{"id":13843091,"url":"https://github.com/SummerSec/AgentInjectTool","last_synced_at":"2025-07-11T17:33:24.370Z","repository":{"id":41481877,"uuid":"467521084","full_name":"SummerSec/AgentInjectTool","owner":"SummerSec","description":"改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能","archived":false,"fork":false,"pushed_at":"2023-11-28T06:53:07.000Z","size":995,"stargazers_count":275,"open_issues_count":0,"forks_count":35,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-20T17:15:34.461Z","etag":null,"topics":["agent","inject","key","shiro","shiro-vul","shirokey","tool"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SummerSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-08T13:22:19.000Z","updated_at":"2024-11-20T03:28:21.000Z","dependencies_parsed_at":"2022-08-10T02:21:15.504Z","dependency_job_id":null,"html_url":"https://github.com/SummerSec/AgentInjectTool","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":"SummerSec/template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FAgentInjectTool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FAgentInjectTool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FAgentInjectTool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SummerSec%2FAgentInjectTool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SummerSec","download_url":"https://codeload.github.com/SummerSec/AgentInjectTool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225745432,"owners_count":17517643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","inject","key","shiro","shiro-vul","shirokey","tool"],"created_at":"2024-08-04T17:01:55.018Z","updated_at":"2024-11-21T14:30:42.305Z","avatar_url":"https://github.com/SummerSec.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"\u003ch1 align=\"center\" \u003eAgentInjectTool\u003c/h1\u003e\n\u003ch3 align=\"center\" \u003e使用Agent技术，集成实战中所需要的小功能。\u003c/h3\u003e\n \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/SummerSec/AgentInjectTool\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/AgentInjectTool\"\u003e\u003cimg alt=\"AgentInjectTool\" src=\"https://img.shields.io/badge/AgentInjectTool-green\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/SummerSec/AgentInjectTool\"\u003e\u003cimg alt=\"Forks\" src=\"https://img.shields.io/github/forks/SummerSec/AgentInjectTool\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec/AgentInjectTool\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/SummerSec/AgentInjectTool.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/SummerSec/AgentInjectTool\"\u003e\u003cimg alt=\"Stars\" src=\"https://img.shields.io/github/stars/SummerSec/AgentInjectTool.svg?style=social\u0026label=Stars\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Follower\" src=\"https://img.shields.io/github/followers/SummerSec.svg?style=social\u0026label=Follow\"\u003e\u003c/a\u003e\n     \u003ca href=\"https://github.com/SummerSec\"\u003e\u003cimg alt=\"Visitor\" src=\"https://visitor-badge.laobi.icu/badge?page_id=SummerSec.AgentInjectTool\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://twitter.com/SecSummers\"\u003e\u003cimg alt=\"SecSummers\" src=\"https://img.shields.io/twitter/follow/SecSummers.svg\"\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003ca xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://visitor-badge.laobi.icu\"\u003e\u003crect fill=\"rgba(0,0,0,0)\" height=\"20\" width=\"17.0\" x=\"49.6\"/\u003e\u003c/a\u003e\n\t\u003c/p\u003e\n\n\n\n## 📝 TODO\n\n* [x] 添加 Tomcat 的 ApplicationFilterChain 内存马，兼容所有的 Tomcat 版本\n\n\n\n---\n\n## :tada: 更新日志\n\n\n\n 2022/11/04 添加 Tomcat 的 ApplicationFilterChain 内存马，兼容所有的 Tomcat 版本\n\n使用方法：\n\n```shell\njava -jar AgentInjectTool.jar inject pid /helloshell /helloshell 为内存马连接路径\n```\n\n![image-20221104112011103](https://img.sumsec.me/202211/202211041120533.png)\n\n\n\n---\n## 🐉 来龙去脉\n\n\n\n在红队行动中经常会遇到拿到Webshell后找不到数据库密码存放位置或者是数据库密码被加密的情况(需要逆向代码查找解密逻辑)。\n\n为什么要获取shiro的key？\n\n1. 可以方便我们快速的实现内网横向，毕竟shiro这个漏洞利用已经非常非常成熟了。\n2. 可以将这个key加入我们key字典中，方便之后的项目中测试。\n3. 如果我们修改key，但我们一失手忘记掉了key，也还要补救的措施。\n4. 如果点掉了，可以通过shiro这个入口快速重新切进去。\n\n修改key使用Agent技术，能够达到通用且方便的目的。\n\n参考博客文章：[Shiro后渗透拓展面](https://tttang.com/archive/1472/)\n\n\n\n---\n## ⚡下载安装\n\n* [https://github.com/SummerSec/AgentInjectTool/releases](https://github.com/SummerSec/AgentInjectTool/releases)\n\n\n\n---\n## 🎬 使用方法\n\n本地环境测试DEMO（建议使用JDK8以下启动）\n\n1. 首先可以确定环境的key是默认的，并且是可以执行命令的。\n\n![image-20220308224448662](https://img.sumsec.me/48u4448ec48u4448ec.png)\n\n![image-20220308224621598](https://img.sumsec.me/21u4621ec21u4621ec.png)\n\n2. 执行命令`java -jar AgentInjectTool.jar list`，获取环境启动的pid。\n\n![image-20220308224738899](https://img.sumsec.me/39u4739ec39u4739ec.png)\n\n3. 执行命令`java -jar AgentInjectTool.jar inject {pid} {file.txt|shirokey}`\n\n\u003e java -jar AgentInjectTool.jar inject 96864 G:/temp/temp.txt\n\u003e\n\u003e // 注意一定得使用反斜杠\u003cfont color=red\u003e/\u003c/font\u003e \n\n![image-20220308225003956](https://img.sumsec.me/14u5014ec14u5014ec.png)\n\n\u003e 触发获取key操作，需要我们手动发送请求登录请求，无论正确与否均可。比例说使用工具的**检测当前密钥**功能\n\n![image-20220308232335062](https://img.sumsec.me/35u2335ec35u2335ec.png)\n\n\u003e java -jar AgentInjectTool.jar inject  96864  ES2ZK5q7qgNrkigR4EmGNg==\n\n![image-20220308232433218](https://img.sumsec.me/33u2433ec33u2433ec.png)\n\n![image-20220308232505324](https://img.sumsec.me/5u255ec5u255ec.png)\n\n\u003e 使用获取key功能\n\n![image-20220308232609815](https://img.sumsec.me/9u269ec9u269ec.png)\n\n\n\n\n\n\n## 🅱️ 免责声明\n\n该工具仅用于安全自查检测\n\n由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。\n\n本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许，不得善自使用本工具进行任何攻击活动，不得以任何方式将其用于商业目的。\n\n该工具只授权于企业内部进行问题排查，请勿用于非法用途，请遵守网络安全法，否则后果作者概不负责\n\n----\n\n![as](https://starchart.cc/SummerSec/AgentInjectTool.svg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FAgentInjectTool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSummerSec%2FAgentInjectTool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSummerSec%2FAgentInjectTool/lists"}