yso

package
v1.2.9-sp2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2023 License: AGPL-3.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// CommonsCollections1/3/5/6/7链,需要<=3.2.1版本
	CC31Or321 = "org.apache.commons.collections.functors.ChainedTransformer"
	CC322     = "org.apache.commons.collections.ExtendedProperties$1"
	CC40      = "org.apache.commons.collections4.functors.ChainedTransformer"
	CC41      = "org.apache.commons.collections4.FluentIterable"
	// CommonsBeanutils2链,serialVersionUID不同,1.7x-1.8x为-3490850999041592962,1.9x为-2044202215314119608
	CB17  = "org.apache.commons.beanutils.MappedPropertyDescriptor$1"
	CB18x = "org.apache.commons.beanutils.DynaBeanMapDecorator$MapEntry"
	CB19x = "org.apache.commons.beanutils.BeanIntrospectionData"
	//c3p0 serialVersionUID不同,0.9.2pre2-0.9.5pre8为7387108436934414104,0.9.5pre9-0.9.5.5为7387108436934414104
	C3p092x = "com.mchange.v2.c3p0.impl.PoolBackedDataSourceBase"
	C3p095x = "com.mchange.v2.c3p0.test.AlwaysFailDataSource"
	// AspectJWeaver 需要cc31
	Ajw = "org.aspectj.weaver.tools.cache.SimpleCache"
	// bsh serialVersionUID不同,2.0b4为4949939576606791809,2.0b5为4041428789013517368,2.0.b6无法反序列化
	Bsh20b4 = "bsh.CollectionManager$1"
	Bsh20b5 = "bsh.engine.BshScriptEngine"
	Bsh20b6 = "bsh.collection.CollectionIterator$1"
	// Groovy 1.7.0-2.4.3,serialVersionUID不同,2.4.x为-8137949907733646644,2.3.x为1228988487386910280
	Groovy1702311 = "org.codehaus.groovy.reflection.ClassInfo$ClassInfoSet"
	Groovy24x     = "groovy.lang.Tuple2"
	Groovy244     = "org.codehaus.groovy.runtime.dgm$1170"
	// Becl JDK<8u251
	Becl                = "com.sun.org.apache.bcel.internal.util.ClassLoader"
	DefiningClassLoader = "org.mozilla.javascript.DefiningClassLoader"
	Jdk7u21             = "com.sun.corba.se.impl.orbutil.ORBClassLoader"
	// JRE8u20 7u25<=JDK<=8u20,虽然叫JRE8u20其实JDK8u20也可以,这个检测不完美,8u25版本以及JDK<=7u21会误报,可综合Jdk7u21来看
	JRE8u20 = "javax.swing.plaf.metal.MetalFileChooserUI$DirectoryComboBoxModel$1"
	// ROME1000 Rome <= 1.11.1
	ROME1000 = "com.sun.syndication.feed.impl.ToStringBean"
	ROME1111 = "com.rometools.rome.feed.impl.ObjectBean"
	// Fastjson fastjson<=1.2.48 存在一个链,全版本需要用hashMap绕过checkAutoType
	// 此链依赖BadAttributeValueExpException,在JDK1.7中无法使用.此时需要用springAOP绕过
	Fastjson = "com.alibaba.fastjson.JSONArray"
	// Jackson jackson-databind>=2.10.0存在一个链
	Jackson = "com.fasterxml.jackson.databind.node.NodeSerialization"
	// SpringAOP fastjon/jackson两个链的变种都需要springAOP
	SpringAOP = "org.springframework.aop.target.HotSwappableTargetSource.HotSwappableTargetSource"
	LinuxOS   = "sun.awt.X11.AwtGraphicsConfigData"
	WindowsOS = "sun.awt.windows.WButtonPeer"
)
View Source
const (
	BeanShell1GadgetName              = "BeanShell1"
	CommonsCollections1GadgetName     = "CommonsCollections1"
	CommonsCollections5GadgetName     = "CommonsCollections5"
	CommonsCollections6GadgetName     = "CommonsCollections6"
	CommonsCollections7GadgetName     = "CommonsCollections7"
	CommonsCollectionsK3GadgetName    = "CommonsCollectionsK3"
	CommonsCollectionsK4GadgetName    = "CommonsCollectionsK4"
	Groovy1GadgetName                 = "Groovy1"
	Click1GadgetName                  = "Click1"
	CommonsBeanutils1GadgetName       = "CommonsBeanutils1"
	CommonsBeanutils183NOCCGadgetName = "CommonsBeanutils183NOCC"
	CommonsBeanutils192NOCCGadgetName = "CommonsBeanutils192NOCC"
	CommonsCollections2GadgetName     = "CommonsCollections2"
	CommonsCollections3GadgetName     = "CommonsCollections3"
	CommonsCollections4GadgetName     = "CommonsCollections4"
	CommonsCollections8GadgetName     = "CommonsCollections8"
	CommonsCollectionsK1GadgetName    = "CommonsCollectionsK1"
	CommonsCollectionsK2GadgetName    = "CommonsCollectionsK2"
	JBossInterceptors1GadgetName      = "JBossInterceptors1"
	JSON1GadgetName                   = "JSON1"
	JavassistWeld1GadgetName          = "JavassistWeld1"
	Jdk7u21GadgetName                 = "Jdk7u21"
	Jdk8u20GadgetName                 = "Jdk8u20"
	URLDNS                            = "URLDNS"
	FindGadgetByDNS                   = "FindGadgetByDNS"
	FindClassByBomb                   = "FindClassByBomb"
)
View Source
const (
	RuntimeExecClass               = "RuntimeExecClass"
	ProcessBuilderExecClass        = "ProcessBuilderExecClass"
	ProcessImplExecClass           = "ProcessImplExecClass"
	DNSlogClass                    = "DNSlogClass"
	SpringEchoClass                = "SpringEchoClass"
	ModifyTomcatMaxHeaderSizeClass = "ModifyTomcatMaxHeaderSizeClass"
	EmptyClassInTemplate           = "EmptyClassInTemplate"
	TcpReverseClass                = "TcpReverseClass"
	TcpReverseShellClass           = "TcpReverseShellClass"
	TomcatEchoClass                = "TomcatEchoClass"
	BytesClass                     = "BytesClass"
	MultiEchoClass                 = "MultiEchoClass"
	HeaderEchoClass                = "HeaderEchoClass"
	SleepClass                     = "SleepClass"
)

