-
-
Save todb-r7/4899d409de2accb21dc9 to your computer and use it in GitHub Desktop.
Java Meterpreter Cleartext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First two packets of Java Meterpreter, before encryption | |
| 16:01:24.695945 IP 192.168.145.1.48719 > 192.168.145.60.4444: Flags [.], seq 1:1449, | |
| ack 1, win 46, options [nop,nop,TS val 2603356 ecr 0], length 1448 | |
| 0x0000: 4500 05dc 13cc 4000 4006 7dc1 c0a8 9101 E.....@.@.}..... | |
| 0x0010: c0a8 913c be4f 115c 14c5 aa97 fc7f a5d5 ...<.O.\........ | |
| 0x0020: 8010 002e c304 0000 0101 080a 0027 b95c .............'.\ | |
| 0x0030: 0000 0000 0000 00d3 cafe babe 0003 002d ...............- | |
| 0x0040: 000a 0700 0707 0008 0100 0573 7461 7274 ...........start | |
| 0x0050: 0100 4528 4c6a 6176 612f 696f 2f44 6174 ..E(Ljava/io/Dat | |
| 0x0060: 6149 6e70 7574 5374 7265 616d 3b4c 6a61 aInputStream;Lja | |
| 0x0070: 7661 2f69 6f2f 4f75 7470 7574 5374 7265 va/io/OutputStre | |
| 0x0080: 616d 3b5b 4c6a 6176 612f 6c61 6e67 2f53 am;[Ljava/lang/S | |
| 0x0090: 7472 696e 673b 2956 0100 0a45 7863 6570 tring;)V...Excep | |
| 0x00a0: 7469 6f6e 7307 0009 0100 176a 6176 6170 tions......javap | |
| 0x00b0: 6179 6c6f 6164 2f73 7461 6765 2f53 7461 ayload/stage/Sta | |
| 0x00c0: 6765 0100 106a 6176 612f 6c61 6e67 2f4f ge...java/lang/O | |
| 0x00d0: 626a 6563 7401 0013 6a61 7661 2f6c 616e bject...java/lan | |
| 0x00e0: 672f 4578 6365 7074 696f 6e06 0100 0100 g/Exception..... | |
| 0x00f0: 0200 0000 0000 0104 0100 0300 0400 0100 ................ | |
| 0x0100: 0500 0000 0400 0100 0600 0000 000c 3aca ..............:. | |
| 0x0110: feba be00 0300 2d00 c10a 0032 0059 0700 ......-....2.Y.. | |
| 0x0120: 5a07 005b 0a00 5c00 5d0a 0003 005e 0900 Z..[..\.]....^.. | |
| 0x0130: 3b00 5f0b 0036 0060 0700 6108 0062 0800 ;._..6.`..a..b.. | |
| 0x0140: 6307 0064 0a00 0b00 650b 0036 0066 0a00 c..d....e..6.f.. | |
| 0x0150: 0b00 6708 0068 0a00 0b00 690a 000b 006a ..g..h....i....j | |
| 0x0160: 0a00 0800 6b0a 003c 006c 0a00 0800 6d0a ....k..<.l....m. | |
| 0x0170: 006e 006f 0a00 6e00 700a 0071 0072 0b00 .n.o..n.p..q.r.. | |
| 0x0180: 3600 7307 0040 0900 3b00 740a 006e 0075 6.s..@..;.t..n.u | |
| 0x0190: 0900 3b00 7607 0077 0a00 1d00 7807 0079 ..;.v..w....x..y | |
| 0x01a0: 0a00 1f00 6509 003b 007a 0800 7b0a 003b ....e..;.z..{..; | |
| 0x01b0: 007c 0800 7d0a 0032 007e 0700 7f08 0080 .|..}..2.~...... | |
| 0x01c0: 0a00 8100 820a 0083 0084 0700 850b 002a ...............* | |
| 0x01d0: 0086 0b00 2a00 8407 0087 0a00 2d00 650b ....*.......-.e. | |
| 0x01e0: 002a 0088 0a00 3400 8908 008a 0700 8b0a .*....4......... | |
| 0x01f0: 0032 008c 0700 8d0a 008e 008f 0700 9007 .2.............. | |
| 0x0200: 0091 0700 920a 005c 006a 0a00 3800 5e07 .......\.j..8.^. | |
| 0x0210: 0093 0700 9401 0005 6669 6c65 7301 0010 ........files... | |
