Sunshine insurance group's java deserialization command executes two packages (write shell tutorial Linux)

Source: Internet
Author: User

Sunshine insurance group's java deserialization command executes two packages (write shell tutorial Linux)

Celebrate the achievement of 1000rank and share some experience in shell writing.
This is a Linux server and has the default jboss interface.


Http: // 8080/WebContent/addECPolicy/kuaisutoubao. jsp

The insurance system jointly developed by sunshine insurance and yiche

Http: // 8080/the default jboss interface exists.

Jboss middleware, JAVA deserialization command execution vulnerability!

Echo tool written by rebeyond

Execute whoami

Ifconfig Intranet IP Address

Next we will focus on shell writing.

Write by default

Failed, 404

We use JD-GUI decompilation rebeyond Writing Tool, find writeshell, default "/" to the path is



However, many sites do not necessarily leave ROOT. WAR in the default deploy.

Run the following command to view

ls ../server/default/deploy

ROOT. war has been removed from default deploy

Therefore, shell writing fails.

So how to write it?

We know that the jboss interface is rendered through the index.html of root.warpost, that is, the root directory.


find / -name ROOT.war


Three addresses are obtained. The second is the correct configuration path for activation.

You only need to get the path + Your shell Name


You can also write the trojan address.

Http: // 8080/she11.jsp


Next station

Http: // 8080/WebContent/addECPolicy/kuaisutoubao. jsp

For the same jboss, run the same command and write the shell. Fix it together.

Shell address

Http: // 8080/she11.jsp


The two are packed together and handed over to you!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.