Fastjson-ForwardShell

Breaking fastjson with forward shell

Original repository from: IppSec's Forward-shell

Table of content

• Overview
• Usage
• Screenshots
• References

Overview

• fastjson-BypassLB.py

  LB means load balancing, some website has fastjson RCE vulnerability which is handling by Nginx load balancing, also with internet inaccessible (freaking annoy).

  (I used it when I joining chinese cyber storm.)

• fastjson-NoLB.py

  Means no bypass load balancing function in this script.

Usage

• Upgrade (spawn forward TTY shell)
• Upload (only fastjson-BypassLB.py has this function)

Screenshots

• fastjson-BypassLB.py

  Upload file under internet inaccessible

  

References

• https://github.com/IppSec/forward-shell