Comments (6)
不出网环境下可以用RevSuitRMI来解决域名依赖的问题,你试下搭一个RMI的环境,是不是符合你的要求
from log4j2scan.
测试了没成功,提示这个信息:
Create RevSuit rmi rule 'palgts' succeed!
Service-side RevSuit unsupported batch check!
Log4j2Scan loaded successfully!
from log4j2scan.
是成功了的,只是你的服务端不支持一个增强功能
from log4j2scan.
重新检查和设置了一遍插件里的参数,确实有RMI请求并且提示检查到了漏洞。在内网里,DNS协议相比RMI(TCP)协议,是否穿透性更好一点?
from log4j2scan.
重新检查和设置了一遍插件里的参数,确实有RMI请求并且提示检查到了漏洞。在内网里,DNS协议相比RMI(TCP)协议,是否穿透性更好一点?
理论上穿透性将会更好,请问你那边有没有对应包含webapi的dns server的推荐
from log4j2scan.
重新检查和设置了一遍插件里的参数,确实有RMI请求并且提示检查到了漏洞。在内网里,DNS协议相比RMI(TCP)协议,是否穿透性更好一点?
理论上穿透性将会更好,请问你那边有没有对应包含webapi的dns server的推荐
我看了下,revsuit的txt记录好像可以兼容jndi:dns://xxx/payload
将考虑在后续版本加入
from log4j2scan.
Related Issues (20)
- 建议增加对 JNDIScan支持 HOT 1
- 希望可以填入指定的ip和端口
- 建议添加GoDnslog端口号的选项
- 自定义head头 HOT 2
- 遇到会ceye上出现记录了,但是burp上一直没有显示,会有很长时间的延迟,有时候长有时候短 HOT 2
- 问题 HOT 1
- 已不兼容burpsuite 2022.9.1 HOT 8
- 为什么我设置了revsuit rmi 但是探测仍然是使用的dnslog呢? HOT 3
- 问题 HOT 1
- method GET must not have a request body. HOT 1
- 自定义添加poc HOT 13
- dnslog其他格式
- 导入时报错 HOT 1
- 黑名单机制
- 最新版主被动扫描都无法进行-errors报错如下 HOT 1
- dnslog平台dig.pm加载插件时,获取域名失败 HOT 6
- 目前dig平台已经恢复,但是插件获取dig依然会报错,这个问题在一周多之前已经发现,当时dig是正常的 HOT 1
- 使用了Enable Ex-request选项之后如何看到报文信息哈? HOT 1
- 请作者将此bypass waf poc加入到插件中 ,可以bypasswaf Cloudflare 的waf防护
- 无任何探测请求 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4j2scan.