Variables

View Source
var AllClasses = map[string]*ClassPayload{}
View Source
var AllGadgets = map[string]*GadgetInfo{}
View Source
var Exports = map[string]interface{}{

	"ToBytes": ToBytes,
	"ToBcel":  ToBcel,
	"ToJson":  ToJson,
	"dump":    Dump,

	"GetJavaObjectFromBytes":  GetJavaObjectFromBytes,
	"GetBeanShell1JavaObject": GetBeanShell1JavaObject,
	"GetClick1JavaObject":     GetClick1JavaObject,

	"GetCommonsBeanutils1JavaObject":       GetCommonsBeanutils1JavaObject,
	"GetCommonsBeanutils183NOCCJavaObject": GetCommonsBeanutils183NOCCJavaObject,
	"GetCommonsBeanutils192NOCCJavaObject": GetCommonsBeanutils192NOCCJavaObject,
	"GetCommonsCollections1JavaObject":     GetCommonsCollections1JavaObject,
	"GetCommonsCollections2JavaObject":     GetCommonsCollections2JavaObject,
	"GetCommonsCollections3JavaObject":     GetCommonsCollections3JavaObject,
	"GetCommonsCollections4JavaObject":     GetCommonsCollections4JavaObject,
	"GetCommonsCollections5JavaObject":     GetCommonsCollections5JavaObject,
	"GetCommonsCollections6JavaObject":     GetCommonsCollections6JavaObject,
	"GetCommonsCollections7JavaObject":     GetCommonsCollections7JavaObject,
	"GetCommonsCollections8JavaObject":     GetCommonsCollections8JavaObject,
	"GetCommonsCollectionsK1JavaObject":    GetCommonsCollectionsK1JavaObject,
	"GetCommonsCollectionsK2JavaObject":    GetCommonsCollectionsK2JavaObject,
	"GetCommonsCollectionsK3JavaObject":    GetCommonsCollectionsK3JavaObject,
	"GetCommonsCollectionsK4JavaObject":    GetCommonsCollectionsK4JavaObject,
	"GetGroovy1JavaObject":                 GetGroovy1JavaObject,
	"GetJBossInterceptors1JavaObject":      GetJBossInterceptors1JavaObject,
	"GetURLDNSJavaObject":                  GetURLDNSJavaObject,
	"GetFindGadgetByDNSJavaObject":         GetFindGadgetByDNSJavaObject,

