Skip to content

FilterBased/ServletBased in memory shell for Tomcat and some other middlewares

Notifications You must be signed in to change notification settings

feihong-cs/memShell

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Java memShell

Supported Middleware

  • Tomcat
    Tested on 7.0.34, 7.0.54, 7.0.70, 7.0.96, 7.0.104, 8.0.18, 8.0.32, 8.0.48, 8.5.12, 8.5.30, 8.5.56, 9.0.16, 9.0.33
  • Weblogic
    Tested on 10.3.6.0, 12.1.3.0.0
  • JBoss/Wildfly
    Tested on 8.0.0.Final, 18.0.0.Final, 21.0.0.Beta1
  • Jetty
    Tested on 9.4.30.v20200611, 9.3.28.v20191105, 9.2.29.v20191105, 9.1.6.v20160112, failed on earlier versions
  • Websphere
    Tested on Websphere Applicaton Server v8.5 and v9.0
  • Spring (not a middleware but a framework)
    Tested on SpringMVC 5.2.10.RELEASE, 5.0.8.RELEASE, 4.3.28.RELEASE, 4.0.5.RELEASE, 3.2.3.RELEASE, 3.0.5.RELEASE

Reference

Tomcat源代码调试:看不见的Shell第一式
基于tomcat的内存 Webshell 无文件攻击技术
动态注册之Servlet+Filter+Listener
基于Tomcat无文件Webshell研究
tomcat不出网回显连续剧第六集
tomcat结合shiro无文件webshell的技术研究以及检测方法
冰蝎改造之适配基于tomcat Filter的无文件webshell


If you hava any suggestions, feel free to open an issue or send me email at [email protected]