View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001247||Kali Linux||[All Projects] New Tool Requests||public||2014-05-20 08:26||2017-09-07 12:53|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version||2017.2|
|Summary||0001247: Add Jsp File Browser v1.2 - JSP web shell|
|Description||Name: Jsp File Browser|
Version: 1.2 (2006-07-22)
An easy to use and easy to install file browser java server page. This JSP program allows remote web-based file access and manipulation.
* Main Screen (Dir viewer) with preview of directory 1.
* Free to use and modify under the terms of the GPL license
* Create, copy, move, rename and delete files and directories
* View Files (pictures, movies, pdf, html,...)
* Edit textfiles
* Upload files to the server (Status via Upload monitor)
* Download files from the server
* Download groups of files and folders as a single zip file that is created on the fly
* Execute native commands on the server (e.g ls, tar, chmod,...)
* View entries and unpack zip, jar, war and gz files on the server
* Just one file, very easy to install (in fact, just copy it to the server)
* Customizable layout via css file
* Restrict file access via black or whitelist
* Changeable to a read-only (with or without upload) solution
Jsp file browser should work on any JSP1.1 compatible server (e.g. Tomcat>=3.0), I have tested it on Tomcat 4.0 and 5.5, Resin 2.1.7 and Jetty.
|Additional Information||Web shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because:|
* There are various PHP shells already in Kali, however - not as many JSP,
* There is an 'official homepage',
* It hasn't been modified/encoded to include a 'backdoor',
* The features that it offers (all of which could be used in a CTF, pentest, or remote network admin).
* The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest)
+ The ones which are offered in Kali by default are 'simple'. This has various features that are lacking in the current selection.
||Waiting ack from g0tmi1k.|
Ack. This should be added.
The ones which are offered in Kali by default are 'simple' (just command execution).
This has various features that are lacking in the current selection:
* Fully Featured File Browser (Viewing, uploading, download, editing and more)
It seems to me that all the features of jsp are already available in b374k. The latter needs only PHP and apache, thus it is much lighter than having to run a full application server.
What do you think?
||b374k is only a PHP shell, whereas this proposed one is for JSP. We definitely want both.|
||jsr-file-browser version 1.2-0kali1 is in kali-rolling|
|2014-05-20 08:26||g0tmi1k||New Issue|
||Issue cloned: 0001347|
|2016-09-18 11:57||g0tmi1k||Description Updated||View Revisions|
|2017-06-22 14:00||g0tmi1k||Assigned To||=> sbrun|
|2017-06-22 14:00||g0tmi1k||Status||new => assigned|
|2017-07-08 18:17||rhertzog||Status||assigned => feedback|
|2017-07-08 18:17||rhertzog||Note Added: 0006889|
|2017-07-18 12:53||g0tmi1k||Note Added: 0006910|
|2017-07-18 12:53||g0tmi1k||Status||feedback => assigned|
|2017-07-18 13:49||g0tmi1k||Status||assigned => new|
|2017-07-18 13:49||g0tmi1k||Summary||Jsp File Browser 1.2 - JSP web shell => Add Jsp File Browser v1.2 - JSP web shell|
|2017-07-18 14:05||g0tmi1k||Status||new => assigned|
|2017-08-31 13:27||sbrun||Note Added: 0007220|
|2017-08-31 15:17||dookie||Note Added: 0007228|
|2017-09-07 08:39||sbrun||Status||assigned => resolved|
|2017-09-07 08:39||sbrun||Resolution||open => fixed|
|2017-09-07 08:39||sbrun||Note Added: 0007253|
|2017-09-07 12:53||g0tmi1k||Fixed in Version||=> 2017.2|