命令执行

代码命令执行

JAVA代码类

Runtime.getRuntime().exec

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

public class Runtime1 {

       public static void main(String[] args) {
            try {
                Process p = Runtime.getRuntime().exec("whoami");
                InputStream input = p.getInputStream();
                InputStreamReader ins = new InputStreamReader(input, "utf-8");
                //InputStreamReader 字节流到字符流,并指定编码格式
                BufferedReader br = new BufferedReader(ins);
                //BufferedReader 从字符流读取文件并缓存字符
                String line;
                line = br.readLine();
                System.out.println(line);
                br.close();
                ins.close();
                input.close();          
                
            } catch (IOException e) {
                e.printStackTrace();
            }
        }

}

ProcessBuilder()类

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

public class ProcessBuilder1 {

    public static void main(String[] args) {
        try {
            String[] cmds = new String[]{"/bin/bash","-c","whoami"};
            ProcessBuilder builder = new ProcessBuilder(cmds);
            Process process = builder.start();
            InputStream in = process.getInputStream();
            //获取输入流
            InputStreamReader ins = new InputStreamReader(in, "utf-8");
            // 字节流转化为字符流,并指定编码格式
            char[] chs = new char[1024];
            int len = ins.read(chs);
            System.out.println(new String(chs,0,len));
            ins.close();
            in.close();

        } catch (IOException e) {
            e.printStackTrace();
        }

    }

}

反射调用java.lang.ProcessImpl类

import java.io.ByteArrayOutputStream;
import java.lang.ProcessBuilder.Redirect;
import java.lang.reflect.Method;
import java.util.Map;

@SuppressWarnings("unchecked")
public class ProcessImpl1{
    public static void main(String[] args) throws Exception {
        String[] cmds = new String[]{"whoami"};
        Class clazz = Class.forName("java.lang.ProcessImpl");
        Method method = clazz.getDeclaredMethod("start", String[].class, Map.class, String.class, Redirect[].class, boolean.class);
        method.setAccessible(true);
        Process e = (Process) method.invoke(null, cmds, null, ".", null, true);
        byte[] bs = new byte[2048];
        int readSize = 0;
        ByteArrayOutputStream infoStream = new ByteArrayOutputStream();
        while ((readSize = e.getInputStream().read(bs)) > 0) {
            infoStream.write(bs, 0, readSize);
        }
        System.out.println(infoStream.toString());
    }
}

使用ScriptEngineManager类

public class Jsexec {
    public static void main(String[] argv) throws ScriptException {
        String str = "function test(){ return java.lang.Runtime};r=test();r.getRuntime().exec(\"typora\");";
        ScriptEngineManager manager = new ScriptEngineManager(null);
        ScriptEngine engine = manager.getEngineByName("js");
        engine.eval(str);
    }
}

Groovy代码注入

GroovyShell类

直接代码执行

public class GroovyShellExample {
    public static void main( String[] args ) {
        GroovyShell groovyShell = new GroovyShell();
        groovyShell.evaluate("\"calc\".execute()");
    }
}

执行对应文件代码

public class GroovyShellExample {
    public static void main( String[] args ) throws Exception {
        GroovyShell groovyShell = new GroovyShell();
        Script script = groovyShell.parse(new File("src/test.groovy"));
        script.run();
    }
}

GroovyScriptEngine类

执行对应文件代码

public class GroovyScriptEngineExample {
    public static void main(String[] args) throws Exception {
        GroovyScriptEngine groovyScriptEngine = new GroovyScriptEngine("");
        groovyScriptEngine.run("a.groovy",new Binding());
    }
}

GroovyClassLoader类

执行对应文件代码

public class GroovyClassLoaderExample {
    public static void main(String[] args) throws Exception {
        GroovyClassLoader groovyClassLoader = new GroovyClassLoader();
        Class loadClass = groovyClassLoader.parseClass(new File("src/test.groovy"));
        GroovyObject groovyObject = (GroovyObject) loadClass.newInstance();
        groovyObject.invokeMethod("main","");
    }
}
posted @   Ho1d_F0rward  阅读(17)  评论(0编辑  收藏  举报
相关博文:
·  JAVA执行流程
·  fastjson反序列化漏洞
·  java代码审计-命令执行
·  Java命令执行
·  java基础漏洞学习----基础命令执行漏洞
阅读排行:
· 25岁的心里话
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 一起来玩mcp_server_sqlite,让AI帮你做增删改查!!
· 零经验选手,Compose 一天开发一款小游戏!
点击右上角即可分享
微信分享提示