Coder Social home page Coder Social logo

heapdump_tool's People

Contributors

wyzxxz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

0xsb ifishzz 0neatsec rassec slooppe 0ps 9tail123 ice-001 bingpo lovetrap laowang1026 geekmc harry1080 ethancck liang2580 jasonlou fanyibo2009 j5s whizsail sesyi yshdxm r1dd1er bbhunter gysf666 lnm3000 5l1v3r1 n407pengyuyan mr-lit dk47os3r 1amfine2333 tollytu lfz97 secjia transferhhh amakerlee 0x24bin ios1024 sry309 0xss toolsec explore-c listenquiet crackercat ztohacker zkasdla111 afwu fj2m3iko kenuosec sec-fork sunian19 evi1hack lyrhy y4tacker wh1teze klinklinklin anttutu mytfx aqimmm jayway007 wulasite huifeidebaba at0the thecryinggame ww6453 dogadmin dontian122 xiumulty hissec lvwenda s-hak holalahy tttttint 30579096 ahlo666 d4rkduck jungley1 lay0us1 qianniaoge linyunbin claynu startagain2016 ddwgege atomxw gaily1 runchenz pyking ofalwl sholway kenuoseclab liuliujiu zo-zero-one yx2124538 viki1998 12121212232323232323 ddostest123 t0s7 nanaao ashthes shuai19980 hirak0

heapdump_tool's Issues

运行报错

jhat fail.
error message: Error occurred during initialization of VM
Could not reserve enough space for object heap

请问这种情况如何解决?

运行错误

file: heapdump
[-] Start jhat, waiting...
find compressed file. start unzip file...
java.util.zip.ZipException: Not in GZIP format
at java.util.zip.GZIPInputStream.readHeader(GZIPInputStream.java:165)
at java.util.zip.GZIPInputStream.(GZIPInputStream.java:79)
at java.util.zip.GZIPInputStream.(GZIPInputStream.java:91)
at heapdump.Main.unZipFiles(Main.java:1903)
at heapdump.Main.checkServer(Main.java:1406)
at heapdump.Main.main(Main.java:102)
请手工解压 heapdump 文件后尝试
jhat fail.
error message: Reading from heapdump...
java.io.IOException: Unrecognized magic number: 1013084704
at com.sun.tools.hat.internal.parser.Reader.readFile(Reader.java:94)
at com.sun.tools.hat.Main.main(Main.java:159)

建议添加shiro key寻找

在springboot 环境中,经常见到env泄露并同时使用shiro的情况,根据原理可知,shiro在1.8之前知道密钥就可以进行反序列化攻击,并且利用条件极低。
select * from org.apache.shiro.web.mgt.CookieRememberMeManager
image

解密代码如下
image

import sun.misc.BASE64Encoder;

public class ShiroBytesKey_decode {
    public static void main(String[] args) {
        byte[] base =  new byte[]{48,68,92,126,-107,51,-26,-84,-92,38,44,98,112,-16,5,124} ;

        String base64 = Base64Utils.encode(base);
        System.out.println(base64);



        System.out.println(new BASE64Encoder().encode(base));
    }
}

Unrecognized heap dump sub-record type: 202

don't know why....

[-] file: heapdump
[-] Start jhat, waiting...
jhat fail.
error message: Reading from heapdump...
Dump file created Sat Nov 12 16:02:56 CST 2022
java.io.IOException: Unrecognized heap dump sub-record type:  202
        at com.sun.tools.hat.internal.parser.HprofReader.readHeapDump(HprofReader.java:506)
        at com.sun.tools.hat.internal.parser.HprofReader.read(HprofReader.java:238)
        at com.sun.tools.hat.internal.parser.Reader.readFile(Reader.java:92)
        at com.sun.tools.hat.Main.main(Main.java:159)


[-] exit.

模式1所有操作无回显

java -version

openjdk version "1.8.0_312"
OpenJDK Runtime Environment (Alibaba Dragonwell 8.9.10) (build 1.8.0_312-b01)
OpenJDK 64-Bit Server VM (Alibaba Dragonwell 8.9.10) (build 25.312-b01, mixed mode)

尝试了多个jdk8发行版
test

error

root@archlinux ~# java -jar heapdump_tool.jar heapdump
??? jhat

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.