Jump to content
adi003user

pwnshell

By adi003user, in Programe hacking

Recommended Posts

adi003user Newbie

adi003user

Posted
Posted

If you’ve got arbitrary file uploads to a J2EE web accessible directory, you need something to maximize your compromise. The world needs a JSP shell that really helps a blackbox attacker pivot to important assets, so I took a stab at it. It’s called quite lamely called pwnshell. It’s a single JSP that, when browsed to, delivers the user a Web 2.0 shell for the victimized server. Great for demos! The shell is here.

How do you use it?

1. Upload it to the victim server (try it on a local Tomcat server!)

2. Browse to it

3. Pretend you’re on looking at xterm

Where does it work?

- Works across platform

- Works on Java 1.5+ (probably 1.4 too, but I haven’t tested)

Why would you use it?

- Browse around the system (as the web application system user)

- Execute arbitrary system commands (it’s a shell, after all)

- Show and alter session variables

- Dump JNDI entries

Here are some screenshots of the shell in action. The first one shows simple directory browsing. Notice all those directory links are clickable! This makes for a weird Explorer-like interface.

Download

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...