	"GetJSON1JavaObject":          GetJSON1JavaObject,
	"GetJavassistWeld1JavaObject": GetJavassistWeld1JavaObject,
	"GetJdk7u21JavaObject":        GetJdk7u21JavaObject,
	"GetJdk8u20JavaObject":        GetJdk8u20JavaObject,

	"GetAllGadget":            GetAllGadget,
	"GetAllTemplatesGadget":   GetAllTemplatesGadget,
	"GetAllRuntimeExecGadget": GetAllRuntimeExecGadget,

	"GetGadgetNameByFun": GetGadgetNameByFun,

	"GetSimplePrincipalCollectionJavaObject": GetSimplePrincipalCollectionJavaObject,

	"LoadClassFromBytes":  LoadClassFromBytes,
	"LoadClassFromBase64": LoadClassFromBase64,
	"LoadClassFromBCEL":   LoadClassFromBCEL,

	"GenerateClassObjectFromBytes":                     GenerateClassObjectFromBytes,
	"GenerateRuntimeExecEvilClassObject":               GenerateRuntimeExecEvilClassObject,
	"GenerateProcessBuilderExecEvilClassObject":        GenerateProcessBuilderExecEvilClassObject,
	"GenerateProcessImplExecEvilClassObject":           GenerateProcessImplExecEvilClassObject,
	"GenerateDNSlogEvilClassObject":                    GenDnslogClassObject,
	"GenerateSpringEchoEvilClassObject":                GenerateSpringEchoEvilClassObject,
	"GenerateModifyTomcatMaxHeaderSizeEvilClassObject": GenerateModifyTomcatMaxHeaderSizeEvilClassObject,
	"GenerateTcpReverseEvilClassObject":                GenTcpReverseClassObject,
	"GenerateTcpReverseShellEvilClassObject":           GenTcpReverseShellClassObject,
	"GenerateTomcatEchoClassObject":                    GenTomcatEchoClassObject,
	"GenerateMultiEchoClassObject":                     GenMultiEchoClassObject,
	"GenerateHeaderEchoClassObject":                    GenHeaderEchoClassObject,
	"GenerateSleepClassObject":                         GenSleepClassObject,

	"useBytesEvilClass":         SetBytesEvilClass,
	"useBytesClass":             SetClassBytes,
	"useBase64BytesClass":       SetClassBase64Bytes,
	"useTomcatEchoEvilClass":    SetTomcatEchoEvilClass,
	"useTomcatEchoTemplate":     SetClassTomcatEchoTemplate,
	"useMultiEchoEvilClass":     SetMultiEchoEvilClass,
	"useClassMultiEchoTemplate": SetClassMultiEchoTemplate,

	"useModifyTomcatMaxHeaderSizeTemplate": SetClassModifyTomcatMaxHeaderSizeTemplate,

	"useSpringEchoTemplate":   SetClassSpringEchoTemplate,
	"springHeader":            SetHeader,
	"springParam":             SetParam,
	"springRuntimeExecAction": SetExecAction,
	"springEchoBody":          SetEchoBody,

	"useDNSlogTemplate":  SetClassDnslogTemplate,
	"dnslogDomain":       SetDnslog,
	"useDNSLogEvilClass": SetDnslogEvilClass,

	"useRuntimeExecTemplate":  SetClassRuntimeExecTemplate,
	"command":                 SetExecCommand,
	"majorVersion":            SetMajorVersion,
	"useRuntimeExecEvilClass": SetRuntimeExecEvilClass,

	"useProcessBuilderExecTemplate":  SetClassProcessBuilderExecTemplate,
	"useProcessBuilderExecEvilClass": SetProcessBuilderExecEvilClass,

