View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001247 | Kali Linux | [All Projects] Queued Tool Addition | public | 2014-05-20 08:26 | 2021-05-18 11:02 |
| Reporter | g0tmi1k | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Target Version | Fixed in Version | 2017.2 | |||
| Summary | 0001247: Add Jsp File Browser v1.2 - JSP web shell | ||||
| Description | Name: Jsp File Browser Version: 1.2 (2006-07-22) Homepage: http://www.vonloesch.de/filebrowser.html Download: http://www.vonloesch.de/files/browser.zip License: GPL Description: An easy to use and easy to install file browser java server page. This JSP program allows remote web-based file access and manipulation. Features: * Main Screen (Dir viewer) with preview of directory 1. * Free to use and modify under the terms of the GPL license * Create, copy, move, rename and delete files and directories * Shortkeys * View Files (pictures, movies, pdf, html,...) * Javascript filename filter * Edit textfiles * Upload files to the server (Status via Upload monitor) * Download files from the server * Download groups of files and folders as a single zip file that is created on the fly * Execute native commands on the server (e.g ls, tar, chmod,...) * View entries and unpack zip, jar, war and gz files on the server * Just one file, very easy to install (in fact, just copy it to the server) * Customizable layout via css file * Restrict file access via black or whitelist * Changeable to a read-only (with or without upload) solution Jsp file browser should work on any JSP1.1 compatible server (e.g. Tomcat>=3.0), I have tested it on Tomcat 4.0 and 5.5, Resin 2.1.7 and Jetty. | ||||
| Additional Information | Web shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because: * There are various PHP shells already in Kali, however - not as many JSP, * There is an 'official homepage', * It hasn't been modified/encoded to include a 'backdoor', * The features that it offers (all of which could be used in a CTF, pentest, or remote network admin). * The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest) + The ones which are offered in Kali by default are 'simple'. This has various features that are lacking in the current selection. ++ /usr/share/webshells/jsp/ ++ /usr/share/laudanum/jsp/ | ||||
|
|
Waiting ack from g0tmi1k. |
|
|
Ack. This should be added. The ones which are offered in Kali by default are 'simple' (just command execution). * /usr/share/webshells/jsp/ * /usr/share/laudanum/jsp/ This has various features that are lacking in the current selection: * Fully Featured File Browser (Viewing, uploading, download, editing and more) |
|
|
It seems to me that all the features of jsp are already available in b374k. The latter needs only PHP and apache, thus it is much lighter than having to run a full application server. What do you think? |
|
|
b374k is only a PHP shell, whereas this proposed one is for JSP. We definitely want both. |
|
|
jsr-file-browser version 1.2-0kali1 is in kali-rolling |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-05-20 08:26 | g0tmi1k | New Issue | |
| 2014-06-04 15:19 |
|
Issue cloned: 0001347 | |
| 2016-09-18 11:57 | g0tmi1k | Description Updated | View Revisions |
| 2017-06-22 14:00 | g0tmi1k | Assigned To | => sbrun |
| 2017-06-22 14:00 | g0tmi1k | Status | new => assigned |
| 2017-07-08 18:17 | rhertzog | Status | assigned => feedback |
| 2017-07-08 18:17 | rhertzog | Note Added: 0006889 | |
| 2017-07-18 12:53 | g0tmi1k | Note Added: 0006910 | |
| 2017-07-18 12:53 | g0tmi1k | Status | feedback => assigned |
| 2017-07-18 13:49 | g0tmi1k | Status | assigned => new |
| 2017-07-18 13:49 | g0tmi1k | Summary | Jsp File Browser 1.2 - JSP web shell => Add Jsp File Browser v1.2 - JSP web shell |
| 2017-07-18 14:05 | g0tmi1k | Status | new => assigned |
| 2017-08-31 13:27 | sbrun | Note Added: 0007220 | |
| 2017-08-31 15:17 | dookie | Note Added: 0007228 | |
| 2017-09-07 08:39 | sbrun | Status | assigned => resolved |
| 2017-09-07 08:39 | sbrun | Resolution | open => fixed |
| 2017-09-07 08:39 | sbrun | Note Added: 0007253 | |
| 2017-09-07 12:53 | g0tmi1k | Fixed in Version | => 2017.2 |
| 2021-05-18 11:02 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |