• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

如何用编写Ladon插件,并批量检测网站是否使用Shiro【教程附工具】


k8

Recommended Posts

本文教大家如何用编写Ladon插件,并批量检测网站是否使用Shiro。

为何不直接批量检测是否存在反序列化漏洞?由于检测Shiro是否存在反序列化漏洞,可能需要发送多个KEY去检测,意味着要发比较多的包,对于批量来说可能速度会很慢,所以我们改变策略,只发两三个包先把使用Shiro的网站找出来,找出来之后再使用对应工具扫描目标站点。要知道批量发送PAYLOAD和批量发送正常请求对于WAF来说会有不同的结果,前者WAF不会拦截,后者可能就轻易被BAN掉IP。缺点不只是速度慢,还有被发现的风险。当然大家也可加上检测序列化漏洞的代码,一键批量,毕竟大家遇到的环境不同,管理员的水平也不同,有些你扫到目标机器冒烟了管理员都不理你,这种水平的管理员,你怎么搞都不会被发现啦。

支持版本

>= Ladon 5.0

模块类型

信息收集

插件功能

检测指定网站是否使用Apache Shiro,工具可单独使用,也可被Ladon调用批量检测。

核心代码

判断是否使用Shiro,通过检测返回头是否包含rememberMe即可。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
private static void CheckShiro(string url)
 {
     try
     {

         HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
         request.Headers.Add("Cookie", "rememberMe=0");
         HttpWebResponse response = (HttpWebResponse)request.GetResponse();

         //Console.WriteLine(String.Format("{0,-20}HTTP/{1} {2:d} {3}", "(Status-Line)", response.ProtocolVersion, response.StatusCode, response.StatusDescription));

         for (int i = 0; i < response.Headers.Keys.Count; i++)
         {
             //Console.WriteLine(String.Format("{0,-20}{1}", response.Headers.Keys[i], response.Headers.Get(i)));
             if (response.Headers.Get(i).Contains("rememberMe="))
                 Console.WriteLine(url + " IsShiro");
         }

     }
     catch (Exception ex)
     {
         //Console.WriteLine(ex.ToString());
     }
 }

参数代码

1.支持指定URL
2.支持IP参数(主要让Ladon批量扫描IP段进行更全的检测)

代码说明:
当参数包含HTTP时为检测已知URL,为IP时检测常见的80、443、8080端口,特别是批量C段、B段等时,都已经做到C段或B段了,你的目的肯定是为了获取更多更全的信息拓展目标,当然你也可以加入目标已知的喜欢用的WEB端口,比如8081、8089、8000等,具体根据你的项目来修改。

1
2
3
4
5
6
7
8
9
10
11
12
string url = args[0];
if (url.ToLower().Contains("http"))
	CheckShiro(url);
else
{
	url = "http://" + args[0];
	CheckShiro(url);
	url = "https://" + args[0];
	CheckShiro(url);
	url = "http://" + args[0]+":8080";
	CheckShiro(url);
}

插件用法

工具用法

1
2
IsShiro.exe http://192.169.1.8
IsShiro.exe 192.169.1.8

Ladon用法

1
2
3
4
5
6
7
Usage
Ladon target *.exe
Example:
Ladon http://192.169.1.8 IsShiro.exe
Ladon 192.169.1.8 IsShiro.exe
Ladon 192.169.1.8/24 IsShiro.exe
Ladon 192.169.1.8/16 IsShiro.exe

image

批量URL

目录下放url.txt,里面放入已知url即可,非同段IP的批量同理
http://192.168.1.8
http://10.23.4.56:800

1
Ladon IsShiro.exe

工具下载

最新版本:https://k8gege.org/Download

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now