	"useProcessImplExecTemplate":  SetClassProcessImplExecTemplate,
	"useProcessImplExecEvilClass": SetProcessImplExecEvilClass,

	"useTcpReverseTemplate":  SetClassTcpReverseTemplate,
	"tcpReverseHost":         SetTcpReverseHost,
	"tcpReversePort":         SetTcpReversePort,
	"tcpReverseToken":        SetTcpReverseToken,
	"useTcpReverseEvilClass": SetTcpReverseEvilClass,

	"useTcpReverseShellTemplate":  SetClassTcpReverseShellTemplate,
	"useTcpReverseShellEvilClass": SetTcpReverseShellEvilClass,

	"useHeaderEchoTemplate":  SetClassHeaderEchoTemplate,
	"useHeaderEchoEvilClass": SetHeaderEchoEvilClass,
	"useHeaderParam":         SetHeader,

	"useSleepTemplate":  SetClassSleepTemplate,
	"useSleepEvilClass": SetSleepEvilClass,
	"useSleepTime":      SetSleepTime,

	"useConstructorExecutor":       SetConstruct,
	"evilClassName":                SetClassName,
	"obfuscationClassConstantPool": SetObfuscation,
}
View Source
var LDAPExports = map[string]interface{}{
	"NewLdapServer":         ldapserver.NewLdapServer,
	"NewLdapServerWithPort": ldapserver.NewLdapServerWithPort,
}

Functions

func AllCmdWrapper

func AllCmdWrapper(cmd string) []string

func BashCmdWrapper

func BashCmdWrapper(cmd string) string

func ClojureCmdWrapper

func ClojureCmdWrapper(cmd string) string

func CreateTemplateByClassObject

func CreateTemplateByClassObject(class *javaclassparser.ClassObject) *yserx.JavaObject

func Dump

func Dump(i interface{}) (string, error)

func FindJavaSerializableClassCode added in v1.3.0

func FindJavaSerializableClassCode(obj interface{}) []string

func GenDnslogClassObject

func GenDnslogClassObject(domain string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

dnslog生成

func GenEmptyClassInTemplateClassObject

func GenEmptyClassInTemplateClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

空类生成(用于template)

func GenHeaderEchoClassObject added in v1.2.4

func GenHeaderEchoClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenMultiEchoClassObject

func GenMultiEchoClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenSleepClassObject added in v1.2.4

func GenSleepClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenTcpReverseClassObject

func GenTcpReverseClassObject(host string, port int, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenTcpReverseShellClassObject

func GenTcpReverseShellClassObject(host string, port int, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenTomcatEchoClassObject

func GenTomcatEchoClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateClassObjectFromBytes

func GenerateClassObjectFromBytes(bytes []byte, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateModifyTomcatMaxHeaderSizeEvilClassObject

func GenerateModifyTomcatMaxHeaderSizeEvilClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateProcessBuilderExecEvilClassObject

func GenerateProcessBuilderExecEvilClassObject(cmd string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateProcessImplExecEvilClassObject

func GenerateProcessImplExecEvilClassObject(cmd string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateRuntimeExecEvilClassObject

func GenerateRuntimeExecEvilClassObject(cmd string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func GenerateSpringEchoEvilClassObject

func GenerateSpringEchoEvilClassObject(options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

spring生成

func GenerateTemplates

func GenerateTemplates(cmd string) []*yserx.JavaObject

func GetAllClassGenerator

func GetAllClassGenerator() map[string]*ClassPayload

func GetAllGadget

func GetAllGadget() []interface{}

func GetGadgetChecklist

func GetGadgetChecklist() map[string]string

func GetGadgetNameByFun

func GetGadgetNameByFun(i interface{}) (string, error)

func IndexFromBytes

func IndexFromBytes(byt []byte, sub interface{}) int

func JavaSerializableObjectDumper

func JavaSerializableObjectDumper(javaObject *JavaObject) (string, error)

func LoadClassFromBCEL added in v1.2.3

func LoadClassFromBCEL(data string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func LoadClassFromBase64 added in v1.2.3

