https://github.com/hxsecurity/kafka-demo
https://github.com/hxsecurity/kafka-demo
Last synced: 11 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/hxsecurity/kafka-demo
- Owner: HXSecurity
- Created: 2022-05-10T02:52:12.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2022-05-17T10:06:35.000Z (about 4 years ago)
- Last Synced: 2025-02-26T00:47:23.762Z (over 1 year ago)
- Language: Java
- Size: 40 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# kafka demo
## 探针下载
到洞态网站 Add Agent 页面下载以下两个 agent 放到根目录下:
1. 选择 go, 下载 `dongtai-go-agent-config.yaml`
2. 选择 java, 下载 `dongtai-agent.jar`
## 启动
```
docker-compose up -d
```
## 漏洞触发
命令执行
Java 生产者 -> Java 消费者
* `Runtime.exec()`: http://localhost:8810/kafka/publish?message=whoami
* `ProcessBuilder.start()`: http://localhost:8810/kafka/publish?message=whoami&topic=addUserV3
Go 生产者 -> Java 消费者
* `Runtime.exec()`: http://localhost:8811/kafka/publish?message=whoami
* `ProcessBuilder.start()`: http://localhost:8811/kafka/publish?message=whoami&topic=addUserV3
Web 页面
http://127.0.0.1:8811/kafka
> 如果非本机访问靶场: 项目根目录执行 `sed -i "s#127.0.0.1#服务实际地址#g" golang/index.html`