内存马注入不生效 #25

sevck · 2024-07-29T10:44:56Z

目标：spring-boot，内置tomcat8
生产方式：jar包
测试工具：冰鞋、哥斯拉
中间件：spring MVC 、Tomcat
组件类型：Listenter
注入方式：本地jar -jar toos.jar pid

root@36e5248b2ca4 webapps]# java -jar demo.jar
[*] Found pid 839 ——> [user--1.6.jar]
[*] Found pid 889 ——> [demo.jar]
[root@36e5248b2ca4 webapps]# java -jar demo.jar 839
[*] Current agent path: /home/webapps/demo.jar
[*] Attaching to target JVM with PID: 839
[+] Attached to target JVM and loaded agent successfully
[root@36e5248b2ca4 webapps]# java -jar demo.jar 839
[*] Current agent path: /home/webapps/demo.jar
[*] Attaching to target JVM with PID: 839
[+] Attached to target JVM and loaded agent successfully
[root@36e5248b2ca4 webapps]#

提示注入成功，
按照对应路径和请求头访问，然后再用哥斯拉和冰鞋都无法访问

The text was updated successfully, but these errors were encountered:

pen4uin · 2024-07-29T12:51:49Z

有携带 magic 参数触发内存马注入吗？

sevck · 2024-07-30T02:26:45Z

试了，感觉没触发，按照文档：https://github.com/pen4uin/java-memshell-generator/tree/main/jmg-docs/1.0.8
1、生成：

2.服务端启动spring项目
3.进行注入：提示成功：

4.触发内存注入：

5.根据生成配置

6.访问:

7.对应服务端日志：

sevck · 2024-07-30T02:29:00Z

和启动方式有关吗？ java -jar user-xxx.jar 项目是spring cloud,服务是spring boot启动的

pen4uin · 2024-07-30T07:24:39Z

user-xxx.jar 是本地起来测试的？如果初始环境，需要访问一下，因为存在懒加载问题，attach 时可能找不到对应的类。

sevck · 2024-08-01T07:15:50Z

刚刚试了下，
1、user-xxx.jar是本地起的，启动方式为java -jar user-xxx.jar (spring cloud 项目，spring-boot工程)
2、访问服务的接口
3、agent本地注入，注入方式

[root@36e5248b2ca4 webapps]# java -jar demo.jar
[*] Found pid 445 ——> [demo.jar]
[*] Found pid 397 ——> [user-xxx.jar]
[root@36e5248b2ca4 webapps]# java -jar demo.jar 397
[*] Current agent path: /home/webapps/demo.jar
[*] Attaching to target JVM with PID: 397
[+] Attached to target JVM and loaded agent successfully
[root@36e5248b2ca4 webapps]# java -jar demo.jar 397
[*] Current agent path: /home/webapps/demo.jar
[*] Attaching to target JVM with PID: 397
[+] Attached to target JVM and loaded agent successfully
[root@36e5248b2ca4 webapps]# java -jar demo.jar 397
[*] Current agent path: /home/webapps/demo.jar
[*] Attaching to target JVM with PID: 397
[+] Attached to target JVM and loaded agent successfully

4、访问magic
5、访问冰蝎shell，还是404..
不知道是不是我的姿势问题

sevck · 2024-08-01T07:17:31Z

抱歉，之前tomcat版本有误
08/01-07:09:32 INFO org.apache.catalina.core.StandardService- Starting service [Tomcat]
08/01-07:09:32 INFO org.apache.catalina.core.StandardEngine- Starting Servlet Engine: Apache Tomcat/9.0.12
会不会tomcat版本比较高的原因？

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

内存马注入不生效 #25

内存马注入不生效 #25

sevck commented Jul 29, 2024

pen4uin commented Jul 29, 2024

sevck commented Jul 30, 2024

sevck commented Jul 30, 2024

pen4uin commented Jul 30, 2024 •

edited

Loading

sevck commented Aug 1, 2024

sevck commented Aug 1, 2024

内存马注入不生效 #25

内存马注入不生效 #25

Comments

sevck commented Jul 29, 2024

pen4uin commented Jul 29, 2024

sevck commented Jul 30, 2024

sevck commented Jul 30, 2024

pen4uin commented Jul 30, 2024 • edited Loading

sevck commented Aug 1, 2024

sevck commented Aug 1, 2024

pen4uin commented Jul 30, 2024 •

edited

Loading