-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
shiroha
committed
Jul 18, 2023
1 parent
3dc1c49
commit d4fc86a
Showing
298 changed files
with
62,108 additions
and
41 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Agent | ||
|
|
||
| 只是一个普通的Java agent,使用方法为 `java -jar Agent.jar [pid] [jarFile]` | ||
|
|
||
| 当以 systemctl start 方式启动 jar ,且目标开启了 `PrivateTemp` 的时候,其 **.java_pid{pid}** 文件不在 `/tmp` 目录下,而是在 `/tmp/system-xxx-yyy.service-zzz/tmp` 下,导致 agent 无法找到 socks 通信,也就无法 attach 到目标上。 | ||
| 基于此,将 `sun.tool.attach.LinuxVirtualMachine` 重写为 MyLVM 类,需要利用时: | ||
| 1. 将 sun.tools.attach.MyLVM 中的 `public static String tmpdir = "/tmp/";` 更改为目标 `.java_pid{pid}` 所在的=目录 | ||
| 2. 修改 `AgentMain.java` , 使用 `UseMyLVM(id, jarName)` 函数,注释掉另一个 | ||
| ```java | ||
| UseMyLVM(id, jarName); | ||
| // UseNativeVM(id, jarName); | ||
| ``` | ||
| 3. 编译,注入 | ||
|
|
||
| ## 参考文章 | ||
| attach 相关原理可以看: | ||
| 1. [源码解析 java attach](https://www.cnblogs.com/Jack-Blog/p/15026267.html) | ||
| 2. [JVM源码分析之Attach机制实现完全解读](https://mp.weixin.qq.com/s?__biz=MzIzNjI1ODc2OA==&mid=2650886799&idx=1&sn=108c5fdfcd2695594d4f80ff02fc9a70&mpshare=1&scene=21&srcid=0114WsKpUmDXhRtqy8x7JX5w#wechat_redirect) | ||
| 3. [Systemd Unit文件中PrivateTmp字段详解-Jason.Zhi](https://www.cnblogs.com/lihuobao/p/5624071.html) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <groupId>org.example</groupId> | ||
| <artifactId>shiroAgent</artifactId> | ||
| <version>1.0-SNAPSHOT</version> | ||
|
|
||
| <properties> | ||
| <maven.compiler.source>8</maven.compiler.source> | ||
| <maven.compiler.target>8</maven.compiler.target> | ||
| </properties> | ||
|
|
||
| <dependencies> | ||
| <dependency> | ||
| <groupId>io.earcam.wrapped</groupId> | ||
| <artifactId>com.sun.tools.attach</artifactId> | ||
| <version>1.8.0_jdk8u172-b11</version> | ||
| </dependency> | ||
| <!-- https://mvnrepository.com/artifact/org.javassist/javassist --> | ||
| <!-- <dependency>--> | ||
| <!-- <groupId>com.sun</groupId>--> | ||
| <!-- <artifactId>tools</artifactId>--> | ||
| <!-- <version>1.8.0</version>--> | ||
| <!-- <scope>system</scope>--> | ||
| <!-- <systemPath>/Library/Java/JavaVirtualMachines/jdk1.8.0_351.jdk/Contents/Home/lib/tools.jar</systemPath>--> | ||
| <!-- </dependency>--> | ||
|
|
||
| </dependencies> | ||
|
|
||
|
|
||
|
|
||
| </project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| import com.sun.tools.attach.AttachNotSupportedException; | ||
| import com.sun.tools.attach.VirtualMachine; | ||
| import com.sun.tools.attach.spi.AttachProvider; | ||
| import sun.tools.attach.MyLVM; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| public class AgentMain { | ||
| public static void main(String[] args) throws Exception { | ||
| String id = args[0]; | ||
| String jarName = args[1]; | ||
|
|
||
| System.out.println("id ==> " + id); | ||
| System.out.println("name ==> " + jarName); | ||
|
|
||
| // UseMyLVM(id, jarName); | ||
| UseNativeVM(id, jarName); | ||
| } | ||
|
|
||
| public static void UseMyLVM(String id, String jarName) throws Exception { | ||
| List<AttachProvider> providers = AttachProvider.providers(); | ||
| for (AttachProvider provider: providers) { | ||
| try { | ||
| System.out.println(provider.name()); | ||
| VirtualMachine virtualMachine = MyLVM.NewMyLVM(provider, id); | ||
| System.out.println("attach!"); | ||
| virtualMachine.loadAgent(jarName); | ||
| virtualMachine.detach(); | ||
|
|
||
| System.out.println("ends"); | ||
| return ; | ||
| } catch (AttachNotSupportedException x) { | ||
| x.printStackTrace(); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| public static void UseNativeVM(String id, String jarName) throws Exception { | ||
| try { | ||
| VirtualMachine virtualMachine = VirtualMachine.attach(id); | ||
| System.out.println("attach!"); | ||
| virtualMachine.loadAgent(jarName); | ||
| virtualMachine.detach(); | ||
|
|
||
| System.out.println("ends"); | ||
| } catch (AttachNotSupportedException x) { | ||
| x.printStackTrace(); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.