During the network protection period, the wafs of major manufacturers continued to intercept webshells in static detection and killing and traffic communication. The Red Team urgently needed an excellent authority management tool. The release of Ice Scorpion 3.0 may alleviate the dilemma of traffic encryption. However, there are many bugs in Bingscorpion 3.0, and many friends can’t even connect to BeichenDream’s shell, so @BeichenDream decided to publish a shell permission management tool he developed, called “ Godzilla”.
Before installing Godzilla, you need to install jdk1.8 environment. Double-click Godzilla.jar to open it, and the data.db database will be generated in the same directory to store the data. Homepage looks like this
Click Manage-Add to generate the required webshell. Godzilla supports various payloads such as jsp, php, aspx, etc. The payloads of java and c# are natively encrypted with AES, and PHP is also encrypted. When generating, you need to remember your own generation configuration for linking.
Take java jsp as an example, fill in the password and key to generate jsp/jspx. This article uses tomcat7 to demonstrate some functions. Put shell.jsp into tomcat to use Godzilla link. Click Target-Add
Right-click the shell and select Enter to enter the shell management interface.
The shell function of jsp/jspx is shown in the figure
The function of php is shown in the figure
The function of aspx/ashx/asmx is shown in the figure
That’s it for a brief introduction.
Why do I have ice scorpions, ant swords and other scorpions that do not use your Godzilla?
- All types of Godzilla’s shells have passed all static checks on the market
- Godzilla traffic has encrypted all traffic waf on the market
- Godzilla’s built-in plug-ins are incomparable to Ice Scorpion and Ant Sword
Let’s not talk about static immunity. After the tool is released, it may not work for a period of time. Of course, you can continue to change it. The point is to look at traffic encryption and some built-in plug-ins.
Let’s look at traffic encryption first, still taking jsp as an example, modify the proxy option in the link configuration to http proxy to proxy the traffic to Burp.
Request package for executing dir command
Maybe you said that some ua and Accept in the headers are too eye-catching, don’t worry, these can be configured by yourself. Modify in the request configuration of shell editing
Or modify in Configuration-Global Configuration
At this time, looking at the request packet and response packet, there is no feature at all
And thisisleftData and thisisrightData in the request packet can be modified to other messy data to interfere. Haven’t you said here Godzilla No. 1?
Some basic modules such as: basic information, file management, and command execution I will not repeat them here.
I believe that when you use Ant Sword, you often encounter the situation where the database cannot be connected. I have encountered an environment where the shell is located in the tomcat container. There is no jdbc jar package dependency and the database cannot be connected. However, Ant Sword is nothing good. Method. In Godzilla, there is no need to worry about this problem. In database management, Godzilla will first load the available jdbc from the container, and if not, load the jar driver through the memory to link the database.
The memory shell module realizes registration and unloading of memory horses in tomcat
You can directly register a Godzilla horse or ice scorpion, chopper horse, or even regeorg.
For example, register a /Godzillashell to enter
Visit found to exist
Direct Godzilla link will do. **The memory shell has no logs and will disappear after tomcat restarts. **
Clicking the screenshot will automatically save the preview, and the shell authority needs to be large enough on windows.
This function actually monitors the port locally, and realizes cmdshell through shell interaction with the server. After clicking start, execute
nc 127.0.0.1 4444 to link local 4444 to get cmdshell.
If you don’t use the nc link, it will always occupy the local 4444 port. Please exit or click stop when finished.
Needless to say, just look at the picture
Used to manage servlets, to facilitate the management of memory shells.
Use it to load jar packages, the main purpose is to load jdbc.
Good assistant for packing the whole station.
The note module is a module that jsp\php\aspx has
Load shellcode directly through shell, or play meterpreter
mimikatz requires high permissions
Grasp common software passwords
Privilege escalation module, from https://github.com/BeichenDream/BadPotato
Right escalation module
Configuration-The font size can be modified in the program configuration and it will take effect after restarting.
Turning off the prompt language does not explain, and turning on God mode will complicate file management.
- The program is only for server management and use, and must not be used for illegal purposes. All consequences caused by illegal use are borne by yourself and have nothing to do with the author.
- All consequences caused by user abuse have nothing to do with the author.
- Please consciously abide by local laws and regulations when using this program, and all consequences have nothing to do with the author.
- This program and code should not be used for commercial purposes, only for learning and communication, offenders must be investigated.