchers

2 watching

Forks

13 forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages