Skip to content

Commit 9acb31b

Browse files
ReaJasonReaJason
committed
docs: add memshell-core-config mdx
1 parent 2e9da55 commit 9acb31b

File tree

9 files changed

+467
-189
lines changed

9 files changed

+467
-189
lines changed

web/bun.lock

Lines changed: 30 additions & 30 deletions
Large diffs are not rendered by default.

web/content/docs/compatibility.mdx

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
---
2+
title: 适配情况
3+
icon: Album
4+
---
5+
6+
7+
已兼容 Java6 ~ Java8、Java9、Java11、Java17、Java21
8+
9+
### 中间件以及框架
10+
11+
| Tomcat(5 ~ 11) | Jetty(6 ~ 12) | GlassFish(3 ~ 7) | Payara(5 ~ 6) |
12+
|----------------------|------------------------|----------------------|----------------------|
13+
| Servlet | Servlet | Filter | Filter |
14+
| Filter | Filter | Listener | Listener |
15+
| Listener | Listener | Valve | Valve |
16+
| Valve | Handler | FilterChain - Agent | FilterChain - Agent |
17+
| ProxyValve | Customizer | ContextValve - Agent | ContextValve - Agent |
18+
| FilterChain - Agent | ServletHandler - Agent | | |
19+
| ContextValve - Agent | | | |
20+
| Upgrade | | | |
21+
22+
| Resin(3 ~ 4) | SpringMVC | SpringWebFlux | XXL-JOB |
23+
|---------------------|--------------------------|-----------------|--------------|
24+
| Servlet | Interceptor | WebFilter | NettyHandler |
25+
| Filter | ControllerHandler | HandlerMethod | |
26+
| Listener | FrameworkServlet - Agent | HandlerFunction | |
27+
| FilterChain - Agent | | NettyHandler | |
28+
29+
| JBossAS(4 ~ 7) | JBossEAP(6 ~ 8) | WildFly(9 ~ 30) | Undertow |
30+
|----------------------|----------------------------|------------------------|------------------------|
31+
| Filter | Filter | Servlet | Servlet |
32+
| Listener | Listener | Filter | Filter |
33+
| Valve | Valve(6) | Listener | Listener |
34+
| ProxyValve | FilterChain - Agent (6) | ServletHandler - Agent | ServletHandler - Agent|
35+
| FilterChain - Agent | ContextValve - Agent (6) | | |
36+
| ContextValve - Agent | ServletHandler - Agent (7) | | |
37+
38+
| WebSphere(7 ~ 9) | WebLogic (10.3.6 ~ 14) |
39+
|-----------------------|-------------------------|
40+
| Servlet | Servlet |
41+
| Filter | Filter |
42+
| Listener | Listener |
43+
| FilterManager - Agent | ServletContext - Agent |
44+
45+
| BES(9.5.x) | TongWeb(6 ~ 8) | InforSuite AS (9 ~ 10) |
46+
|----------------------|----------------------|------------------------|
47+
| Filter | Filter | Filter |
48+
| Listener | Listener | Listener |
49+
| Valve | Valve | Valve |
50+
| FilterChain - Agent | FilterChain - Agent | FilterChain - Agent |
51+
| ContextValve - Agent | ContextValve - Agent | ContextValve - Agent |
52+
53+
| Apusic AS (9 ~ 10) | Primeton(6.5) |
54+
|---------------------|----------------------|
55+
| Servlet | Filter |
56+
| Filter | Listener |
57+
| Listener | Valve |
58+
| FilterChain - Agent | FilterChain - Agent |
59+
| | ContextValve - Agent |
60+
61+
### 内存马功能
62+
63+
- [x] [Godzilla 哥斯拉](https://github.com/BeichenDream/Godzilla)
64+
- [x] [Behinder 冰蝎](https://github.com/rebeyond/Behinder)
65+
- [x] 命令执行
66+
- [x] [Suo5](./suo5)
67+
- [x] [AntSword 蚁剑](https://github.com/AntSwordProject/antSword)
68+
- [x] [Neo-reGeorg](https://github.com/L-codes/Neo-reGeorg)
69+
- [x] Custom
70+
71+
### 打包方式
72+
73+
- [x] BASE64
74+
- [x] GZIP BASE64
75+
- [x] JSP
76+
- [x] JSPX
77+
- [x] JAR、ScriptEngineJar、GroovyTransformJar
78+
- [x] BCEL
79+
- [x] 内置脚本引擎、Rhino 脚本引擎
80+
- [x] EL、SpEL、OGNL、Aviator、MVEL、JEXL、Groovy、JXPath、BeanShell
81+
- [x] Velocity、Freemarker、JinJava
82+
- [x] 原生反序列化(CB 和 CC 链)
83+
- [x] Agent
84+
- [x] XXL-JOB Executor
85+
- [x] Hessian、Hessian2 反序列化(XSLT 链)
86+
- [x] H2
87+
- [ ] JNDI
88+
- [ ] 其他常见反序列化

web/content/docs/custom-memshell.mdx

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -28,29 +28,32 @@ inject(context, shell);
2828

2929
| 挂载类型 | 参考实现 |
3030
|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
31-
| Servlet/JakartaServlet | [GodzillaServlet](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaServlet.java) |
32-
| Filter/JakartaFilter | [GodzillaFilter](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaFilter.java) |
33-
| Listener/JakartaListener | [GodzillaListener](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaListener.java) |
34-
| Valve/JakartaValve | [GodzillaValve](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaValve.java) |
35-
| ProxyValve/JakartaProxyValve | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
36-
| WebSocket/JakartaWebSocket | [GodzillaWebSocket](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaWebSocket.java) |
37-
| (SpringWebMVC)Interceptor/JakartaInterceptor | [GodzillaInterceptor](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaInterceptor.java) |
38-
| (SpringWebMVC)ControllerHandler/JakartaControllerHandler | [GodzillaControllerHandler](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaControllerHandler.java) |
39-
| (SpringWebFlux)WebFilter | [GodzillaWebFilter](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaWebFilter.java) |
40-
| (SpringWebFlux)HandlerMethod | [GodzillaHandlerMethod](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaHandlerMethod.java) |
41-
| (SpringWebFlux)HandlerFunction | [GodzillaHandlerFunction](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaHandlerFunction.java) |
42-
| NettyHandler | [GodzillaNettyHandler](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaNettyHandler.java) |
43-
| AgentFilterChain/AgentContextValve | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
44-
| (SpringWebMVC)AgentFrameworkServlet | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
45-
| (Jetty)AgentHandler | [GodzillaJettyHandler](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaJettyHandler.java) |
46-
| (WAS)AgentFilterManager | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
47-
| (WebLogic)AgentServletContext | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
48-
| (Undertow)AgentServletHandler | [GodzillaUndertowServletHandler](https://github.com/ReaJason/MemShellParty/blob/master/memshell/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaUndertowServletHandler.java) |
49-
31+
| Servlet/JakartaServlet | [GodzillaServlet](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaServlet.java) |
32+
| Filter/JakartaFilter | [GodzillaFilter](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaFilter.java) |
33+
| Listener/JakartaListener | [GodzillaListener](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaListener.java) |
34+
| Valve/JakartaValve | [GodzillaValve](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaValve.java) |
35+
| ProxyValve/JakartaProxyValve | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
36+
| WebSocket/JakartaWebSocket | [GodzillaWebSocket](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaWebSocket.java) |
37+
| (SpringWebMVC)Interceptor/JakartaInterceptor | [GodzillaInterceptor](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaInterceptor.java) |
38+
| (SpringWebMVC)ControllerHandler/JakartaControllerHandler | [GodzillaControllerHandler](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaControllerHandler.java) |
39+
| (SpringWebFlux)WebFilter | [GodzillaWebFilter](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaWebFilter.java) |
40+
| (SpringWebFlux)HandlerMethod | [GodzillaHandlerMethod](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaHandlerMethod.java) |
41+
| (SpringWebFlux)HandlerFunction | [GodzillaHandlerFunction](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaHandlerFunction.java) |
42+
| NettyHandler | [GodzillaNettyHandler](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaNettyHandler.java) |
43+
| AgentFilterChain/AgentContextValve | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
44+
| (SpringWebMVC)AgentFrameworkServlet | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
45+
| (Jetty)AgentHandler | [GodzillaJettyHandler](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaJettyAgentHandler.java) |
46+
| (WAS)AgentFilterManager | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
47+
| (WebLogic)AgentServletContext | [Godzilla](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/Godzilla.java) |
48+
| (Undertow)AgentServletHandler | [GodzillaUndertowServletHandler](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaUndertowServletHandler.java) |
49+
| (Jetty)Handler | [GodzillaJettyHandler](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaJettyHandler.java) |
50+
| (Jetty)Customizer | [GodzillaJettyCustomizer](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaJettyCustomizer.java) |
51+
| (Struct2)Action | [GodzillaStruct2Action](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/godzilla/GodzillaStruct2Action.java) |
52+
| (Tomcat)Upgrade | [CommandUpgrade](https://github.com/ReaJason/MemShellParty/blob/master/generator/src/main/java/com/reajason/javaweb/memshell/shelltool/command/CommandUpgrade.java) |
5053
### 参考步骤
5154

5255
1. 执行 `git clone https://github.com/ReaJason/MemShellParty.git` 下载当前项目到本地
5356
2. 在 memshell/src/main/java/com/reajason/javaweb/memshell/shelltool 创建 custom 目录进行自定义内存马的编写
54-
3. 执行 `./gradlew :memshell:compileJava``.\gradlew.bat :memshell:compileJava`
55-
4.memshell/build/classes/java/main/com/reajason/javaweb/memshell/shelltool/custom 下可以找到编译好的类文件
57+
3. 执行 `./gradlew :generator:compileJava``.\gradlew.bat :generator:compileJava`
58+
4.generator/build/classes/java/main/com/reajason/javaweb/memshell/shelltool/custom 下可以找到编译好的类文件
5659
5. 在生成界面,选择目标服务 - Custom - 挂载类型,上传 class 文件,选择打包方式并生成

0 commit comments

Comments
 (0)