wsm

package
v1.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 30, 2024 License: AGPL-3.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var WebShellExports = map[string]interface{}{
	"NewWebshell": NewWebShell,

	"tools":        SetShellType,
	"setProxy":     SetProxy,
	"useBehinder":  SetBeinderTool,
	"useGodzilla":  SetGodzillaTool,
	"useYakshell":  SetYakShellTool(),
	"useBase64":    SetBase64Aes,
	"useRaw":       SetRawAes,
	"useXorBase64": SetBase64Xor(),
	"script":       SetShellScript,
	"secretKey":    SetSecretKey,
	"passParams":   SetPass,

	"cmdPath": behinder.SetCommandPath,
}

Functions

func SaveShell 

func SaveShell(manager BaseShellManager)

Types

type BaseShellManager 

type BaseShellManager interface {
	PacketCodecI
	PayloadCodecI
	Ping(opts ...behinder.ExecParamsConfig) (bool, error)
	BasicInfo(opts ...behinder.ExecParamsConfig) ([]byte, error)
	CommandExec(cmd string, opts ...behinder.ExecParamsConfig) ([]byte, error)
	ExecutePluginOrCache(param map[string]string) ([]byte, error)
	String() string
	GenWebShell() string
	SetCustomEncFunc(func(data, key []byte) ([]byte, error))
}

func NewWebShell 

func NewWebShell(url string, opts ...ShellConfig) (BaseShellManager, error)

func NewWebShellManager 

func NewWebShellManager(s *ypb.WebShell) (BaseShellManager, error)

type BehidnerResourceSystemAction 

type BehidnerResourceSystemAction struct {
	// contains filtered or unexported fields
}

func (*BehidnerResourceSystemAction) Delete 

func (b *BehidnerResourceSystemAction) Delete(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*BehidnerResourceSystemAction) Do 

func (b *BehidnerResourceSystemAction) Do(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*BehidnerResourceSystemAction) Get 

func (b *BehidnerResourceSystemAction) Get(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*BehidnerResourceSystemAction) Head 

func (b *BehidnerResourceSystemAction) Head(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*BehidnerResourceSystemAction) Post 

func (b *BehidnerResourceSystemAction) Post(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*BehidnerResourceSystemAction) Put 

func (b *BehidnerResourceSystemAction) Put(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

type Behinder 

type Behinder struct {
	// 连接地址
	Url string
	// 密钥
	SecretKey []byte
	// shell 类型
	ShellScript string

	Proxy string

	// 自定义 header 头
	Headers              map[string]string
	PacketScriptContent  string
	PayloadScriptContent string
	// contains filtered or unexported fields
}

func NewBehinder 

func NewBehinder(ys *ypb.WebShell) (*Behinder, error)

func NewBehinderManager 

func NewBehinderManager(url string, opts ...ShellConfig) (*Behinder, error)

func (*Behinder) BasicInfo 

func (b *Behinder) BasicInfo(opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*Behinder) ClientRequestEncode 

func (b *Behinder) ClientRequestEncode(raw []byte) ([]byte, error)

func (*Behinder) ClientRequestEncodeFormGo 

func (b *Behinder) ClientRequestEncodeFormGo(en codecFunc)

func (*Behinder) CommandExec 

func (b *Behinder) CommandExec(cmd string, opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*Behinder) EchoResultDecodeFormGo 

func (b *Behinder) EchoResultDecodeFormGo(de codecFunc)

func (*Behinder) EchoResultDecodeFormYak 

func (b *Behinder) EchoResultDecodeFormYak(raw []byte) ([]byte, error)

func (*Behinder) EchoResultEncodeFormGo 

func (b *Behinder) EchoResultEncodeFormGo(en codecFunc)

func (*Behinder) EchoResultEncodeFormYak 

func (b *Behinder) EchoResultEncodeFormYak(raw []byte) ([]byte, error)

func (*Behinder) ExecutePluginOrCache added in v1.3.3 

func (b *Behinder) ExecutePluginOrCache(param map[string]string) ([]byte, error)

func (*Behinder) GenWebShell 

func (b *Behinder) GenWebShell() string

func (*Behinder) Ping 

func (b *Behinder) Ping(opts ...behinder.ExecParamsConfig) (bool, error)

func (*Behinder) ServerResponseDecode 

func (b *Behinder) ServerResponseDecode(raw []byte) ([]byte, error)

func (*Behinder) SetCustomEncFunc added in v1.3.3 

func (b *Behinder) SetCustomEncFunc(func(data, key []byte) ([]byte, error))

func (*Behinder) SetPacketScriptContent 

func (b *Behinder) SetPacketScriptContent(str string)

func (*Behinder) SetPayloadScriptContent 

func (b *Behinder) SetPayloadScriptContent(str string)

func (*Behinder) String 

func (b *Behinder) String() string

func (*Behinder) Unmarshal 

func (b *Behinder) Unmarshal(bts []byte, m map[string]string) error

type ConfuseFunc added in v1.3.3 

type ConfuseFunc func(code string) (string, error)

type FileOperation 

type FileOperation interface {
	Execute(base BaseShellManager) ([]byte, error)
}

type Generate added in v1.3.3 

type Generate struct {
	// contains filtered or unexported fields
}

func NewGenerate added in v1.3.3 

func NewGenerate(opt ...GenerateConfig) *Generate

func (*Generate) Generate added in v1.3.3 

func (j *Generate) Generate() (string, error)

type GenerateConfig added in v1.3.3 

type GenerateConfig func(generate *ypb.ShellGenerate)

func WithAesBase64 added in v1.3.3 

func WithAesBase64() GenerateConfig

func WithAspxScript added in v1.3.3 

func WithAspxScript() GenerateConfig

func WithBase64 added in v1.3.3 

func WithBase64() GenerateConfig

func WithConfuse added in v1.3.3 

func WithConfuse() GenerateConfig

func WithJspScript added in v1.3.3 

func WithJspScript() GenerateConfig

func WithPass added in v1.3.3 

func WithPass(pass string) GenerateConfig

func WithPhpScript added in v1.3.3 

func WithPhpScript() GenerateConfig

func WithSessionMode added in v1.3.3 

func WithSessionMode() GenerateConfig

func WithXorBase64 added in v1.3.3 

func WithXorBase64() GenerateConfig

func WithXorRaw added in v1.3.3 

func WithXorRaw() GenerateConfig

type Godzilla 

type Godzilla struct {
	Url string
	//
	// 连接参数
	Pass string
	// 密钥
	SecretKey []byte
	// shell 类型
	ShellScript string
	// 加密模式
	EncMode string
	Proxy   string
	// 自定义 header 头
	Headers map[string]string
	// request 开头的干扰字符
	ReqLeft string
	// request 结尾的干扰字符
	ReqRight string

	PacketScriptContent  string
	PayloadScriptContent string
	// contains filtered or unexported fields
}

func NewGodzilla 

func NewGodzilla(ys *ypb.WebShell) (*Godzilla, error)

func NewGodzillaManager 

func NewGodzillaManager(url string, opts ...ShellConfig) (*Godzilla, error)

func (*Godzilla) BasicInfo 

func (g *Godzilla) BasicInfo(opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*Godzilla) ClientRequestEncode 

func (g *Godzilla) ClientRequestEncode(raw []byte) ([]byte, error)

func (*Godzilla) ClientRequestEncodeFormGo 

func (g *Godzilla) ClientRequestEncodeFormGo(en codecFunc)

func (*Godzilla) CommandExec 

func (g *Godzilla) CommandExec(cmd string, opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*Godzilla) CustomClassByteCodeDealer 

func (g *Godzilla) CustomClassByteCodeDealer(classBytes []byte) (bool, error)

func (*Godzilla) DumpWebappComponent 

func (g *Godzilla) DumpWebappComponent(classname string) ([]byte, error)

func (*Godzilla) EchoResultDecodeFormGo 

func (g *Godzilla) EchoResultDecodeFormGo(de codecFunc)

func (*Godzilla) EchoResultDecodeFormYak 

func (g *Godzilla) EchoResultDecodeFormYak(raw []byte) ([]byte, error)

func (*Godzilla) EchoResultEncodeFormGo 

func (g *Godzilla) EchoResultEncodeFormGo(en codecFunc)

func (*Godzilla) EchoResultEncodeFormYak 

func (g *Godzilla) EchoResultEncodeFormYak(raw []byte) ([]byte, error)

func (*Godzilla) EvalFunc 

func (g *Godzilla) EvalFunc(className, funcName string, parameter *godzilla.Parameter) ([]byte, error)

EvalFunc 个人简单理解为调用远程 shell 的一个方法,以及对指令的序列化,并且发送指令

func (*Godzilla) ExecutePluginOrCache added in v1.3.3 

func (g *Godzilla) ExecutePluginOrCache(param map[string]string) ([]byte, error)

func (*Godzilla) FileManagement 

func (g *Godzilla) FileManagement()

func (*Godzilla) GenWebShell 

func (g *Godzilla) GenWebShell() string

func (*Godzilla) Include 

func (g *Godzilla) Include(codeName string, binCode []byte) (bool, error)

Include 远程 shell 加载插件

func (*Godzilla) InjectPayload 

func (g *Godzilla) InjectPayload() error

func (*Godzilla) InjectPayloadIfNoCookie 

func (g *Godzilla) InjectPayloadIfNoCookie() error

func (*Godzilla) InvokeCustomPlugin 

func (g *Godzilla) InvokeCustomPlugin() ([]byte, error)

func (*Godzilla) KillWebappComponent 

func (g *Godzilla) KillWebappComponent(componentType string, name string) ([]byte, error)

KillWebappComponent will unload component given kill `Servlet` need to provide `servletName` eg: `HelloServlet` kill `Filter` need to provide `filterName` eg: `HelloFilter` kill `Listener` need to provide `listenerClass` eg: `com.example.HelloListener` kill `Valve` need to provide `valveID` eg: `1` kill `Timer` need to provide `threadName` kill `Websocket` need to provide `websocketPattern` eg: `/websocket/EchoEndpoint` kill `Upgrade` need to provide `upgradeKey` eg: `version.txt` from goby ysoserial plugin generated kill `Executor` use a fixed value `recovery`

func (*Godzilla) LoadPotatoPlugin 

func (g *Godzilla) LoadPotatoPlugin(cmd string) ([]byte, error)

func (*Godzilla) LoadScanWebappComponentInfoPlugin 

func (g *Godzilla) LoadScanWebappComponentInfoPlugin(className string) ([]byte, error)

func (*Godzilla) LoadSuo5Plugin 

func (g *Godzilla) LoadSuo5Plugin(className string, memshellType string, path string) ([]byte, error)

LoadSuo5Plugin load suo5 proxy with default memshell type as filter type

func (*Godzilla) Ping 

func (g *Godzilla) Ping(opts ...behinder.ExecParamsConfig) (bool, error)

func (*Godzilla) ScanWebappComponentInfo 

func (g *Godzilla) ScanWebappComponentInfo() ([]byte, error)

ScanWebappComponentInfo will return target webapp servlet, filter info

func (*Godzilla) ServerResponseDecode 

func (g *Godzilla) ServerResponseDecode(raw []byte) ([]byte, error)

func (*Godzilla) SetCustomEncFunc added in v1.3.3 

func (g *Godzilla) SetCustomEncFunc(func(data, key []byte) ([]byte, error))

func (*Godzilla) SetPacketScriptContent 

func (g *Godzilla) SetPacketScriptContent(content string)

func (*Godzilla) SetPayloadScriptContent 

func (g *Godzilla) SetPayloadScriptContent(content string)

func (*Godzilla) String 

func (g *Godzilla) String() string

type GodzillaFileSystemAction 

type GodzillaFileSystemAction struct {
	// contains filtered or unexported fields
}

func (*GodzillaFileSystemAction) Delete 

func (g *GodzillaFileSystemAction) Delete(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*GodzillaFileSystemAction) Do 

func (g *GodzillaFileSystemAction) Do(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*GodzillaFileSystemAction) Get 

func (g *GodzillaFileSystemAction) Get(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*GodzillaFileSystemAction) Head 

func (g *GodzillaFileSystemAction) Head(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*GodzillaFileSystemAction) Post 

func (g *GodzillaFileSystemAction) Post(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*GodzillaFileSystemAction) Put 

func (g *GodzillaFileSystemAction) Put(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

type IResult 

type IResult interface {
	Unmarshal([]byte, map[string]string) error
}

type PacketCodecI 

type PacketCodecI interface {
	// ClientRequestEncode 对请求包的 payload 进行编码
	ClientRequestEncode(raw []byte) ([]byte, error)
	// ServerResponseDecode webshell server 获取请求包中的 payload
	ServerResponseDecode(raw []byte) ([]byte, error)
	SetPacketScriptContent(content string)
}

type PayloadCodecI 

type PayloadCodecI interface {
	// EchoResultEncodeFormYak payload 内部对回显结果的编码,混合编程,执行 yaklang
	EchoResultEncodeFormYak(raw []byte) ([]byte, error)
	// EchoResultDecodeFormYak 对 payload 回显结果的解码
	EchoResultDecodeFormYak(raw []byte) ([]byte, error)
	SetPayloadScriptContent(content string)
}

type ShellConfig 

type ShellConfig func(info *ypb.WebShell)

func SetBase64 added in v1.3.3 

func SetBase64() ShellConfig

func SetBase64Aes 

func SetBase64Aes() ShellConfig

func SetBase64AesDec added in v1.3.3 

func SetBase64AesDec() ShellConfig

SetBase64AesDec 当为Jsp的时候,需要满足Key为16或者32,todo:

func SetBase64Dec added in v1.3.3 

func SetBase64Dec() ShellConfig

func SetBase64Xor added in v1.3.3 

func SetBase64Xor() ShellConfig

func SetBase64xorDec added in v1.3.3 

func SetBase64xorDec() ShellConfig

func SetBeinderTool 

func SetBeinderTool() ShellConfig

func SetBlockSize added in v1.3.3 

func SetBlockSize(size int64) ShellConfig

func SetGodzillaTool 

func SetGodzillaTool() ShellConfig

func SetHeaders 

func SetHeaders(headers map[string]string) ShellConfig

SetHeaders TODO

func SetPass 

func SetPass(pass string) ShellConfig

func SetPosts added in v1.3.3 

func SetPosts(posts map[string]string) ShellConfig

func SetProxy 

func SetProxy(p string) ShellConfig

func SetRawAes 

func SetRawAes() ShellConfig

func SetSecretKey 

func SetSecretKey(key string) ShellConfig

func SetSession added in v1.3.3 

func SetSession() ShellConfig

func SetShellScript 

func SetShellScript(script string) ShellConfig

func SetShellType 

func SetShellType(tools string) ShellConfig

func SetTimeout added in v1.3.3 

func SetTimeout(timeout int64) ShellConfig

func SetYakShellTool added in v1.3.3 

func SetYakShellTool() ShellConfig

type YakShell added in v1.3.3 

type YakShell struct {
	Url           string
	Pass          string
	Charset       string
	ShellScript   string                                 //shell类型
	ReqCipherMode string                                 //加密方式
	ResCipherMode string                                 //返回包解密方式
	Proxy         string                                 //代理
	Os            string                                 //系统
	IsSession     bool                                   //是否启用session mode todo: 如果是内存马是不是应该算成session?
	Retry         int64                                  //重试次数
	Timeout       int64                                  //超时
	BlockSize     int64                                  //分块大小
	MaxSize       int64                                  //上传包最大(M)
	Posts         map[string]string                      //在post中添加的数据
	Headers       map[string]string                      //在headers中添加的数据
	EncryptFunc   func(data, key []byte) ([]byte, error) //用户自定义实现的加密方式
	// contains filtered or unexported fields
}

func NewYakShell added in v1.3.3 

func NewYakShell(shell *ypb.WebShell) (*YakShell, error)

func NewYakShellManager added in v1.3.3 

func NewYakShellManager(url string, opts ...ShellConfig) (*YakShell, error)

func (*YakShell) BasicInfo added in v1.3.3 

func (y *YakShell) BasicInfo(opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*YakShell) ClientRequestEncode added in v1.3.3 

func (y *YakShell) ClientRequestEncode(raw []byte) ([]byte, error)

func (*YakShell) CommandExec added in v1.3.3 

func (y *YakShell) CommandExec(cmd string, opts ...behinder.ExecParamsConfig) ([]byte, error)

func (*YakShell) EchoResultDecodeFormYak added in v1.3.3 

func (y *YakShell) EchoResultDecodeFormYak(raw []byte) ([]byte, error)

func (*YakShell) EchoResultEncodeFormYak added in v1.3.3 

func (y *YakShell) EchoResultEncodeFormYak(raw []byte) ([]byte, error)

func (*YakShell) ExecutePluginOrCache added in v1.3.3 

func (y *YakShell) ExecutePluginOrCache(param map[string]string) ([]byte, error)

ExecutePluginOrCache 执行额外的插件功能

func (*YakShell) GenWebShell added in v1.3.3 

func (y *YakShell) GenWebShell() string

func (*YakShell) InjectPayloadIfNoCookie added in v1.3.3 

func (y *YakShell) InjectPayloadIfNoCookie() error

func (*YakShell) Ping added in v1.3.3 

func (y *YakShell) Ping(opts ...behinder.ExecParamsConfig) (bool, error)

func (*YakShell) ServerResponseDecode added in v1.3.3 

func (y *YakShell) ServerResponseDecode(raw []byte) ([]byte, error)

func (*YakShell) SetCustomEncFunc added in v1.3.3 

func (y *YakShell) SetCustomEncFunc(enc func(data, key []byte) ([]byte, error))

func (*YakShell) SetPacketScriptContent added in v1.3.3 

func (y *YakShell) SetPacketScriptContent(content string)

func (*YakShell) SetPayloadScriptContent added in v1.3.3 

func (y *YakShell) SetPayloadScriptContent(content string)

func (*YakShell) String added in v1.3.3 

func (y *YakShell) String() string

type YakShellResourceAction added in v1.3.3 

type YakShellResourceAction struct {
	// contains filtered or unexported fields
}

func (*YakShellResourceAction) Delete added in v1.3.3 

func (y *YakShellResourceAction) Delete(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*YakShellResourceAction) Do added in v1.3.3 

func (y *YakShellResourceAction) Do(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*YakShellResourceAction) Get added in v1.3.3 

func (y *YakShellResourceAction) Get(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*YakShellResourceAction) Head added in v1.3.3 

func (y *YakShellResourceAction) Head(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*YakShellResourceAction) Post added in v1.3.3 

func (y *YakShellResourceAction) Post(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

func (*YakShellResourceAction) Put added in v1.3.3 

func (y *YakShellResourceAction) Put(params *ypb.RequestYakURLParams) (*ypb.RequestYakURLResponse, error)

Source Files

View all Source files

Directories

Path Synopsis
behinder
godzilla
godzilla/plugin
yakshell

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.