关联漏洞
描述
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228
介绍
# evil-rmi-server
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228 in a local privesc scenario
## Build
`./gradlew bootJar`
## Run
```
Usage: java -jar build/libs/evilRMIServer-1.0-SNAPSHOT.jar [-hV] [-p=<port>]
<cmd>
An evil RMI Server to help construct and run an arbitrary command.
<cmd> The Command to run. Wrap in quotes if there are spaces.
-h, --help Show this help message and exit.
-p, --port=<port> The port to listen on
-V, --version Print version information and exit.
```
文件快照
[4.0K] /data/pocs/492908524b61a889717d8f65beceea7c047b8697
├── [ 594] build.gradle
├── [ 330] Dockerfile
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 58K] gradle-wrapper.jar
│ └── [ 200] gradle-wrapper.properties
├── [5.6K] gradlew
├── [2.6K] gradlew.bat
├── [ 578] README.md
├── [ 36] settings.gradle
└── [4.0K] src
└── [4.0K] main
└── [4.0K] java
└── [4.0K] thm
└── [4.0K] log4shell
└── [2.1K] EvilRMIServerNew.java
7 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。