[Java] Guardian Gift Box: Godzilla Shell Management Tool

4 minute read

During the network protection period, the wafs of major manufacturers continued to intercept webshells in static detection and killing and traffic communication. The Red Team urgently needed an excellent authority management tool. The release of Ice Scorpion 3.0 may alleviate the dilemma of traffic encryption. However, there are many bugs in Bingscorpion 3.0, and many friends can’t even connect to BeichenDream’s shell, so @BeichenDream decided to publish a shell permission management tool he developed, called “ Godzilla”.

Simple usage

Before installing Godzilla, you need to install jdk1.8 environment. Double-click Godzilla.jar to open it, and the data.db database will be generated in the same directory to store the data. Homepage looks like this image.png

Click Manage-Add to generate the required webshell. Godzilla supports various payloads such as jsp, php, aspx, etc. The payloads of java and c# are natively encrypted with AES, and PHP is also encrypted. When generating, you need to remember your own generation configuration for linking. image.png

Take java jsp as an example, fill in the password and key to generate jsp/jspx. This article uses tomcat7 to demonstrate some functions. Put shell.jsp into tomcat to use Godzilla link. Click Target-Add image.png

image.png

Right-click the shell and select Enter to enter the shell management interface.

image.png

The shell function of jsp/jspx is shown in the figure image.png

The function of php is shown in the figure image.png

The function of aspx/ashx/asmx is shown in the figure image.png

That’s it for a brief introduction.

Some features

Why do I have ice scorpions, ant swords and other scorpions that do not use your Godzilla?

  1. All types of Godzilla’s shells have passed all static checks on the market
  2. Godzilla traffic has encrypted all traffic waf on the market
  3. Godzilla’s built-in plug-ins are incomparable to Ice Scorpion and Ant Sword

Let’s not talk about static immunity. After the tool is released, it may not work for a period of time. Of course, you can continue to change it. The point is to look at traffic encryption and some built-in plug-ins.

Traffic encryption

Let’s look at traffic encryption first, still taking jsp as an example, modify the proxy option in the link configuration to http proxy to proxy the traffic to Burp.

image.png

Request package for executing dir command

image.png

Response packet image.png

Maybe you said that some ua and Accept in the headers are too eye-catching, don’t worry, these can be configured by yourself. Modify in the request configuration of shell editing image.png

Or modify in Configuration-Global Configuration image.png

At this time, looking at the request packet and response packet, there is no feature at all image.png

image.png

And thisisleftData and thisisrightData in the request packet can be modified to other messy data to interfere. Haven’t you said here Godzilla No. 1?

Plug-in module

Some basic modules such as: basic information, file management, and command execution I will not repeat them here.

Database Management

I believe that when you use Ant Sword, you often encounter the situation where the database cannot be connected. I have encountered an environment where the shell is located in the tomcat container. There is no jdbc jar package dependency and the database cannot be connected. However, Ant Sword is nothing good. Method. In Godzilla, there is no need to worry about this problem. In database management, Godzilla will first load the available jdbc from the container, and if not, load the jar driver through the memory to link the database.

Memory shell

The memory shell module realizes registration and unloading of memory horses in tomcat

image.png

You can directly register a Godzilla horse or ice scorpion, chopper horse, or even regeorg. image.png

For example, register a /Godzillashell to enter image.png

Visit found to exist image.png

Direct Godzilla link will do. **The memory shell has no logs and will disappear after tomcat restarts. **

Screenshots

Clicking the screenshot will automatically save the preview, and the shell authority needs to be large enough on windows. image.png

Virtual Terminal

This function actually monitors the port locally, and realizes cmdshell through shell interaction with the server. After clicking start, execute nc 127.0.0.1 4444 to link local 4444 to get cmdshell.

image.png

If you don’t use the nc link, it will always occupy the local 4444 port. Please exit or click stop when finished.

JMeterpreter

image.png

Needless to say, just look at the picture

ServletManage

Used to manage servlets, to facilitate the management of memory shells. image.png

JarLoader

image.png

Use it to load jar packages, the main purpose is to load jdbc.

JZip

image.png

Good assistant for packing the whole station.

ByPassOpenBasedir

image.png

BypassDisableFunctionsimage.png

Notes

The note module is a module that jsp\php\aspx has image.png

ShellCodeLoader

Load shellcode directly through shell, or play meterpreter

image.png

SafetyKatz

mimikatz requires high permissions image.png

lemon

Grasp common software passwords image.png

BadPotato

image.png

Privilege escalation module, from https://github.com/BeichenDream/BadPotato

SharpWeb

image.png

Reference https://github.com/djhohnstein/SharpWeb

SweetPotato

image.png

Right escalation module

other options

Configuration-The font size can be modified in the program configuration and it will take effect after restarting. image.png

Turning off the prompt language does not explain, and turning on God mode will complicate file management. image.png

Disclaimer

  1. The program is only for server management and use, and must not be used for illegal purposes. All consequences caused by illegal use are borne by yourself and have nothing to do with the author.
  2. All consequences caused by user abuse have nothing to do with the author.
  3. Please consciously abide by local laws and regulations when using this program, and all consequences have nothing to do with the author.
  4. This program and code should not be used for commercial purposes, only for learning and communication, offenders must be investigated.

download link

https://github.com/BeichenDream/Godzilla/releases/tag/v1.00-godzilla

Tags:

Updated: