[shiro] shiro deserialization vulnerability comprehensive utilization tool v2.2 (download, install, use)

Table of contents

1 Tool download

  1. shiro deserialization vulnerability comprehensive exploitation tool v2.2 download:
    link: https://pan.baidu.com/s/1kvQEMrMP-PZ4K1eGwAP0_Q?pwd=zbgp
    Extraction code: zbgp
  2. Other tool downloads:
    In addition to this tool, there are various tools contributed by other bigwigs [on github] . There are many tools written in python with simple functions, which can be used as teaching materials for understanding the principle of shiro vulnerability and writing your own tools.

2 Dependent environment installation

  1. Note : Shiro Deserialization Vulnerability Comprehensive Exploitation Tool v2.2 is written in java and needs to use java8 environment to parse
  2. Download the java8 environment : You can download the java8 installation package on the official website , and choose the installation package that suits you according to your system conditions. If it is a win64 system, you can download it according to the network disk link: https://pan.baidu.com/s/1Yg7fq5_5zOMR6UphAA896w?pwd=e7hk Extraction code: e7hk.
  3. Install java8 . Right-click the exe installation package you just downloaded and run it in administrator mode. It is recommended to use the default option.
  4. Set system environment variables . As shown in the figure below, add the JAVA HOME parameter to the installation path of java, and add two new values ​​to the path parameter.
  5. Verify that the installation was successful . Press win+R to pop up the cmd window, enter the command java -version, and check whether the displayed version is as shown in the figure below. The installation starts with 1.8, indicating that the installation is successful.
  6. For those who have installed other versions and cannot find Java8, please find another tutorial to solve it.

3 use

  1. Find the “shiro deserialization vulnerability comprehensive utilization tool v2.2” you just downloaded, unzip it, open the folder, you can see that there is a jar file and a folder in it. The files in the folder are the dictionary that stores the key.
  2. Enter cmd in the address bar of the folder of this layer and press Enter to open the terminal. At this time, the path of the terminal is located in this folder.
  3. Enter the command java -jar shiro_attack-2.2.jarto execute the file in the java environment.
  4. The pop-up tool window is as follows.
  5. The specific usage method will be reflected in the subsequent reproduction process.

Leave a Comment

Your email address will not be published. Required fields are marked *