├── .idea ├── .gitignore ├── compiler.xml ├── libraries │ └── coherence.xml ├── misc.xml ├── uiDesigner.xml └── vcs.xml ├── Attacking_Shiro_with_CVE_2020_2555.iml ├── README.md ├── lib ├── coherence.jar ├── com.oracle.webservices.wls.jaxrpc-client.jar ├── weblogic.jar └── wlthint3client.jar ├── pom.xml └── src ├── main └── java │ └── com │ └── feihong │ ├── GenerateCookie.java │ ├── encrypt │ ├── AESEncrypt.java │ └── GCMEncrypt.java │ ├── enumeration │ ├── EncryptMode.java │ └── PayloadType.java │ ├── payload │ ├── BasicCMDpayload.java │ ├── FileWritePayload.java │ ├── ScriptEnginePayload.java │ └── TemplatesImplPayload.java │ ├── template │ ├── BasicCmdTemplate.java │ ├── DynamicFilterTemplate.java │ ├── MyClassLoader.java │ ├── WeblogicEcho.java │ ├── WeblogicMemshellLoader.java │ └── WeblogicMemshellTemplate.java │ ├── testcase │ ├── TestFileOutputStreamWithCVE_2020_2555.java │ ├── TestFileOutputStreamWithCVE_2020_2883.java │ ├── TestScriptEngineAdvancedWithCVE_2020_2555.java │ ├── TestScriptEngineWithCVE_2020_2555.java │ ├── TestScriptEnginelAdvancedWithCVE_2020_2883.java │ ├── TestScriptEnginelWithCVE_2020_2883.java │ ├── TestTemplatesImplWithCVE_2020_2555.java │ └── TestTemplatesImplWithCVE_2020_2883.java │ └── utils │ ├── ClassFiles.java │ ├── Gadgets.java │ ├── Reflections.java │ └── Util.java └── test └── java └── Test.java /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /workspace.xml -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/.idea/compiler.xml -------------------------------------------------------------------------------- /.idea/libraries/coherence.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/.idea/libraries/coherence.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/uiDesigner.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/.idea/uiDesigner.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /Attacking_Shiro_with_CVE_2020_2555.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/Attacking_Shiro_with_CVE_2020_2555.iml -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/README.md -------------------------------------------------------------------------------- /lib/coherence.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/lib/coherence.jar -------------------------------------------------------------------------------- /lib/com.oracle.webservices.wls.jaxrpc-client.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/lib/com.oracle.webservices.wls.jaxrpc-client.jar -------------------------------------------------------------------------------- /lib/weblogic.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/lib/weblogic.jar -------------------------------------------------------------------------------- /lib/wlthint3client.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/lib/wlthint3client.jar -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/pom.xml -------------------------------------------------------------------------------- /src/main/java/com/feihong/GenerateCookie.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/GenerateCookie.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/encrypt/AESEncrypt.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/encrypt/AESEncrypt.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/encrypt/GCMEncrypt.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/encrypt/GCMEncrypt.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/enumeration/EncryptMode.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/enumeration/EncryptMode.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/enumeration/PayloadType.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/enumeration/PayloadType.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/payload/BasicCMDpayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/payload/BasicCMDpayload.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/payload/FileWritePayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/payload/FileWritePayload.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/payload/ScriptEnginePayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/payload/ScriptEnginePayload.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/payload/TemplatesImplPayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/payload/TemplatesImplPayload.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/BasicCmdTemplate.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/BasicCmdTemplate.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/DynamicFilterTemplate.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/DynamicFilterTemplate.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/MyClassLoader.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/MyClassLoader.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/WeblogicEcho.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/WeblogicEcho.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/WeblogicMemshellLoader.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/WeblogicMemshellLoader.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/template/WeblogicMemshellTemplate.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/template/WeblogicMemshellTemplate.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestFileOutputStreamWithCVE_2020_2555.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestFileOutputStreamWithCVE_2020_2555.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestFileOutputStreamWithCVE_2020_2883.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestFileOutputStreamWithCVE_2020_2883.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestScriptEngineAdvancedWithCVE_2020_2555.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestScriptEngineAdvancedWithCVE_2020_2555.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestScriptEngineWithCVE_2020_2555.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestScriptEngineWithCVE_2020_2555.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestScriptEnginelAdvancedWithCVE_2020_2883.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestScriptEnginelAdvancedWithCVE_2020_2883.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestScriptEnginelWithCVE_2020_2883.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestScriptEnginelWithCVE_2020_2883.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestTemplatesImplWithCVE_2020_2555.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestTemplatesImplWithCVE_2020_2555.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/testcase/TestTemplatesImplWithCVE_2020_2883.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/testcase/TestTemplatesImplWithCVE_2020_2883.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/utils/ClassFiles.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/utils/ClassFiles.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/utils/Gadgets.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/utils/Gadgets.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/utils/Reflections.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/utils/Reflections.java -------------------------------------------------------------------------------- /src/main/java/com/feihong/utils/Util.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/main/java/com/feihong/utils/Util.java -------------------------------------------------------------------------------- /src/test/java/Test.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/feihong-cs/Attacking_Shiro_with_CVE_2020_2555/HEAD/src/test/java/Test.java --------------------------------------------------------------------------------