func LoadClassFromBase64(base64 string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func LoadClassFromBytes added in v1.2.3

func LoadClassFromBytes(bytes []byte, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func LoadClassFromJson added in v1.2.3

func LoadClassFromJson(jsonData string, options ...GenClassOptionFun) (*javaclassparser.ClassObject, error)

func PerlCmdWrapper

func PerlCmdWrapper(cmd string) string

func PowerShellCmdWrapper

func PowerShellCmdWrapper(cmd string) string

func PythonCmdWrapper

func PythonCmdWrapper(cmd string) string

func RegisterGadget added in v1.2.3

func RegisterGadget(f any, name string, verbose string, help string)

func RepClassName

func RepClassName(echoTmplClass []byte, oldN string, newN string) []byte

func RepCmd

func RepCmd(echoTmplClass []byte, zw string, cmd string) []byte

func ReplaceClassNameInJavaSerilizable

func ReplaceClassNameInJavaSerilizable(objSer yserx.JavaSerializable, old string, new string, times int) error

ReplaceClassNameInJavaSerilizable 这个 ClassName 指的是要探测的目标 jar 包里是否存在该 ClassName

func ReplaceStringInJavaSerilizable

func ReplaceStringInJavaSerilizable(objSer yserx.JavaSerializable, old string, new string, times int) error

func SetJavaObjectClass

func SetJavaObjectClass(object yserx.JavaSerializable, classObject *javaclassparser.ClassObject) error

func SetTemplateObjectClass

func SetTemplateObjectClass(object *yserx.JavaObject, classBytes []byte) error

func ToBcel

func ToBcel(i interface{}) (string, error)

func ToBytes

func ToBytes(i interface{}) ([]byte, error)

func ToJson

func ToJson(i interface{}) (string, error)

Types

type ClassConfig

type ClassConfig struct {
	Errors     []error
	ClassType  string
	ClassBytes []byte
	//ClassTemplate *javaclassparser.ClassObject
	//公共参数
	ClassName     string
	IsObfuscation bool
	IsConstruct   bool
	//exec参数
	Command      string
	MajorVersion uint16
	//dnslog参数
	Domain string
	//spring参数
	HeaderKey    string
	HeaderVal    string
	HeaderKeyAu  string
	HeaderValAu  string
	Param        string
	IsEchoBody   bool
	IsExecAction bool
	//Reverse参数
	Host      string
	Port      int
	Token     string
	SleepTime int
}

func NewClassConfig

func NewClassConfig(options ...GenClassOptionFun) *ClassConfig

func (*ClassConfig) AddError

func (cf *ClassConfig) AddError(err error)

func (*ClassConfig) ConfigCommonOptions

func (cf *ClassConfig) ConfigCommonOptions(obj *javaclassparser.ClassObject) error

func (*ClassConfig) GenerateClassObject

func (cf *ClassConfig) GenerateClassObject() (obj *javaclassparser.ClassObject, err error)

type ClassPayload

type ClassPayload struct {
	ClassName string
	Help      string
	Generator func(*ClassConfig) (*javaclassparser.ClassObject, error)
}

type GadgetFunc

type GadgetFunc func(cmd string) (yserx.JavaSerializable, error)

func GetEchoCommonsCollections2

func GetEchoCommonsCollections2() GadgetFunc

type GadgetInfo

type GadgetInfo struct {
	Name            string
	GeneratorName   string
	Generator       any
	NameVerbose     string
	Help            string
	YakFun          string
	SupportTemplate bool
}

func (*GadgetInfo) GetHelp

func (g *GadgetInfo) GetHelp() string

func (*GadgetInfo) GetName

func (g *GadgetInfo) GetName() string

func (*GadgetInfo) GetNameVerbose

func (g *GadgetInfo) GetNameVerbose() string

func (*GadgetInfo) IsSupportTemplate

func (g *GadgetInfo) IsSupportTemplate() bool

type GenClassOptionFun

type GenClassOptionFun func(config *ClassConfig)

