JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring

素十八

Last update: Dec 30, 2022

Related tags

Web Frameworks MemoryShell

Overview

Memory Shell

JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring

文章：JavaWeb 内存马一周目通关攻略

项目介绍

本项目用来学习和研究 JavaWeb 内存马添加和防御模式，共包含以下几个模块。

memshell-test

模块 memshell-test 中，针对各个常用中间件实现了至少一种 Servlet-API 类型的内存马。

包含几乎全部常见中间件的内存马写入测试文件，部分文件来自各位师傅们的分享，经修改和调整后已经全部经过测试。开箱即用。

目前包含的实现方式有：

中间件	测试版本	内存马实现方式
apusic	AAS Enterprise Edition 9.0	Filter
bes	BES-LITE-9.5.0.382	Filter
glassfish	GlassFish 5.0.0	Filter Grizzly Filter
inforsuite	InforSuiteAS_10	Filter
jboss	JBoss/WildFly 18.0.0.Final	Servlet Filter
jetty	Jetty 9.4.22	Servlet Filter
resin	Resin 4.0.65	Servlet Filter
tomcat	Tomcat 8.5.31	Servlet Filter Listener Tomcat Valve
tongweb	TongWeb 7.0.25	Servlet
weblogic	WebLogic 12.2.1.3.0	Filter
websphere	WebSphere/Liberty 20.0.0.12	Filter

由于重点关注内存马的写入方式，因此上下文的获取、关键类的定位这里没有讨论。

欢迎测试和补充。

memshell-inject

模拟冰蝎的写入内存马测试项目。

使用 JavaAgent 技术配合 javassist 写入字节码，项目 Hook 了 javax.servlet.http.HttpServletRequest 的 getQueryString 方法，返回指定字符串，配合 memshell-test-tomcat 的 QueryStringServlet 使用。

memshell-spring

spring controller 内存马以及 interceptor 内存马动态添加测试项目。

memshell-loader && memshell-scanner

suagent 项目，使用 JavaAgent 技术来检测和防御内存马。

SuAgent

使用 JavaAgent 技术配合 ASM 字节码编织，获取系统中全部加载的 class，并判断其是否为内存马，如果匹配检测逻辑，将插入字节码绕过内存马逻辑，达到防御内存马的目的。

使用方法：

build 项目后会在 suagent 文件夹生成 suagent-loader.jar 以及 suagent-scanner.jar 两个文件。
使用 java -jar suagent-loader.jar 可列举出当前系统上的 JVM PID 列表。
使用 java -jar suagent-loader.jar attach 100 对指定 PID 进行 attach 注入，suagent 会自动对系统内 servlet-api 类型的内存马进行扫描和字节注入，可以在控制台下看到日志输出。
使用 java -jar suagent-loader.jar detach 100 移除 agent。

测试视频：

Suagent 提供了 Servlet-API 内存马的查杀和清除能力，但是代码过于儿戏，覆盖不全是一方面，添加防御也是一方面，我会随缘更新这个项目不断完善主流内存马的查杀、检测及防御，但较为完整和成熟的 JavaWeb 内存马防御能力代码，请关注 RASP 安全产品：安百科技-灵蜥。

Ellume COVID Test Research Files

Ellume-COVID-Test-Research-Files Files related to the Ellume COVID Test Research documented

Aug 25, 2022

Tabletop Games Framework (TAG) - a Java-based benchmark for developing modern board games for AI research

The Tabletop Games Framework (TAG) is a Java-based benchmark for developing modern board games for AI research

Dec 12, 2022

Teaching repository for the undergraduate course in Operations Research at Technical University Munich.

Tutorial for Operations Research SS22 Konstantin Kuchenmeister Teaching repository for the undergraduate course in Operations Research at Technical Un

Aug 27, 2022

State-of-the-art cryptography to protect your world seed against seed cracking tools

SecureSeed State-of-the-art cryptography to protect your world seed against seed cracking tools. This mod is written for the Fabric Mod Loader. If you

Dec 28, 2022

The best plugin to protect anarchy servers and mc servers in general against op attacks.

AdminSecure The best plugin to protect anarchy servers and mc servers in general against op attacks How does it work? When the server detects a player

Sep 2, 2021

A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).

MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4

Jan 4, 2022

Forest_tracker - Help protect the environment with such a simple app.

Forest Tracker 🌳 🌲 🌱 Introduction Hey there! This app is all about protecting the environment! A unique method. Deforestation is happening at an al

May 11, 2022

Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies.

Sentey Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies. But firewalls are a

Dec 28, 2022

UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect

UniFi Proxy UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect. For testing purposes only, it is recommended to purcha

Dec 27, 2022

JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring

Related tags

Overview

Memory Shell

项目介绍

memshell-test

memshell-inject

memshell-spring

memshell-loader && memshell-scanner

SuAgent

广告

You might also like...

Ellume COVID Test Research Files

Tabletop Games Framework (TAG) - a Java-based benchmark for developing modern board games for AI research

Teaching repository for the undergraduate course in Operations Research at Technical University Munich.

State-of-the-art cryptography to protect your world seed against seed cracking tools

The best plugin to protect anarchy servers and mc servers in general against op attacks.

A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).

Forest_tracker - Help protect the environment with such a simple app.

Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies.

UniFi Proxy makes it possible to integrate third-party hardware into UniFi Protect

Owner

素十八

ZeroTurnaround Process Killer

Exploring JSI

Exploring Spring and Sprinboot by building projects

ORM16 is a library exploring code generation-based approach to ORM for Java 17 and focusing on records as persistent data model

Scan and patch tool for CVE-2021-44228 and related log4j concerns.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerability scanning and mitigation patch

A joint research effort for building highly optimized Reactive-Streams compliant operators.

Contains all my research and content produced regarding the log4shell vulnerability