2017-09-23 00:14 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001247Kali Linux[All Projects] New Tool Requestspublic2017-09-07 12:53
Reporterg0tmi1k 
Assigned Tosbrun 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
Product Version 
Target VersionFixed in Version2017.2 
Summary0001247: Add Jsp File Browser v1.2 - JSP web shell
DescriptionName: Jsp File Browser
Version: 1.2 (2006-07-22)
Homepage: http://www.vonloesch.de/filebrowser.html
Download: http://www.vonloesch.de/files/browser.zip
License: GPL
Description:

An easy to use and easy to install file browser java server page. This JSP program allows remote web-based file access and manipulation.
Features:
* Main Screen (Dir viewer) with preview of directory 1.
* Free to use and modify under the terms of the GPL license
* Create, copy, move, rename and delete files and directories
* Shortkeys
* View Files (pictures, movies, pdf, html,...)
* Javascript filename filter
* Edit textfiles
* Upload files to the server (Status via Upload monitor)
* Download files from the server
* Download groups of files and folders as a single zip file that is created on the fly
* Execute native commands on the server (e.g ls, tar, chmod,...)
* View entries and unpack zip, jar, war and gz files on the server
* Just one file, very easy to install (in fact, just copy it to the server)
* Customizable layout via css file
* Restrict file access via black or whitelist
* Changeable to a read-only (with or without upload) solution

Jsp file browser should work on any JSP1.1 compatible server (e.g. Tomcat>=3.0), I have tested it on Tomcat 4.0 and 5.5, Resin 2.1.7 and Jetty.
Additional InformationWeb shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because:
* There are various PHP shells already in Kali, however - not as many JSP,
* There is an 'official homepage',
* It hasn't been modified/encoded to include a 'backdoor',
* The features that it offers (all of which could be used in a CTF, pentest, or remote network admin).
* The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest)
+ The ones which are offered in Kali by default are 'simple'. This has various features that are lacking in the current selection.
++ /usr/share/webshells/jsp/
++ /usr/share/laudanum/jsp/
Attached Files

-Relationships
+Relationships

-Notes

~0006889

rhertzog (administrator)

Waiting ack from g0tmi1k.

~0006910

g0tmi1k (administrator)

Ack. This should be added.


The ones which are offered in Kali by default are 'simple' (just command execution).

* /usr/share/webshells/jsp/
* /usr/share/laudanum/jsp/

This has various features that are lacking in the current selection:

* Fully Featured File Browser (Viewing, uploading, download, editing and more)

~0007220

sbrun (manager)

It seems to me that all the features of jsp are already available in b374k. The latter needs only PHP and apache, thus it is much lighter than having to run a full application server.

What do you think?

~0007228

dookie (administrator)

b374k is only a PHP shell, whereas this proposed one is for JSP. We definitely want both.

~0007253

sbrun (manager)

jsr-file-browser version 1.2-0kali1 is in kali-rolling
+Notes

-Issue History
Date Modified Username Field Change
2014-05-20 08:26 g0tmi1k New Issue
2014-06-04 15:19 karkassa Issue cloned: 0001347
2016-09-18 11:57 g0tmi1k Description Updated View Revisions
2017-06-22 14:00 g0tmi1k Assigned To => sbrun
2017-06-22 14:00 g0tmi1k Status new => assigned
2017-07-08 18:17 rhertzog Status assigned => feedback
2017-07-08 18:17 rhertzog Note Added: 0006889
2017-07-18 12:53 g0tmi1k Note Added: 0006910
2017-07-18 12:53 g0tmi1k Status feedback => assigned
2017-07-18 13:49 g0tmi1k Status assigned => new
2017-07-18 13:49 g0tmi1k Summary Jsp File Browser 1.2 - JSP web shell => Add Jsp File Browser v1.2 - JSP web shell
2017-07-18 14:05 g0tmi1k Status new => assigned
2017-08-31 13:27 sbrun Note Added: 0007220
2017-08-31 15:17 dookie Note Added: 0007228
2017-09-07 08:39 sbrun Status assigned => resolved
2017-09-07 08:39 sbrun Resolution open => fixed
2017-09-07 08:39 sbrun Note Added: 0007253
2017-09-07 12:53 g0tmi1k Fixed in Version => 2017.2
+Issue History