func SetBytesEvilClass

func SetBytesEvilClass(data []byte) GenClassOptionFun

生成自定义Class

func SetClassBase64Bytes

func SetClassBase64Bytes(base64 string) GenClassOptionFun

func SetClassBytes

func SetClassBytes(data []byte) GenClassOptionFun

func SetClassDnslogTemplate

func SetClassDnslogTemplate() GenClassOptionFun

dnslog参数

func SetClassHeaderEchoTemplate added in v1.2.4

func SetClassHeaderEchoTemplate() GenClassOptionFun

HeaderEchoClass

func SetClassModifyTomcatMaxHeaderSizeTemplate

func SetClassModifyTomcatMaxHeaderSizeTemplate() GenClassOptionFun

ModifyTomcatMaxHeaderSize

func SetClassMultiEchoTemplate

func SetClassMultiEchoTemplate() GenClassOptionFun

MultiEcho

func SetClassName

func SetClassName(className string) GenClassOptionFun

公共参数

func SetClassProcessBuilderExecTemplate

func SetClassProcessBuilderExecTemplate() GenClassOptionFun

ProcessBuilderExec 参数

func SetClassProcessImplExecTemplate

func SetClassProcessImplExecTemplate() GenClassOptionFun

ProcessImplExec 参数

func SetClassRuntimeExecTemplate

func SetClassRuntimeExecTemplate() GenClassOptionFun

RuntimeExec 参数

func SetClassSleepTemplate added in v1.2.4

func SetClassSleepTemplate() GenClassOptionFun

SleepClass

func SetClassSpringEchoTemplate

func SetClassSpringEchoTemplate() GenClassOptionFun

spring参数

func SetClassTcpReverseShellTemplate

func SetClassTcpReverseShellTemplate() GenClassOptionFun

生成tcp反弹shell

func SetClassTcpReverseTemplate

func SetClassTcpReverseTemplate() GenClassOptionFun

生成tcp反连

func SetClassTomcatEchoTemplate

func SetClassTomcatEchoTemplate() GenClassOptionFun

Tomcat回显

func SetConstruct

func SetConstruct() GenClassOptionFun

func SetDnslog

func SetDnslog(addr string) GenClassOptionFun

func SetDnslogEvilClass

func SetDnslogEvilClass(addr string) GenClassOptionFun

func SetEchoBody

func SetEchoBody() GenClassOptionFun

func SetExecAction

func SetExecAction() GenClassOptionFun

func SetExecCommand

func SetExecCommand(cmd string) GenClassOptionFun

func SetHeader

func SetHeader(key string, val string) GenClassOptionFun

func SetHeaderEchoEvilClass added in v1.2.4

func SetHeaderEchoEvilClass() GenClassOptionFun

func SetMajorVersion added in v1.3.0

func SetMajorVersion(v uint16) GenClassOptionFun

func SetMultiEchoEvilClass

func SetMultiEchoEvilClass() GenClassOptionFun

func SetObfuscation

func SetObfuscation() GenClassOptionFun

func SetParam

func SetParam(val string) GenClassOptionFun

func SetProcessBuilderExecEvilClass

func SetProcessBuilderExecEvilClass(cmd string) GenClassOptionFun

func SetProcessImplExecEvilClass

func SetProcessImplExecEvilClass(cmd string) GenClassOptionFun

func SetRuntimeExecEvilClass

func SetRuntimeExecEvilClass(cmd string) GenClassOptionFun

func SetSleepEvilClass added in v1.2.4

func SetSleepEvilClass() GenClassOptionFun

func SetSleepTime added in v1.2.4

func SetSleepTime(time int) GenClassOptionFun

func SetTcpReverseEvilClass

func SetTcpReverseEvilClass(host string, port int) GenClassOptionFun

func SetTcpReverseHost

func SetTcpReverseHost(host string) GenClassOptionFun

func SetTcpReversePort

func SetTcpReversePort(port int) GenClassOptionFun

func SetTcpReverseShellEvilClass

func SetTcpReverseShellEvilClass(host string, port int) GenClassOptionFun

func SetTcpReverseToken

func SetTcpReverseToken(token string) GenClassOptionFun

func SetTomcatEchoEvilClass

func SetTomcatEchoEvilClass() GenClassOptionFun

type JavaObject

type JavaObject struct {
	yserx.JavaSerializable
	// contains filtered or unexported fields
}