| 0x0220: 4c6a 6176 612f 7574 696c 2f4c 6973 743b Ljava/util/List; | |
| 0x0230: 0100 0464 6174 6101 0002 5b42 0100 0b63 ...data...[B...c | |
| 0x0240: 6f6e 7465 6e74 5479 7065 0100 124c 6a61 ontentType...Lja | |
| 0x0250: 7661 2f6c 616e 672f 5374 7269 6e67 3b01 va/lang/String;. | |
| 0x0260: 0012 636c 6173 7324 6a61 7661 246e 6574 ..class$java$net | |
| 0x0270: 2455 524c 0100 114c 6a61 7661 2f6c 616e $URL...Ljava/lan | |
| 0x0280: 672f 436c 6173 733b 0100 0953 796e 7468 g/Class;...Synth | |
| 0x0290: 6574 6963 0100 0963 7265 6174 6555 524c etic...createURL | |
| 0x02a0: 0100 2428 5b42 4c6a 6176 612f 6c61 6e67 ..$([BLjava/lang | |
| 0x02b0: 2f53 7472 696e 673b 294c 6a61 7661 2f6e /String;)Ljava/n | |
| 0x02c0: 6574 2f55 524c 3b01 0004 436f 6465 0100 et/URL;...Code.. | |
| 0x02d0: 0a45 7863 6570 7469 6f6e 7307 0095 0100 .Exceptions..... | |
| 0x02e0: 063c 696e 6974 3e01 0011 284c 6a61 7661 .<init>...(Ljava | |
| 0x02f0: 2f6e 6574 2f55 524c 3b29 5601 0007 636f /net/URL;)V...co | |
| 0x0300: 6e6e 6563 7401 0003 2829 5607 0096 0100 nnect...()V..... | |
| 0x0310: 0e67 6574 496e 7075 7453 7472 6561 6d01 .getInputStream. | |
| 0x0320: 0017 2829 4c6a 6176 612f 696f 2f49 6e70 ..()Ljava/io/Inp | |
| 0x0330: 7574 5374 7265 616d 3b01 0010 6765 7443 utStream;...getC | |
| 0x0340: 6f6e 7465 6e74 4c65 6e67 7468 0100 0328 ontentLength...( | |
| 0x0350: 2949 0100 0e67 6574 436f 6e74 656e 7454 )I...getContentT | |
| 0x0360: 7970 6501 0014 2829 4c6a 6176 612f 6c61 ype...()Ljava/la | |
| 0x0370: 6e67 2f53 7472 696e 673b 0100 0663 6c61 ng/String;...cla | |
| 0x0380: 7373 2401 0025 284c 6a61 7661 2f6c 616e ss$..%(Ljava/lan | |
| 0x0390: 672f 5374 7269 6e67 3b29 4c6a 6176 612f g/String;)Ljava/ | |
| 0x03a0: 6c61 6e67 2f43 6c61 7373 3b01 0008 3c63 lang/Class;...<c | |
| 0x03b0: 6c69 6e69 743e 0c00 9700 5701 0020 6a61 linit>....W...ja | |
| 0x03c0: 7661 2f6c 616e 672f 436c 6173 734e 6f74 va/lang/ClassNot | |
| 0x03d0: 466f 756e 6445 7863 6570 7469 6f6e 0100 FoundException.. | |
| 0x03e0: 1e6a 6176 612f 6c61 6e67 2f4e 6f43 6c61 .java/lang/NoCla | |
| 0x03f0: 7373 4465 6646 6f75 6e64 4572 726f 7207 ssDefFoundError. | |
| 0x0400: 0098 0c00 9900 550c 004b 009a 0c00 3d00 ......U..K....=. | |
| 0x0410: 3e0c 009b 009c 0100 0c6a 6176 612f 6e65 >........java/ne | |
| 0x0420: 742f 5552 4c01 0011 6d65 7461 7370 6c6f t/URL...metasplo | |
| 0x0430: 6974 6d65 6d62 7566 6601 0000 0100 166a itmembuff......j | |
| 0x0440: 6176 612f 6c61 6e67 2f53 7472 696e 6742 ava/lang/StringB | |
| 0x0450: 7566 6665 720c 004b 004e 0c00 9d00 530c uffer..K.N....S. | |
| 0x0460: 009e 009f 0100 012f 0c00 9e00 a00c 00a1 ......./........ | |
| 0x0470: 0055 0c00 4b00 a20c 004b 004c 0c00 a300 .U..K....K.L.... | |
| 0x0480: 5507 00a4 0c00 a500 a60c 00a7 00a8 0700 U............... | |
| 0x0490: a90c 00aa 00ab 0c00 ac00 ad0c 003f 0040 .............?.@ | |
| 0x04a0: 0c00 a700 ae0c 0041 0042 0100 1c6a 6176 .......A.B...jav | |
| 0x04b0: 612f 696f 2f42 7974 6541 7272 6179 496e a/io/ByteArrayIn | |
| 0x04c0: 7075 7453 7472 6561 6d0c 004b 00af 0100 putStream..K.... | |
| 0x04d0: 136a 6176 612f 7574 696c 2f41 7272 6179 .java/util/Array | |
| 0x04e0: 4c69 7374 0c00 4300 4401 000c 6a61 7661 List..C.D...java | |
| 0x04f0: 2e6e 6574 2e55 524c 0c00 5600 5701 0008 .net.URL..V.W... | |
| 0x0500: 6861 6e64 6c65 7273 0c00 b000 b101 001e handlers........ | |
| 0x0510: 6a61 7661 2f6c 616e 672f 4e6f 5375 6368 java/lang/NoSuch | |
| 0x0520: 4669 656c 6445 7863 6570 7469 6f6e 0100 FieldException.. | |
| 0x0530: 0870 685f 6361 6368 6507 00b2 0c00 b300 .ph_cache....... | |
| 0x0540: b407 00b5 0c00 ac00 b601 000d 6a61 7661 ............java | |
| 0x0550: 2f75 7469 6c2f 4d61 700c 00b7 009c 0100 /util/Map....... | |
| 0x0560: 3763 6f6d 2f6d 6574 6173 706c 6f69 742f 7com/metasploit/ | |
| 0x0570: 6d65 7465 7270 7265 7465 722f 4d65 6d6f meterpreter/Memo | |
| 0x0580: 7279 4275 6666 6572 5552 4c53 7472 6561 ryBufferURLStrea | |
| 0x0590: 6d48 616e 646c 6572 0c00 b800 b90c 00ba mHandler........ | |
| 0x05a0: 00bb 0100 0867 6574 4669 6c65 7301 000f .....getFiles... | |
| 0x05b0: 6a61 7661 2f6c 616e 672f 436c 6173 730c java/lang/Class. | |
| 0x05c0: 00bc 00bd 0100 106a 6176 612f 6c61 6e67 .......java/lang | |
| 0x05d0: 2f4f 626a 6563 7407 00be 0c00 /Object..... | |
| 16:01:24.696005 IP 192.168.145.1.48719 > 192.168.145.60.4444: Flags [.], seq 1449:2897, ack 1, win 46, options [nop,nop,TS val 2603356 ecr 0], length 1448 | |
| 0x0000: 4500 05dc 13cd 4000 4006 7dc0 c0a8 9101 E.....@.@.}..... | |
| 0x0010: c0a8 913c be4f 115c 14c5 b03f fc7f a5d5 ...<.O.\...?.... | |
| 0x0020: 8010 002e d6d1 0000 0101 080a 0027 b95c .............'.\ | |
| 0x0030: 0000 0000 bf00 c001 000e 6a61 7661 2f75 ..........java/u | |
| 0x0040: 7469 6c2f 4c69 7374 0100 136a 6176 612f til/List...java/ | |
| 0x0050: 6c61 6e67 2f45 7863 6570 7469 6f6e 0100 lang/Exception.. | |
| 0x0060: 1a6a 6176 612f 6c61 6e67 2f52 756e 7469 .java/lang/Runti | |
| 0x0070: 6d65 4578 6365 7074 696f 6e01 0034 636f meException..4co | |
| 0x0080: 6d2f 6d65 7461 7370 6c6f 6974 2f6d 6574 m/metasploit/met | |
| 0x0090: 6572 7072 6574 6572 2f4d 656d 6f72 7942 erpreter/MemoryB | |
| 0x00a0: 7566 6665 7255 524c 436f 6e6e 6563 7469 ufferURLConnecti | |
| 0x00b0: 6f6e 0100 166a 6176 612f 6e65 742f 5552 on...java/net/UR | |
| 0x00c0: 4c43 6f6e 6e65 6374 696f 6e01 001e 6a61 LConnection...ja | |
| 0x00d0: 7661 2f6e 6574 2f4d 616c 666f 726d 6564 va/net/Malformed | |
| 0x00e0: 5552 4c45 7863 6570 7469 6f6e 0100 136a URLException...j | |
| 0x00f0: 6176 612f 696f 2f49 4f45 7863 6570 7469 ava/io/IOExcepti | |
| 0x0100: 6f6e 0100 0766 6f72 4e61 6d65 0100 136a on...forName...j | |
| 0x0110: 6176 612f 6c61 6e67 2f54 6872 6f77 6162 ava/lang/Throwab | |
| 0x0120: 6c65 0100 0a67 6574 4d65 7373 6167 6501 le...getMessage. | |
| 0x0130: 0015 284c 6a61 7661 2f6c 616e 672f 5374 ..(Ljava/lang/St | |
| 0x0140: 7269 6e67 3b29 5601 0003 6164 6401 0015 ring;)V...add... | |
| 0x0150: 284c 6a61 7661 2f6c 616e 672f 4f62 6a65 (Ljava/lang/Obje | |
| 0x0160: 6374 3b29 5a01 0004 7369 7a65 0100 0661 ct;)Z...size...a | |
| 0x0170: 7070 656e 6401 001b 2849 294c 6a61 7661 ppend...(I)Ljava | |
| 0x0180: 2f6c 616e 672f 5374 7269 6e67 4275 6666 /lang/StringBuff | |
| 0x0190: 6572 3b01 002c 284c 6a61 7661 2f6c 616e er;..,(Ljava/lan | |
| 0x01a0: 672f 5374 7269 6e67 3b29 4c6a 6176 612f g/String;)Ljava/ | |
| 0x01b0: 6c61 6e67 2f53 7472 696e 6742 7566 6665 lang/StringBuffe | |
| 0x01c0: 723b 0100 0874 6f53 7472 696e 6701 0039 r;...toString..9 | |
| 0x01d0: 284c 6a61 7661 2f6c 616e 672f 5374 7269 (Ljava/lang/Stri | |
| 0x01e0: 6e67 3b4c 6a61 7661 2f6c 616e 672f 5374 ng;Ljava/lang/St | |
| 0x01f0: 7269 6e67 3b4c 6a61 7661 2f6c 616e 672f ring;Ljava/lang/ | |
| 0x0200: 5374 7269 6e67 3b29 5601 0007 6765 7446 String;)V...getF | |
| 0x0210: 696c 6501 0010 6a61 7661 2f6c 616e 672f ile...java/lang/ | |
| 0x0220: 5374 7269 6e67 0100 0769 6e64 6578 4f66 String...indexOf | |
| 0x0230: 0100 0428 4929 4901 0009 7375 6273 7472 ...(I)I...substr | |
| 0x0240: 696e 6701 0016 2849 4929 4c6a 6176 612f ing...(II)Ljava/ | |
| 0x0250: 6c61 6e67 2f53 7472 696e 673b 0100 116a lang/String;...j | |
| 0x0260: 6176 612f 6c61 6e67 2f49 6e74 6567 6572 ava/lang/Integer | |
| 0x0270: 0100 0870 6172 7365 496e 7401 0015 284c ...parseInt...(L | |
| 0x0280: 6a61 7661 2f6c 616e 672f 5374 7269 6e67 java/lang/String | |
| 0x0290: 3b29 4901 0003 6765 7401 0015 2849 294c ;)I...get...(I)L | |
| 0x02a0: 6a61 7661 2f6c 616e 672f 4f62 6a65 6374 java/lang/Object | |
| 0x02b0: 3b01 0015 2849 294c 6a61 7661 2f6c 616e ;...(I)Ljava/lan | |
| 0x02c0: 672f 5374 7269 6e67 3b01 0005 285b 4229 g/String;...([B) | |
| 0x02d0: 5601 0010 6765 7444 6563 6c61 7265 6446 V...getDeclaredF | |
| 0x02e0: 6965 6c64 0100 2d28 4c6a 6176 612f 6c61 ield..-(Ljava/la | |
| 0x02f0: 6e67 2f53 7472 696e 673b 294c 6a61 7661 ng/String;)Ljava | |
| 0x0300: 2f6c 616e 672f 7265 666c 6563 742f 4669 /lang/reflect/Fi | |
| 0x0310: 656c 643b 0100 226a 6176 612f 6c61 6e67 eld;.."java/lang | |
| 0x0320: 2f72 6566 6c65 6374 2f41 6363 6573 7369 /reflect/Accessi | |
| 0x0330: 626c 654f 626a 6563 7401 000d 7365 7441 bleObject...setA | |
| 0x0340: 6363 6573 7369 626c 6501 0004 285a 2956 ccessible...(Z)V | |
| 0x0350: 0100 176a 6176 612f 6c61 6e67 2f72 6566 ...java/lang/ref | |
| 0x0360: 6c65 6374 2f46 6965 6c64 0100 2628 4c6a lect/Field..&(Lj | |
