Skip to content

Latest commit

 

History

History
87 lines (63 loc) · 3.89 KB

README.en.md

File metadata and controls

87 lines (63 loc) · 3.89 KB

JYso

It can be used as a tool for ysoserial and JNDIExploit at the same time, and has the bypass function of multiple JNDI high versions, WAF, and RASP

🚀 Getting Started Guide

📢 Please take a moment to read this document, it will help you quickly get familiar with JYso!

🧐 Use the Documentation Wiki.

✔ Download the latest version of Releases.

👍 Features

  • JNDI account password startup
  • JNDI route hiding or encryption
  • JNDI high version Bypass
  • Customize the path, password, HTTP header and value of the memory horse
  • Memory horse supports Fileless landing Agent insertion
  • Memory horse writes JRE or environment variables to hide
  • Serialized data plus dirty data
  • Serialized data is encoded in UTF-8 corresponding to 3 bytes
  • TemplatesImpl _bytecodes feature eliminated and size reduced
  • SignedObject secondary deserialization, can be used to bypass TemplatesImpl blacklist, CC without array and blacklist often seen in CTF, etc.
  • Solve the problem of Shiro Header being too long, get the value of the specified parameter from the request for class loading
  • Dynamically generate obfuscated class names
  • MSF/CS online
  • Code execution through JDBC

If you have other great ideas, please let me know! 😎

🐯 Compile

Download gradle8.7+ and configure it in the global environment variable, and execute it in the project root directory

./gradlew shadowJar

🌲Directory structure

For more information, please refer to Directory structure description.

✨ CTStack

JYso has joined the CTStack community

✨ 404StarLink 2.0 - Galaxy

JYso is a member of the 404Team 404StarLink 2.0. If you have questions about JYso or want to find a partner to communicate, you can refer to the Starlink group project.

  1. 入选2024年KCon兵器谱

📷 Acknowledgements