JYso

It can be used as a tool for ysoserial and JNDIExploit at the same time, and has bypass functions of multiple JNDI high versions, WAF, and RASP.

Chinese Document | English

? Please be sure to take a moment to read this document, which will help you quickly become familiar with JYso!

? Use documentation wikis.

✔ Download the latest Releases.

• JNDI account password activation
• JNDI route hiding or encryption
• JNDI high version Bypass
• Customize the path, password, and authentication HTTP header and value of the memory horse.
• Memory horse supports file-free landing Agent entry
• Memory horses are written to JRE or environment variables to hide
• Serialized data plus dirty data
• Serialized data is encoded in UTF-8 corresponding to 3 bytes
• The _bytecodes feature of TemplatesImpl has been eliminated and its size reduced.
• Secondary deserialization of SignedObject can be used to bypass TemplatesImpl blacklist, CC numerous groups and blacklists that often appear in CTF, etc.
• To solve the problem that the Shiro Header header is too long, obtain the value of the specified parameter from the request for class loading.
• Dynamically generate obfuscated class names
• MSF/CS is online
• Code execution via JDBC

If you have any other great ideas be sure to let me know! ?

Download gradle8.7+ and configure it in the global environment variable, execute it in the project root directory

./gradlew shadowJar

See the directory structure description for more information.

JYso has now joined the CTStack community

JYso is a part of 404Team 404StarLink 2.0. If you have questions about JYso or want to find a partner to communicate, you can refer to the Starlink group joining project.

• https://github.com/knownsec/404StarLink2.0-Galaxy#community

1. Selected for the 2024 KCon Weapons Spectrum

• https://github.com/veracode-research/rogue-jndi
• https://github.com/welk1n/JNDI-Injection-Exploit
• https://github.com/welk1n/JNDI-Injection-Bypass
• https://github.com/WhiteHSBG/JNDIExploit
• https://github.com/su18/ysoserial
• https://github.com/rebeyond/Behinder
• https://github.com/Whoopsunix/utf-8-overlong-encoding
• https://github.com/mbechler/marshalsec
• https://t.zsxq.com/17LkqCzk8
• https://mp.weixin.qq.com/s/fcuKNfLXiFxWrIYQPq7OCg
• https://xz.aliyun.com/t/11640?time__1311=mqmx0DBDuDnQ340vo4%2BxCwg%3DQai%3DYzaq4D&alichlgref=https%3A%2F%2Fxz.aliyun.com%2Fu%2F8697
• https://archive.conference.hitb.org/hitbsecconf2021sin/sessions/make-jdbc-attacks-brilliant-again/
• https://tttang.com/archive/1405/#toc_0x03-jdbc-rce
• https://xz.aliyun.com/t/10656?time__1311=mq%2BxBDy7G%3DLOD%2FD0DoYg0%3DDR0HG8KeD&alichlgref=https%3A%2F%2Ftttang.com%2F#toc-7
• https://whoopsunix.com/docs/PPPYSO/advance/UTFMIX/
• https://tttang.com/archive/1405/#toc_groovyclassloader
• https://xz.aliyun.com/t/10656?time__1311=mq%2BxBDy7G%3DLOD%2FD0DoY4AKqiKD%3DOQjqx&alichlgref=https%3A%2F%2Ftttang.com%2F
• https://www.leavesongs.com/PENETRATION/use-tls-proxy-to-exploit-ldaps.html
• https://tttang.com/archive/1405/#toc_druid