search

vulncheck-oss / go-exploit

A Go-based Exploit Framework
https://pkg.go.dev/github.com/vulncheck-oss/go-exploit
Apache License 2.0
304 stars 29 forks source link

Add JJS chunked dropper #227

Closed terrorbyte closed 1 week ago

terrorbyte commented 2 months ago

Do not merge until the Go 1.23 mod changes as this relies on slices.Chunk.

Adds a JJS based chunked dropper. It generates a valid JJS script with a base64 (I tried to use java.util.HexFormat ones, but weirdly that is less supported) blob that will write to a file, and if execute is true it will change the file permission and execute the payload. The chunks are not the chunk max-size of the whole JJS payload but chunks of the payload, which may want to be adjusted for clarity.

Of note, this was needed for an OFBiz binary dropper version but our Go based payloads are ye olde 3-4Mb and the groovy max size required ~490 requests :sweat_smile: so there might be some more work on that in the future.

terrorbyte commented 1 week ago

This one definitely needs to be redone, some of the ideas are good but the implementation leaves some to be desired (base64 chunking counts and stuff just seem a bit wrong and relying on flexible parsers). I'll revisit this.