Article-Link: The Demo Files
PS: The Articles only have Chinese Version. But u can still learn from the demo. QAQ
Java反序列化の初见(The first time to use Reflection and Serializtion with Java):
- Java-Reflection_RCE-Example
- Java-Serialization-Example
Java反序列化之URLDNS(Analyse and learn the URLDNS-Gadget):
- URLDNS-Gadget
Java反序列化之CC1其一(Analyse and learn the CC1-Gadget of TransformedMap):
- CommonsCollections1-Gadget
Java反序列化之CC1其二(Analyse and learn the CC1-Gadget of LazyMap):
- CommonsCollections1-Gadget
Java反序列化之CC2(Analyse and learn the CC2-Gadget):
- CommonsCollections2-Gadget
Java反序列化之CC3(Analyse and learn the CC3-Gadget):
- CommonsCollections3-Gadget
Java反序列化之CC4(Analyse and learn the CC4-Gadget):
- CommonsCollections4-Gadget
Java反序列化之CC5与CC6(Analyse and learn the CC5,CC6-Gadget):
- CommonsCollections5-Gadget
- CommonsCollections6-Gadget
关于Java中RMI的个人拙见(The frist time to use RMI):
- RMI-Example
RMI的利用 (Hack with RMI and CC3-Gadget):
- RMI-Exp_CC3 (The used payload only suit for JDK7)
JNDI注入の个人拙见(What is JNDI && Hack with JNDI):
- JNDI-Example
- JNDI-Exp_RMI (No demo for LDAP,but Article has a example)
JDK8u191+等高版本下的JNDI注入(How to hack with JNDI in later verison):
-
JNDI-Exp_BeanFactory
-
JNDI-Exp_LDAPHacker_CC3(Please Use JDK8+,because I used Base64 module in it QAQ)
-
JNDI-Exp_LDAPClient_CC3(Please Use JDK7,because the CC3 payload I used in Server only suit for JDK7. ORZ)