Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Jython2 gadget #135

Merged
merged 3 commits into from
Apr 27, 2022
Merged

Add Jython2 gadget #135

merged 3 commits into from
Apr 27, 2022

Conversation

ykoster
Copy link

@ykoster ykoster commented Nov 1, 2019

This version of Jython2 executes a command through os.system(). Based on Jython1 from @pwntester & @cschneider4711

@ykoster
Add Jython2 gadget
fe839ad 
This version of Jython2 executes a command through os.system(). Based on Jython1 from @pwntester & @cschneider4711
@frohoff
Copy link
Owner

frohoff commented Dec 23, 2020

Sorry for taking so long to reply. Can you confirm whether this works on Windows? The Windows appveyor builds seem to be failing.

https://ci.appveyor.com/project/frohoff/ysoserial/build/job/u0ruvvdc4beehxlu

@ykoster
Copy link
Author

ykoster commented Dec 28, 2020

Hi @frohoff, it was a bit of a struggle to compile, but the build works for me on Windows 10 with Oracle JRE 1.7.0_80.

image

@frohoff
Copy link
Owner

frohoff commented Dec 29, 2020

Are you able to confirm it achieves command execution on windows? Does the test pass on windows on your machine?

@ykoster
Copy link
Author

ykoster commented Dec 29, 2020

Sorry, I misread your original question. I can confirm that command execution works on Windows.

image

@ykoster
Copy link
Author

ykoster commented Dec 29, 2020

I'm not sure why AppVeyor fails; from the 1.8.0 output it seems to me that PowerShell did run:

new-item : Illegal characters in path.
At line:1 char:1
+ new-item -type file C:\Users�ppveyor\AppData\Local\Temp�\ysoserial-te ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Co 
   mmands.NewItemCommand

On a side note, this pull request pretty much does the same and the build doesn't fail:
Add new jython gadget chains. #153

@frohoff
Copy link
Owner

frohoff commented Feb 2, 2021
edited
Loading

It looks like the windows issue is probably is caused by a bug in the RCE test harness that doesn't handle spaces in the temp dir. I'll try to fix that and then get this merged.

@frohoff frohoff changed the base branch from master to newgadgets April 27, 2022 05:07
@frohoff frohoff merged commit 30ca17f into frohoff:newgadgets Apr 27, 2022
frohoff added a commit that referenced this pull request Apr 27, 2022
@frohoff @navalorenzo
@sciccone @meizjm3i @ykoster @JackOfMostTrades @k4n5ha0 @supersache
New gadgets (#180)
be6cbf7 
* CommonsCollections8 payload (#116)

* New gadgets (Struts2JasperReports - Atomikos - SpringJta) (#123)

* added Atomikos gadget payload

* added Atomikos gadget payload

* naming

* added spring-jta gadget

* added strutsJasperReports gadget + tests

* updated deps list on springJta

* fixed authors

* renaming

* Add new payload in Commons Collections 3.2.1 (#125)

* Add Jython2 gadget (#135)

This version of Jython2 executes a command through os.system(). Based on Jython1 from @pwntester & @cschneider4711

Co-authored-by: Chris Frohoff <[email protected]>

* Add scala and clojure payloads from a couple of years ago (#137)

* Add some payloads for Scala

* Add new clojure payload effecting versions since 1.8.0

* Fix infinite loop behavior of clojure2 payload.

* add CommonsBeanutils2 (#163)

* ceylon gadget (#173)

Co-authored-by: navalorenzo <[email protected]>
Co-authored-by: Stefano Ciccone <[email protected]>
Co-authored-by: 梅子酒 <[email protected]>
Co-authored-by: Yorick Koster <[email protected]>
Co-authored-by: Ian Haken <[email protected]>
Co-authored-by: k4n5ha0 <[email protected]>
Co-authored-by: supersache <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
new_gadget
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ykoster @frohoff