func ConfigJavaObject

func ConfigJavaObject(templ []byte, name string, options ...GenClassOptionFun) (*JavaObject, error)

func GetBeanShell1JavaObject

func GetBeanShell1JavaObject(cmd string) (*JavaObject, error)

func GetClick1JavaObject

func GetClick1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsBeanutils183NOCCJavaObject

func GetCommonsBeanutils183NOCCJavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsBeanutils192NOCCJavaObject

func GetCommonsBeanutils192NOCCJavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsBeanutils1JavaObject

func GetCommonsBeanutils1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollections1JavaObject

func GetCommonsCollections1JavaObject(cmd string) (*JavaObject, error)

func GetCommonsCollections2JavaObject

func GetCommonsCollections2JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollections3JavaObject

func GetCommonsCollections3JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollections4JavaObject

func GetCommonsCollections4JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollections5JavaObject

func GetCommonsCollections5JavaObject(cmd string) (*JavaObject, error)

func GetCommonsCollections6JavaObject

func GetCommonsCollections6JavaObject(cmd string) (*JavaObject, error)

func GetCommonsCollections7JavaObject

func GetCommonsCollections7JavaObject(cmd string) (*JavaObject, error)

func GetCommonsCollections8JavaObject

func GetCommonsCollections8JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollectionsK1JavaObject

func GetCommonsCollectionsK1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollectionsK2JavaObject

func GetCommonsCollectionsK2JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetCommonsCollectionsK3JavaObject

func GetCommonsCollectionsK3JavaObject(cmd string) (*JavaObject, error)

func GetCommonsCollectionsK4JavaObject

func GetCommonsCollectionsK4JavaObject(cmd string) (*JavaObject, error)

func GetFindClassByBombJavaObject

func GetFindClassByBombJavaObject(className string) (*JavaObject, error)

GetFindClassByBombJavaObject 扫描目标存在指定的 className 时,将会耗部分服务器性能达到间接延时的目的

func GetFindGadgetByDNSJavaObject

func GetFindGadgetByDNSJavaObject(url string) (*JavaObject, error)

func GetGroovy1JavaObject

func GetGroovy1JavaObject(cmd string) (*JavaObject, error)

func GetJBossInterceptors1JavaObject

func GetJBossInterceptors1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetJSON1JavaObject

func GetJSON1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetJavaObjectFromBytes

func GetJavaObjectFromBytes(byt []byte) (*JavaObject, error)

func GetJavassistWeld1JavaObject

func GetJavassistWeld1JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetJdk7u21JavaObject

func GetJdk7u21JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetJdk8u20JavaObject

func GetJdk8u20JavaObject(options ...GenClassOptionFun) (*JavaObject, error)

func GetSimplePrincipalCollectionJavaObject

func GetSimplePrincipalCollectionJavaObject() (*JavaObject, error)

func GetURLDNSJavaObject

func GetURLDNSJavaObject(url string) (*JavaObject, error)

func (*JavaObject) Verbose

func (a *JavaObject) Verbose() *GadgetInfo

type JavaStruct

type JavaStruct struct {
	Name        string
	Value       interface{}
	IsBytes     bool
	ClassName   string
	Type        byte
	TypeVerbose string
	Fields      []*JavaStruct
	BlockData   []*JavaStruct
}

func WalkJavaSerializableObject

func WalkJavaSerializableObject(objSer yserx.JavaSerializable, handle WalkJavaSerializableObjectHandle) *JavaStruct

type RuntimeExecGadget

type RuntimeExecGadget func(cmd string) (*JavaObject, error)

func GetAllRuntimeExecGadget

func GetAllRuntimeExecGadget() []RuntimeExecGadget

type Temper

type Temper func(cmd string) string

type TemplatesGadget

type TemplatesGadget func(options ...GenClassOptionFun) (*JavaObject, error)

func GetAllTemplatesGadget

func GetAllTemplatesGadget() []TemplatesGadget

type WalkJavaSerializableObjectHandle

type WalkJavaSerializableObjectHandle func(desc *yserx.JavaClassDesc, objSer yserx.JavaSerializable)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL