jjf012

## portscan.php
<?php
$blackDomain =  array('localhost');		//屏蔽查询
$blackIP = array('127', '27.151.');		//屏蔽查询内网IP

class HccTools{
	var $typ = array(' 未知 ','FTP', 'SSH', 'TELNET', 'SMTP','DNS', 'HTTP', 'net-Bios', 'SMB', 'RDP', 'VNC', 'HTTP', 'MSSQL', 'MYSQL', 'Oracle', 'IMAP', 'HTTPS', 'POP3');
	var $por = array(0,21, 22, 23, 25, 53, 80, 139,445, 3389, 5901, 8080, 1433, 3306,1521, 143, 443, 110);

	public function runtime(){
		list($h,$c) = explode(' ',microtime());

## 再谈 CVE-2017-10271回显POC构造.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                jjf012
                / 再谈 CVE-2017-10271回显POC构造.md
            
            
              Last active
              February 7, 2023 12:40
            
          
    原文地址 https://www.cnblogs.com/afanti/p/10887381.html
之前写过反序列化报错回显。

远程server放恶意jar包，服务器去远程server来请求恶意jar包
利用defineClass加载byte[]返回Class对象
从这里找到回显的poc,这个poc用的就是方法2.

POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: 127.0.0.1:7001

  
## 360_safe3.asp
<%
'Code by safe3
On Error Resume Next
if request.querystring<>"" then call stophacker(request.querystring,"'|(and|or)\b.+?(>|<|=|in|like)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
if request.Form<>"" then call stophacker(request.Form,"\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
if request.Cookies<>"" then call stophacker(request.Cookies,"\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
ms()
function stophacker(values,re)
 dim l_get, l_get2,n_get,regex,IP
 for each n_get in values

## builtwith_re.py
import json
import os
import re
import requests
import requests.adapters
import requests.utils
import requests.exceptions
import sys

# from functools import partial

## qq_exmail_brute.py
# author : whoam1
# blog   : http://www.cnnetarmy.com/

import requests
import re
import rsa
import base64
import time
import random
import threading

## discuz_x3.4_getshell.py
#!/usr/bin/env python3
import base64
import random
import re
import string

import requests

sess = requests.Session()
randstr = lambda len=5: ''.join(random.choice(string.ascii_lowercase) for _ in range(len))
	<?php
	$blackDomain = array('localhost'); //屏蔽查询
	$blackIP = array('127', '27.151.'); //屏蔽查询内网IP

	class HccTools{
	var $typ = array(' 未知 ','FTP', 'SSH', 'TELNET', 'SMTP','DNS', 'HTTP', 'net-Bios', 'SMB', 'RDP', 'VNC', 'HTTP', 'MSSQL', 'MYSQL', 'Oracle', 'IMAP', 'HTTPS', 'POP3');
	var $por = array(0,21, 22, 23, 25, 53, 80, 139,445, 3389, 5901, 8080, 1433, 3306,1521, 143, 443, 110);

	public function runtime(){
	list($h,$c) = explode(' ',microtime());
	<%
	'Code by safe3
	On Error Resume Next
	if request.querystring<>"" then call stophacker(request.querystring,"'\|(and\|or)\b.+?(>\|<\|=\|in\|like)\|/\.+?\/\|<\s*script\b\|\bEXEC\b\|UNION.+?SELECT\|UPDATE.+?SET\|INSERT\s+INTO.+?VALUES\|(SELECT\|DELETE).+?FROM\|(CREATE\|ALTER\|DROP\|TRUNCATE)\s+(TABLE\|DATABASE)")
	if request.Form<>"" then call stophacker(request.Form,"\b(and\|or)\b.{1,6}?(=\|>\|<\|\bin\b\|\blike\b)\|/\.+?\/\|<\s*script\b\|\bEXEC\b\|UNION.+?SELECT\|UPDATE.+?SET\|INSERT\s+INTO.+?VALUES\|(SELECT\|DELETE).+?FROM\|(CREATE\|ALTER\|DROP\|TRUNCATE)\s+(TABLE\|DATABASE)")
	if request.Cookies<>"" then call stophacker(request.Cookies,"\b(and\|or)\b.{1,6}?(=\|>\|<\|\bin\b\|\blike\b)\|/\.+?\/\|<\s*script\b\|\bEXEC\b\|UNION.+?SELECT\|UPDATE.+?SET\|INSERT\s+INTO.+?VALUES\|(SELECT\|DELETE).+?FROM\|(CREATE\|ALTER\|DROP\|TRUNCATE)\s+(TABLE\|DATABASE)")
	ms()
	function stophacker(values,re)
	dim l_get, l_get2,n_get,regex,IP
	for each n_get in values
	import json
	import os
	import re
	import requests
	import requests.adapters
	import requests.utils
	import requests.exceptions
	import sys

	# from functools import partial
	# author : whoam1
	# blog : http://www.cnnetarmy.com/

	import requests
	import re
	import rsa
	import base64
	import time
	import random
	import threading
	#!/usr/bin/env python3
	import base64
	import random
	import re
	import string

	import requests

	sess = requests.Session()
	randstr = lambda len=5: ''.join(random.choice(string.ascii_lowercase) for _ in range(len))