Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lalajun/RMIDeserialize
RMI 反序列化环境 一步步
https://github.com/lalajun/RMIDeserialize
Last synced: 21 days ago
JSON representation
RMI 反序列化环境 一步步
- Host: GitHub
- URL: https://github.com/lalajun/RMIDeserialize
- Owner: lalajun
- Created: 2020-06-21T15:13:52.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-08-31T07:52:14.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:26:54.417Z (4 months ago)
- Language: Java
- Homepage:
- Size: 564 KB
- Stars: 212
- Watchers: 3
- Forks: 23
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - lalajun/RMIDeserialize - RMI 反序列化环境 一步步 (Java)
README
# RMIDeserialize
RMI反序列化学习环境,细节请参考博客[RMI-反序列化-深入-上](https://lalajun.github.io/2020/06/22/RMI%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E6%B7%B1%E5%85%A5-%E4%B8%8A/)、[RMI-反序列化-深入-下](https://lalajun.github.io/2020/06/22/RMI%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E6%B7%B1%E5%85%A5-%E4%B8%8B/)`java -cp RMIDeserialize.jar com.lala.ServerAndRegister` :起一个包含CC链可以被攻击的RMI服务
`java -jar RMI-Bypass290.jar <攻击目标IP> <攻击目标端口> <本地JRMP服务IP> <本地JRMP服务端口>`:攻击目标8u231版本以下的RMI服务。
其他功能可以从源码运行。
![总结图.png](http://ww1.sinaimg.cn/large/006iKNp3ly1gg378mdwp2j31ut18015j.jpg)