云服务器软件运行出错,云服务器程序运行中出现木马

最新推荐文章于 2024-03-26 18:36:28 发布
最新推荐文章于 2024-03-26 18:36:28 发布
阅读量1.6k 收藏
点赞数
文章标签: 云服务器软件运行出错

攻击补充

01:13:30.597 [http-nio-9070-exec-28] WARN o.a.s.m.AbstractRememberMeManager - [onRememberedPrincipalFailure,449] - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted principals. This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.

01:13:30.599 [http-nio-9070-exec-28] WARN o.a.s.m.DefaultSecurityManager - [getRememberedIdentity,617] - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().

org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.

at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:378)

at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:482)

at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)

at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)

at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612)

at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500)

at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346)

at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)

at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)

at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.ArrayIndexOutOfBoundsException: null

at java.lang.System.arraycopy(Native Method)

at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:370)

... 48 common frames omitted

01:13:31.558 [http-nio-9070-exec-29] WARN o.a.s.m.AbstractRememberMeManager - [onRememberedPrincipalFailure,449] - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or corrupted principals. This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.

01:13:31.559 [http-nio-9070-exec-29] WARN o.a.s.m.DefaultSecurityManager - [getRememberedIdentity,617] - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().

org.apache.shiro.crypto.CryptoException: Unable to execute 'doFinal' with cipher instance [javax.crypto.Cipher@1126cfed].

at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)

at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)

at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)

at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)

at org.apache.shiro.mgt.AbstractRememberMeManager.decrypt(AbstractRememberMeManager.java:482)

at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:419)

at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)

at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612)

at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500)

at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346)

at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)

at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)

at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)

at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)

at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)

at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)

at javax.crypto.Cipher.doFinal(Cipher.java:2168)

at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)

