A single JSP file, embedded with jQuery and everything else you need to make an awesome web shell.
How do you use it?
1. Upload it to the victim server (try it on a local Tomcat server!)
2. Browse to it
3. Pretend you’re on looking at xterm
Where does it work?
- Works across platform
- Works on Java 1.5+ (probably 1.4 too, but I haven’t tested)
Why would you use it?
- Browse around the system (as the web application system user)
- Execute arbitrary system commands (it’s a shell, after all)
- Show and alter session variables
- Dump JNDI entries
Educational purpose only.