• Stars
    star
    213
  • Rank 185,410 (Top 4 %)
  • Language
    Java
  • Created over 5 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.

HideShell

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs. JSPs hidden by hideshell.jsp remain accessbile until the next reboot of Tomcat instance.

Environments tested

  • Tomcat 7
  • Tomcat 8

How it works?

TL;DR

Hideshell.jsp hides JSP files by simply deleting them, while persuading Tomcat into believing that files are still there, thus serving them as usual.

More Repositories

1

BrowserGhost

这是一个抓取浏览器密码的工具,后续会添加更多功能
C#
1,380
star
2

LuWu

红队基础设施自动化部署工具
Python
843
star
3

WeblogicEnvironment

Weblogic环境搭建工具
Shell
766
star
4

sharpwmi

sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
C#
707
star
5

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.
C++
584
star
6

CobaltStrike-Toolset

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
PowerShell
518
star
7

EventLogMaster

Cobalt Strike插件 - RDP日志取证&清除
PowerShell
358
star
8

ptrace

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
C
236
star
9

PandaSniper

Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物
C#
219
star
10

redis_lua_exploit

Python
145
star
11

NtlmSocks

a pass-the-hash tool
Go
107
star
12

SerialWriter

SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
Java
101
star
13

ptyshell

A reverse PTY shell in C
C
100
star
14

openssh-7.6p1-patch

a patched sshd for red team activities
C
81
star
15

getpass

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz
C++
76
star
16

dcpwn

an impacket-dependent script exploiting CVE-2019-1040
Python
72
star
17

mscache

a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacket
Python
67
star
18

KerberosUserEnum

Kerberos accounts enumeration taking advantage of AS-REQ
Python
43
star
19

Papers

Papers
34
star
20

CVE-2018-20250

010 Editor template for ACE archive format & CVE-2018-2025[0-3]
Python
25
star
21

sunburst_decoder

SUNBURST DGA decoder
C#
11
star
22

cisco_ppc_rsp

A debugger in Python for Cisco c3560
Python
10
star