View Issue Details

IDProjectCategoryView StatusLast Update
0001247Kali LinuxQueued Tool Additionpublic2021-05-18 11:02
Reporterg0tmi1k Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version2017.2 
Summary0001247: Add Jsp File Browser v1.2 - JSP web shell
Description

Name: Jsp File Browser
Version: 1.2 (2006-07-22)
Homepage: http://www.vonloesch.de/filebrowser.html
Download: http://www.vonloesch.de/files/browser.zip
License: GPL
Description:

An easy to use and easy to install file browser java server page. This JSP program allows remote web-based file access and manipulation.
Features:

  • Main Screen (Dir viewer) with preview of directory 1.
  • Free to use and modify under the terms of the GPL license
  • Create, copy, move, rename and delete files and directories
  • Shortkeys
  • View Files (pictures, movies, pdf, html,...)
  • Javascript filename filter
  • Edit textfiles
  • Upload files to the server (Status via Upload monitor)
  • Download files from the server
  • Download groups of files and folders as a single zip file that is created on the fly
  • Execute native commands on the server (e.g ls, tar, chmod,...)
  • View entries and unpack zip, jar, war and gz files on the server
  • Just one file, very easy to install (in fact, just copy it to the server)
  • Customizable layout via css file
  • Restrict file access via black or whitelist
  • Changeable to a read-only (with or without upload) solution

Jsp file browser should work on any JSP1.1 compatible server (e.g. Tomcat>=3.0), I have tested it on Tomcat 4.0 and 5.5, Resin 2.1.7 and Jetty.

Additional Information

Web shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because:

  • There are various PHP shells already in Kali, however - not as many JSP,
  • There is an 'official homepage',
  • It hasn't been modified/encoded to include a 'backdoor',
  • The features that it offers (all of which could be used in a CTF, pentest, or remote network admin).
  • The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest)
  • The ones which are offered in Kali by default are 'simple'. This has various features that are lacking in the current selection.
    ++ /usr/share/webshells/jsp/
    ++ /usr/share/laudanum/jsp/

Activities

rhertzog

rhertzog

2017-07-08 18:17

administrator   ~0006889

Waiting ack from g0tmi1k.

g0tmi1k

g0tmi1k

2017-07-18 12:53

administrator   ~0006910

Ack. This should be added.

The ones which are offered in Kali by default are 'simple' (just command execution).

  • /usr/share/webshells/jsp/
  • /usr/share/laudanum/jsp/

This has various features that are lacking in the current selection:

  • Fully Featured File Browser (Viewing, uploading, download, editing and more)
sbrun

sbrun

2017-08-31 13:27

manager   ~0007220

It seems to me that all the features of jsp are already available in b374k. The latter needs only PHP and apache, thus it is much lighter than having to run a full application server.

What do you think?

dookie

dookie

2017-08-31 15:17

reporter   ~0007228

b374k is only a PHP shell, whereas this proposed one is for JSP. We definitely want both.

sbrun

sbrun

2017-09-07 08:39

manager   ~0007253

jsr-file-browser version 1.2-0kali1 is in kali-rolling

Issue History

Date Modified Username Field Change
2014-05-20 08:26 g0tmi1k New Issue
2014-06-04 15:19 karkassa Issue cloned: 0001347
2016-09-18 11:57 g0tmi1k Description Updated
2017-06-22 14:00 g0tmi1k Assigned To => sbrun
2017-06-22 14:00 g0tmi1k Status new => assigned
2017-07-08 18:17 rhertzog Status assigned => feedback
2017-07-08 18:17 rhertzog Note Added: 0006889
2017-07-18 12:53 g0tmi1k Note Added: 0006910
2017-07-18 12:53 g0tmi1k Status feedback => assigned
2017-07-18 13:49 g0tmi1k Status assigned => new
2017-07-18 13:49 g0tmi1k Summary Jsp File Browser 1.2 - JSP web shell => Add Jsp File Browser v1.2 - JSP web shell
2017-07-18 14:05 g0tmi1k Status new => assigned
2017-08-31 13:27 sbrun Note Added: 0007220
2017-08-31 15:17 dookie Note Added: 0007228
2017-09-07 08:39 sbrun Status assigned => resolved
2017-09-07 08:39 sbrun Resolution open => fixed
2017-09-07 08:39 sbrun Note Added: 0007253
2017-09-07 12:53 g0tmi1k Fixed in Version => 2017.2
2021-05-18 11:02 g0tmi1k Category New Tool Requests => Queued Tool Addition