Looking forward to learning Weblogic deserialization
I was thinking about downloading the webloigc environment by myself, but I didn't get it done for a long time. I didn't know the fragrance of tools when I was young.
I chose to build in docker, and then use idea for remote debugging.
Weblogic download address, I downloaded 10.3.6.0
jdk7 download address
First of all, a docker environment is required.
Then create two new directories under the root directory of the tool, namely jdks and weblogics. As shown in the figure,
put the downloaded jdk into the jdks directory, and put the downloaded weblogic into the weblogics directory
Enter the root directory of the tool and execute the following command
docker build --build-arg JDK_PKG=jdk-7u21-linux-x64.tar.gz --build-arg WEBLOGIC_JAR=wls1036_generic.jar -t weblogic1036jdk7u21 .
After the execution is completed, the weblogic environment has been set up
Then start the container.
docker run -d -p 7001:7001 -p 8453:8453 -p 5556:5556 --name weblogic1036jdk7u21 weblogic1036jdk7u21
There is another way. There are some sh files in the tools directory, as follows. The naming is very clear. The sh file in the box in the figure below indicates that weblogic10.3.6 and jdk6 are installed. But the so-called one-click build.
After installation. We need to obtain some files needed for debugging. The following commands must be executed in the root directory of the tool.
mkdir -p ./middleware/coherence_3.7/lib docker cp weblogic1036jdk7u21:/u01/app/oracle/middleware/modules ./middleware/ docker cp weblogic1036jdk7u21:/u01/app/oracle/middleware/wlserver ./middleware/ docker cp weblogic1036jdk7u21:/u01/app/oracle/middleware/coherence_3.7/lib ./middleware/coherence_3.7/lib
After execution, there will be a middleware directory, which should look like the following figure, copy this directory to the physical machine.
After setting up, open the idea and test whether it can be debugged remotely.
Create a new empty Java project, and then add library files, as shown below.
Just add modules and wlserver in turn. Then you can see the package on the left.
Set up remote debugging
Create a new Remote.
Write the IP and port.
Then click the shift key three times to search for the class InboundMsgAbbrev.
Find the readObject method and add a breakpoint.
Turn on debugging
and use weblogicscan to scan for vulnerabilities
Then found that the breakpoint was not broken. . .
Then restarted the docker, and then scanned again, successfully broken
Weblogic in my eyes
to be continued. . . .