| 0x0370: 6176 612f 6c61 6e67 2f4f 626a 6563 743b ava/lang/Object; | |
| 0x0380: 294c 6a61 7661 2f6c 616e 672f 4f62 6a65 )Ljava/lang/Obje | |
| 0x0390: 6374 3b01 000b 636f 6e74 6169 6e73 4b65 ct;...containsKe | |
| 0x03a0: 7901 0003 7075 7401 0038 284c 6a61 7661 y...put..8(Ljava | |
| 0x03b0: 2f6c 616e 672f 4f62 6a65 6374 3b4c 6a61 /lang/Object;Lja | |
| 0x03c0: 7661 2f6c 616e 672f 4f62 6a65 6374 3b29 va/lang/Object;) | |
| 0x03d0: 4c6a 6176 612f 6c61 6e67 2f4f 626a 6563 Ljava/lang/Objec | |
| 0x03e0: 743b 0100 0867 6574 436c 6173 7301 0013 t;...getClass... | |
| 0x03f0: 2829 4c6a 6176 612f 6c61 6e67 2f43 6c61 ()Ljava/lang/Cla | |
| 0x0400: 7373 3b01 0009 6765 744d 6574 686f 6401 ss;...getMethod. | |
| 0x0410: 0040 284c 6a61 7661 2f6c 616e 672f 5374 .@(Ljava/lang/St | |
| 0x0420: 7269 6e67 3b5b 4c6a 6176 612f 6c61 6e67 ring;[Ljava/lang | |
| 0x0430: 2f43 6c61 7373 3b29 4c6a 6176 612f 6c61 /Class;)Ljava/la | |
| 0x0440: 6e67 2f72 6566 6c65 6374 2f4d 6574 686f ng/reflect/Metho | |
| 0x0450: 643b 0100 186a 6176 612f 6c61 6e67 2f72 d;...java/lang/r | |
| 0x0460: 6566 6c65 6374 2f4d 6574 686f 6401 0006 eflect/Method... | |
| 0x0470: 696e 766f 6b65 0100 3928 4c6a 6176 612f invoke..9(Ljava/ | |
| 0x0480: 6c61 6e67 2f4f 626a 6563 743b 5b4c 6a61 lang/Object;[Lja | |
| 0x0490: 7661 2f6c 616e 672f 4f62 6a65 6374 3b29 va/lang/Object;) | |
| 0x04a0: 4c6a 6176 612f 6c61 6e67 2f4f 626a 6563 Ljava/lang/Objec | |
| 0x04b0: 743b 0021 003b 003c 0000 0004 000a 003d t;.!.;.<.......= | |
| 0x04c0: 003e 0000 0012 003f 0040 0000 0012 0041 .>.....?.@.....A | |
| 0x04d0: 0042 0000 0008 0043 0044 0001 0045 0000 .B.....C.D...E.. | |
| 0x04e0: 0000 0008 0009 0046 0047 0002 0048 0000 .......F.G...H.. | |
| 0x04f0: 005f 0007 0004 0000 0043 b200 0659 4dc2 ._.......C...YM. | |
| 0x0500: b200 062a b900 0702 0057 bb00 0859 1209 ...*.....W...Y.. | |
| 0x0510: 120a bb00 0b59 b700 0cb2 0006 b900 0d01 .....Y.......... | |
| 0x0520: 0004 64b6 000e 120f b600 102b b600 10b6 ..d........+.... | |
| 0x0530: 0011 b700 122c c3b0 4e2c c32d bf00 0200 .....,..N,.-.... | |
| 0x0540: 0600 3d00 3e00 0000 3e00 4100 3e00 0000 ..=.>...>.A.>... | |
| 0x0550: 0000 4900 0000 0400 0100 4a00 0400 4b00 ..I.......J...K. | |
| 0x0560: 4c00 0100 4800 0000 6900 0500 0600 0000 L...H...i....... | |
| 0x0570: 4d2a 2bb7 0013 2bb6 0014 4d2c 102f b600 M*+...+...M,./.. | |
| 0x0580: 153e b200 0659 3a04 c22a b200 062c 031d .>...Y:..*...,.. | |
| 0x0590: b600 16b8 0017 b900 1802 00c0 0019 c000 ................ | |
| 0x05a0: 19b5 001a 1904 c3a7 000b 3a05 1904 c319 ..........:..... | |
| 0x05b0: 05bf 2a2c 1d04 60b6 001b b500 1cb1 0002 ..*,..`......... | |
| 0x05c0: 0018 0036 0039 0000 0039 003e 0039 0000 ...6.9...9.>.9.. | |
| 0x05d0: 0000 0001 004d 004e 0002 0048 .....M.N...H | |
| 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment