Google Web Toolkit

2024-11-09 22:54:23 +00:00 · 2023-09-19 09:58:22 +02:00 · 2023-09-19 09:58:22 +02:00 · e9fb4f100c
commit e9fb4f100c
parent 59640ba51a
2 changed files with 56 additions and 1 deletions
--- a/Toolkit/README.md
+++ b/Toolkit/README.md
@ -0,0 +1,55 @@
+# Google Web Toolkit
+
+> Google Web Toolkit (GWT), also known as GWT Web Toolkit, is an open-source set of tools that allows web developers to create and maintain JavaScript front-end applications using Java. It was originally developed by Google and had its initial release on May 16, 2006.
+
+
+## Summary
+
+* [Tools](#tools)
+* [Enumerate](#enumerate)
+* [References](#references)
+
+
+## Tools
+
+* [FSecureLABS/GWTMap](https://github.com/FSecureLABS/GWTMap)
+* [GDSSecurity/GWT-Penetration-Testing-Toolset](https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset)
+
+
+## Enumerate
+
+* Enumerate the methods of a remote application via it's bootstrap file and create a local backup of the code (selects permutation at random):
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --backup
+    ```
+* Enumerate the methods of a remote application via a specific code permutation
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/C39AB19B83398A76A21E0CD04EC9B14C.cache.js
+    ```
+* Enumerate the methods whilst routing traffic through an HTTP proxy:
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --backup -p http://127.0.0.1:8080
+    ```
+* Enumerate the methods of a local copy (a file) of any given permutation:
+    ```ps1
+    ./gwtmap.py -F test_data/olympian/C39AB19B83398A76A21E0CD04EC9B14C.cache.js
+    ```
+* Filter output to a specific service or method: 
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService.login
+    ```
+* Generate RPC payloads for all methods of the filtered service, with coloured output
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService --rpc --color
+    ```
+* Automatically test (probe) the generate RPC request for the filtered service method
+    ```ps1
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService.login --rpc --probe
+    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter TestService.testDetails --rpc --probe
+    ```
+
+
+## References
+
+* [From Serialized to Shell :: Exploiting Google Web Toolkit with EL Injection - May 22, 2017](https://srcincite.io/blog/2017/05/22/from-serialized-to-shell-auditing-google-web-toolkit-with-el-injection.html)
+* [Hacking a Google Web Toolkit application - April 22, 2021 - thehackerish](https://thehackerish.com/hacking-a-google-web-toolkit-application/)
--- a/Resources/Active
+++ b/Resources/Active
@ -322,7 +322,7 @@ root@payload$ apt install bloodhound
 # start BloodHound and the database
 root@payload$ neo4j console
 # or use docker
-root@payload$ docker run -p7474:7474 -p7687:7687 -e NEO4J_AUTH=neo4j/bloodhound neo4j
+root@payload$ docker run -itd -p 7687:7687 -p 7474:7474 --env NEO4J_AUTH=neo4j/bloodhound -v $(pwd)/neo4j:/data neo4j:4.4-community

 root@payload$ ./bloodhound --no-sandbox
 Go to http://127.0.0.1:7474, use db:bolt://localhost:7687, user:neo4J, pass:neo4j