... 51 common frames omitted

魔力奥
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
CVE 漏洞的分析及复现
mkl7717的博客
05-20 1571
往下,调用了StringUtils.tokenizeToStringArray()方法,之前的/secret.html转化成了["secret.html"]这个数组,/./secret.html转换成了[".","secret.html"]/secret.html的 bypass 方式也是合理的,可能一些其他特殊字符也是可以的,前提是对请求并不造成影响,像..,#这类字符就会产生问题。继续往下走,判断 html 的目录与当前请求的目录是否相同,因为我们请求被拆分出来是。先说 PoC,未标准化路径造成。
Shiro报错-[org.apache.shiro.mgt.AbstractRememberMeManager] - There was a failure while trying to retri...
weixin_34261739的博客
04-08 2190
2017-04-08 11:55:33,010 WARN [org.apache.shiro.mgt.AbstractRememberMeManager] - There was a failure while trying to retrieve remembered principals. This could be due to a configuration problem or co...
shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext
代码大师麦克拉瑞的博客
07-28 7417
org.apache.shiro.crypto.CryptoException: Unable to correctly extract the Initialization Vector or ciphertext.
记录Shiro的rememberMe Cookie序列化失败的情况的解决方案
madonghyu的博客
07-28 5118
在使用shiro的rememberMe的时候,发现cookie总是序列化失败,导致用户一直无法登录
shiro-550反序列化漏洞
lightsec
04-24 980
前言: shiro反序列化原因是shiro的一个机制为了让浏览器或服务器重启后不丢失用户的登陆状态,会将用户信息保存到 rememberMe字段 然后发送到服务端,服务端再对它进行base64解密,aes解密,再进行反序列化,由于在 1.2.4 这个版本里 shiro的key是固定的,所以可以通过构造一段恶意类经过aes加密再base64加密然后放到 rememberMe 伪造cookie信息,来让服务端加载,进而触发反序列化漏洞 环境搭建: 从github下载代码到本地 下载shiro-r
系统维护 很好的一个绿色软件 云端
01-09
U盘使用也差不多,我把云端和缓存都copy到移动硬盘上,插到另一台机子上,启动u盘里的云端,不过这次没要求设置缓存,直接就可以识别到软件,使用了下,软件运行速度可以,跟本地用差不多。我的硬盘是日立的1.8寸...
网站安全狗IIS版 v4.0.18081.exe
07-17
软件集网站内容安全防护、网站资源保护及网站流量保护功能为一体,功能涵盖网马/木马扫描、防SQL注入、防盗链、防黑链、防CC攻击、网站加速、危险组件防护、下载线程保护、IP黑白名单管理、实时流量监控、实时CPU...
WEB FTP EMAIL的服务器的安全配置.doc
06-22
WEB FTP EMAIL 服务器的安全配置 ...* 防止木马程序和病毒的攻击 * 保证用户的隐私和安全 WEB FTP EMAIL 服务器的安全配置是非常重要的,必须对服务器进行充分的安全配置,以确保服务器的安全和稳定运行
易语言-调用360云鉴定
06-29
360云鉴定是360公司提供的在线文件安全检测服务,它可以对上传的文件进行病毒、木马等恶意软件的扫描,返回鉴定结果。这种服务通常通过HTTP或HTTPS协议与服务器进行交互,提交待检测文件的哈希值或者文件内容,然后...
WEB+FTP+EMAIL的服务器的安全配置.doc
01-07
我们还需要在应用程序配置向客户端发送下列文本错误消息,以避免 ASP 脚本出错时,出错信息很可能会向客户端显示数据库路径等重要信息。 二、FTP 服务器安全配置 在 FTP 服务器安全配置,我们需要掌握 FTP...
Java框架安全篇--Shiro-550漏洞
最新发布
m0_63138919的博客
03-26 1293
本文章参考qax的网络安全java代码审计和Web漏洞解析与攻防实战和部分师傅审计思路以及Shiro靶场,记录自己的学习过程,还希望各位博主 师傅 大佬 勿喷,还希望大家指出错
更改tomcat文件导致项目无法启动记录org.apache.jasper.JasperException
weixin_33768925的博客
04-09 570
项目报错:org.apache.jasper.JasperException: /WEB-INF/views/modules/sys/sysLogin.jsp 2021-04-09 14:35:22,346 [http-nio-8081-exec-7] WARN [org.apache.shiro.mgt.AbstractRememberMeManager] - There was a failure while trying to retrieve remembered principals. Thi
shiro mgt包下的AbstractRememberMeManager
weixin_45912825的博客
10-26 412
2021SC@SDUSC AbstractRememberMeManager类综述 AbstractRememberMeManager类实现了RememberMeManager接口 静态变量: private static final Logger log = LoggerFactory.getLogger(AbstractRememberMeManager.class); 私有变量: private Serializer<PrincipalCollection> serializer;
第一个Shiro程序的问题
夜空中最亮的星
01-05 171
http://blog.csdn.net/sushengmiyan/article/details/39519509 https://wenku.baidu.com/view/4c822c62783e0912a2162ab4.html
springboot整合shiro框架学习笔记
thunder-1
10-12 386
1、
【网络安全】CVE漏洞分析以及复现
Android_wxf的博客
04-21 1736
这个比 Shiro550、Shiro721 要增加一些东西,首先看 pom.xml 这个配置文件,因为漏洞是 shiro 1.0.0 版本的。Shiro 在路径控制的时候,未能对传入的 url 编码进行 decode 解码,导致攻击者可以绕过过滤器,访问被过滤的路径。的 bypass 方式也是合理的,可能一些其他特殊字符也是可以的,前提是对请求并不造成影响,像。继续往下走,判断 html 的目录与当前请求的目录是否相同,因为我们请求被拆分出来是。的匹配范围,这里之前我们设定的访问方式是。
(五)shiro-web
a1034386099的博客
12-22 552
shiro主要用于web开发环境下,本小节学习web环境下的应用 1.准备工作 添加jar包,先前都是添加的core包,web环境下需要shiro-web,同时为了便于开发,同时还需要servlet,jsp等jar包 javax.servlet javax.servlet-api 3.1.0 javax.servlet.jsp
JSON怎样添加注释
热门推荐
hhthwx的博客
12-03 14万+
今天在写一个程序的时候发现了一个问题,在json文件添加注释之后,程序就出现bug了 于是,去搜了一下这个问题的相关解释,在这里和大家分享一下: JSON为什么不能添加注释? 这位外国友人给出的解释: 大神注意到有人利用注释来制定解析规则,这破坏了互操作性(Interoperability)。因此大神将其剔除。 JSON有两种数据结构: 名称/值对的集合:key : valu
linux 服务器怎么查找木马程序
03-31
1. 使用杀毒软件运行杀毒软件扫描整个系统,杀毒软件会检测并删除发现的木马程序。 2. 手动查找:使用命令行或文件管理器手动查找可疑文件和进程。例如,使用ps命令查看正在运行的进程,并查看是否有可疑的进程。...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值