diff --git a/msmap/README.md b/msmap/README.md new file mode 100644 index 0000000..537e2fd --- /dev/null +++ b/msmap/README.md @@ -0,0 +1,172 @@ +# MSMAP + +Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, *WebShell / Proxy / Killer* and Management Clients. [简体中文](README_CN.md) + +[The idea behind I](https://hosch3n.github.io/2022/08/08/Msmap%E5%86%85%E5%AD%98%E9%A9%AC%E7%94%9F%E6%88%90%E6%A1%86%E6%9E%B6%EF%BC%88%E4%B8%80%EF%BC%89/), [The idea behind II](https://hosch3n.github.io/2022/08/09/Msmap%E5%86%85%E5%AD%98%E9%A9%AC%E7%94%9F%E6%88%90%E6%A1%86%E6%9E%B6%EF%BC%88%E4%BA%8C%EF%BC%89/) + +![](img/a.png) + +![](img/b.png) + +![](img/c.png) + +
+Feature [WIP] + +### Function + +- [x] Dynamic Menu +- [x] Automatic Compilation +- [x] Generate Script +- [ ] Lite Mode +- [ ] Graphical Interface + +### Container + +- Java + - [ ] Tomcat7 + - [x] Tomcat8 + - [x] Tomcat9 + - [x] Tomcat10 + - [ ] Resin3 + - [x] Resin4 + - [ ] WebSphere + - [ ] GlassFish + - [ ] WebLogic + - [ ] JBoss + - [ ] Spring + - [ ] Netty +- .NET + - [ ] IIS + +### WebShell / Proxy / Killer + +- WebShell + - [x] CMD / SH + - [x] AntSword + - [x] JSPJS + - [x] Behinder + - [x] Godzilla + +- No need for modularity + +~~Proxy: Neo-reGeorg, wsproxy~~ + +~~Killer: java-memshell-scanner, ASP.NET-Memshell-Scanner~~ + +### Decoder / Decryptor / Hasher + +- Decoder + - [x] Base64 + - [ ] Hex +- Decryptor + - [x] RC4 + - [x] AES128 + - [x] AES256 + - [ ] RSA +- Hasher + - [x] MD5 + - [x] SHA128 + - [x] SHA256 + +
+ +## Usage + +``` bash +git clone git@github.com:hosch3n/msmap.git +cd msmap +python generator.py +``` + +> [Warning] MUST set a unique password, Options are case sensitive. + +### Advanced + +Edit `config/environment.py` + +``` python +# Auto Compile +auto_build = True + +# Base64 Encode Class File +b64_class = True + +# Generate Script File +generate_script = True + +# Compiler Absolute Path +java_compiler_path = r"~/jdk1.6.0_04/bin/javac" +dotnet_compiler_path = r"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" +``` + +Edit `gist/java/container/tomcat/servlet.py` + +``` java +// Servlet Path Pattern +private static String pattern = "*.xml"; +``` + +WsFilter does not currently support automatic compilation. If an encryption encoder is used, the password needs to be the same as the path (eg `/passwd`) + +## Example + +
+CMD / SH + +**Command** with **Base64** Encoder | Inject Tomcat Valve + +`python generator.py Java Tomcat Valve Base64 CMD passwd` + +
+ +
+AntSword + +Type **JSP** with **default** Encoder | Inject Tomcat Valve + +`python generator.py Java Tomcat Valve RAW AntSword passwd` + +Type **JSP** with **[aes_128_ecb_pkcs7_padding_md5](extend/AntSword/encoder/aes_128_ecb_pkcs7_padding_md5.js)** Encoder | Inject Tomcat Listener + +`python generator.py Java Tomcat Listener AES128 AntSword passwd` + +Type **JSP** with **[rc_4_sha256](extend/AntSword/encoder/rc_4_sha256.js)** Encoder | Inject Tomcat Servlet + +`python generator.py Java Tomcat Servlet RC4 AntSword passwd` + +Type **JSPJS** with **[aes_128_ecb_pkcs7_padding_md5](extend/AntSword/encoder/aes_128_ecb_pkcs7_padding_md5.js)** Encoder | Inject Tomcat WsFilter + +`python generator.py Java Tomcat WsFilter AES128 JSPJS passwd` + +
+ +
+Behinder + +Type **default_aes** | Inject Tomcat Valve + +`python generator.py Java Tomcat Valve AES128 Behinder rebeyond` + +
+ +
+Godzilla + +Type **JAVA_AES_BASE64** | Inject Tomcat Valve + +`python generator.py Java Tomcat Valve AES128 Godzilla superidol` + +> [Known issue](https://github.com/BeichenDream/Godzilla/issues/76) + +
+ +## Reference + +[GodzillaMemoryShellProject](https://github.com/BeichenDream/GodzillaMemoryShellProject) + +[AntSword-JSP-Template](https://github.com/AntSwordProject/AntSword-JSP-Template) + +[As-Exploits memshell_manage](https://github.com/yzddmr6/As-Exploits/tree/master/core/memshell_manage) + +[Behinder](https://github.com/rebeyond/Behinder) | [wsMemShell](https://github.com/veo/wsMemShell) | [ysomap](https://github.com/wh1t3p1g/ysomap)