{"id":19520090,"url":"https://github.com/hackjava/shiro","last_synced_at":"2025-02-26T00:22:46.756Z","repository":{"id":56396070,"uuid":"286623647","full_name":"HackJava/Shiro","owner":"HackJava","description":"《Shiro漏洞研究》","archived":false,"fork":false,"pushed_at":"2022-12-25T14:23:25.000Z","size":4040,"stargazers_count":52,"open_issues_count":0,"forks_count":15,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-08T13:33:33.754Z","etag":null,"topics":["0e0w","hackjava","hackshiro","shiro"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HackJava.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-11T02:15:15.000Z","updated_at":"2024-11-25T03:46:07.000Z","dependencies_parsed_at":"2023-01-30T22:16:05.735Z","dependency_job_id":null,"html_url":"https://github.com/HackJava/Shiro","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackJava%2FShiro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackJava%2FShiro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackJava%2FShiro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackJava%2FShiro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HackJava","download_url":"https://codeload.github.com/HackJava/Shiro/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240768099,"owners_count":19854387,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0e0w","hackjava","hackshiro","shiro"],"created_at":"2024-11-11T00:23:46.252Z","updated_at":"2025-02-26T00:22:46.685Z","avatar_url":"https://github.com/HackJava.png","language":null,"readme":"# HackShiro\n\n本项目创建于2020年8月11日。记录自己在学习Shiro漏洞过程中遇到的一些知识。本项目会持续更新，最近的一次更新时间为2022年5月15日。作者：[0e0w](https://github.com/0e0w)\n\n- [01-Shiro基础知识]()\n- [02-Shiro框架识别]()\n- [03-Shiro漏洞汇总]()\n- [04-Shiro漏洞检测]()\n- [05-Shiro漏洞利用]()\n- [06-Shiro靶场环境]()\n\n## 01-Shiro基础知识\n- https://github.com/apache/shiro\n- http://greycode.github.io/shiro/doc/reference.html\n\n## 02-Shiro框架识别\n\n- 请求包的cookie中存在rememberMe字段。\n- 响应包中存在rememberMe=deleteMe字段。\n- 请求包中存在rememberMe=x时，响应包中存在rememberMe=deleteMe。\n- 检测工具：Banli.exe is shiro\n\n## 03-Shiro漏洞汇总\n\n- CVE-2020-17523\n- CVE-2020-17510\n- CVE-2020-13933\n- CVE-2020-11989#Apache Shiro身份验证绕过漏洞\n- CVE-2016-6802#Shiro Padding Oracle Attack\n- CVE-2016-4437#Shiro rememberMe反序列化漏洞\n\n## 04-Shiro漏洞检测\n\n- KEYS\n- GCM\n- Gadget\n  - CommonsBeanutils1\n  - CommonsBeanutils1_192\n  - CommonsBeanutilsAttrCompare\n  - CommonsBeanutilsAttrCompare_192\n  - CommonsBeanutilsObjectToStringComparator\n  - CommonsBeanutilsObjectToStringComparator_192\n  - CommonsBeanutilsPropertySource\n  - CommonsBeanutilsPropertySource_192\n  - CommonsBeanutilsString\n  - CommonsBeanutilsString_192\n  - CommonsCollections2\n  - CommonsCollections3\n  - CommonsCollectionsK1\n  - CommonsCollectionsK2\n  - CommonsBeanutils1\n  - CommonsBeanutils1_192\n  - CommonsBeanutilsAttrCompare\n  - CommonsBeanutilsAttrCompare_192\n  - CommonsBeanutilsObjectToStringComparator\n  - CommonsBeanutilsObjectToStringComparator_192\n  - CommonsBeanutilsPropertySource\n  - CommonsBeanutilsPropertySource_192\n  - CommonsBeanutilsString\n  - CommonsBeanutilsString_192\n  - CommonsCollections2\n  - CommonsCollections3\n  - CommonsCollectionsK1\n  - CommonsCollectionsK2\n  - [ ] 测试:CommonsBeanutils1_192  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutils1_192  回显方式: SpringEcho\n    [x] 测试:CommonsCollections2  回显方式: TomcatEcho\n    [x] 测试:CommonsCollections2  回显方式: SpringEcho\n    [x] 测试:CommonsCollections3  回显方式: TomcatEcho\n    [x] 测试:CommonsCollections3  回显方式: SpringEcho\n    [x] 测试:CommonsCollectionsK1  回显方式: TomcatEcho\n    [x] 测试:CommonsCollectionsK1  回显方式: SpringEcho\n    [x] 测试:CommonsCollectionsK2  回显方式: TomcatEcho\n    [x] 测试:CommonsCollectionsK2  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsString  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsString  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsString_192  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsString_192  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsAttrCompare  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsAttrCompare  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsAttrCompare_192  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsAttrCompare_192  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsPropertySource  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsPropertySource  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsPropertySource_192  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsPropertySource_192  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsObjectToStringComparator  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsObjectToStringComparator  回显方式: SpringEcho\n    [x] 测试:CommonsBeanutilsObjectToStringComparator_192  回显方式: TomcatEcho\n    [x] 测试:CommonsBeanutilsObjectToStringComparator_192  回显方式: SpringEcho\n- 回显\n  - LinuxEcho\n  - SpringEcho1\n  - SpringEcho2\n  - TomcatEcho\n  - TomcatEcho2\n  - JBossEcho\n  - WeblogicEcho\n  - ResinEcho\n  - JettyEcho\n  - AutoFindRequestEcho\n  - WriteFileEcho\n- 可以出网\n- 不可出网\n\n## 05-Shiro漏洞利用\n\n本项目注重漏洞利用效果。详细的漏洞分析请参考本站的关于Shiro分析的文章。Shiro命令回显最早是Xray高级版的利用方式。此后安全研究人员根据Xray的相关思路编写出了可直接回显的漏洞利用程序。\n\n- https://github.com/sv3nbeast/ShiroScan\n- https://github.com/insightglacier/Shiro_exploit\n- https://github.com/3ndz/Shiro-721\n- https://github.com/jas502n/SHIRO-550\n- https://github.com/jas502n/SHIRO-721\n- https://github.com/insightglacier/Shiro_exploit\n- https://github.com/acgbfull/Apache_Shiro_1.2.4_RCE\n- https://github.com/sunird/shiro_exp\n- https://github.com/teamssix/shiro-check-rce\n- https://github.com/wyzxxz/shiro_rce\n- https://github.com/bkfish/Awesome_shiro\n- https://github.com/zhzyker/shiro-1.2.4-rce\n- https://github.com/pmiaowu/BurpShiroPassiveScan\n- https://github.com/feihong-cs/ShiroExploit\n- https://github.com/potats0/shiroPoc\n- https://github.com/tangxiaofeng7/Shiroexploit\n- https://github.com/fupinglee/ShiroScan\n- https://github.com/Ares-X/shiro-exploit\n- https://github.com/j1anFen/shiro_attack\n- https://github.com/Veraxy01/Shiro-EXP\n- https://github.com/admintony/shiro_rememberMe_Rce\n- https://github.com/j1anFen/ysoserial_echo\n- https://github.com/Veraxy00/Shiro-EXP\n- https://github.com/mmioimm/shiro_echo\n- https://github.com/dr0op/shiro-550-with-NoCC\n- https://github.com/M4da0/ShiroExploit\n- https://github.com/inspiringz/Shiro-721\n- https://github.com/KpLi0rn/ShiroTool\n- https://github.com/KpLi0rn/ShiroExploit\n- https://github.com/safe6Sec/ShiroExp\n- https://github.com/longofo/PaddingOracleAttack-Shiro-721\n- https://github.com/myzxcg/ShiroKeyCheck\n- https://github.com/emo-cat/shiro_exploit\n\n## 06-Shiro靶场环境\n\n- https://vulhub.org\n- https://fofapro.github.io/vulfocus\n\n## 07-Shiro参考资源\n\n- https://paper.seebug.org/1290\n- https://koalr.me/post/shiro-lou-dong-jian-ce","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackjava%2Fshiro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackjava%2Fshiro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackjava%2Fshiro/lists"}