Fastjson-ForwardShell
Breaking fastjson with forward shell
Original repository from: IppSec’s Forward-shell
Overview
-
fastjson-BypassLB.py
LB means load balancing, some website has fastjson RCE vulnerability which is handling by Nginx load balancing, also with internet inaccessible (freaking annoy).
(I used it when I joining chinese cyber storm.)
-
fastjson-NoLB.py
Means no bypass load balancing function in this script.
Usage
- Upgrade (spawn forward TTY shell)
- Upload (only fastjson-BypassLB.py has this function)