Recently discovered in the company's internal network while using ElasticSearch, so I looked into it. Vulnerability Principle ElasticSearc…

Recently discovered in the company's internal network while using ElasticSearch, so I looked into it. Vulnerability Principle ElasticSearc…

Reference: https://github.com/lemono0/FastJsonPart Focus on reproducing a process to understand the vulnerability exploitation flow. There…

启动环境，访问站点，抓取登陆处的包 删除右括号，报错 报错探测 fastjson 的版本 Copy { "@type": "java.lang.AutoCloseable" 版本为 1.2.68 此环境可以配合 Mysql-JDBC 反序列化打 fastjson 参考…

Vulnerability Exploitation Reference: https://github.com/lemono0/FastJsonPart Focus on reproducing a process to understand the…

Exploit Reference: https://github.com/lemono0/FastJsonParty/blob/main/1247-waf-c3p0/write-up.md Focus on reproducing a process to understand…

主打一个过程复现，理解漏洞利用流程，网上很多大佬的文章，文章写的很好，但作为基础学习还是不够（特别是用 idea 编译 java 文件，如何解决依赖等基础问题，-__-|.），所以就把自己复现过程的流程写下。

Certify是一套难度为中等的靶场环境，完成该挑战可以帮助玩家了解内网渗透中的代理转发、内网扫描、信息收集、特权提升以及横向移动技术方法，加强对域环境核心认证机制的理解，以及掌握域环境渗透中一些有趣的技术要点。该靶场共有4个flag，分布于不同的靶机。

Preface Recently, I had some time to open my home computer, so I started conducting experiments on the GOAD target environment. The write…