This archive contains a collection of WAR and EAR compatible stagers that use a variety of communication methods to communicate back to the attacker - even if the only open port is the HTTP/JNDI port, or even if no incoming ports are open but the victim can call back (which can be tricky as usually WARs and EARs are initialized on demand).
e0adf72b3398c73749efe6bac7d251e6948e7d500a2ba499bf1a5c34ac8e26fcThis archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.
747a1606b26df9100754057d92a18c72898b1aac62e7ff7f66444ab2423ae003File system investigator is a forensic tool that allows viewing of ReiserFS and EXT2/3. While primarily intended as a forensics tool, it is also useful for Linux users who dual boot with another OS; it allows them to view and extract files from their partitions. Written in Java.
148555dee50322a3e971221b0dbbc7586dd326ef3093e5fee993332a6624ddd3File system investigator is a forensic tool that allows viewing of ReiserFS and EXT2/3. While primarily intended as a forensics tool, it is also useful for Linux users who dual boot with another OS; it allows them to view and extract files from their partitions. Written in Java.
ff77e35b4af3b2748931ca729dec505f63df89a427f7fc9ba9fccbf0f3aeada3Network Packet Capture Facility for Java is a set of Java classes that provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. It utilizes libpcap, a widely used system library for packet capture.
616e1a7278e241b405b39db8e0ff62f4f9ccbbda0582e4bdc109ed2e29eaa6fbHextodec.java is a simple hex ip to dec ip converter which can be useful for many things, among them is finding the ips of users on java chats similar to the one on www.ircnet.com.
b5b882ab25a1150a4d183e519a87dd5f9c1b71feb6698daacae9fed65245966bJava simple tcp port scanner. Very portable.
c5af99140d07b64b6725cdcec21738daef34260b3729fb7a3d21204185e32e0cSecura is an open source cross platform java crypto package. Jar available here.
acf7db722cae09a47aea5da574ec7b5987a73d183e902e4cc9da92e568481ee0java.security.AccessController can cause Sun derived JVM to crash. Tested on v1.3.1. Article available here.
d54b65e6f002a4b975ed045bad4a8fcda3b0d5fb0f199835727b51f75d88aaa0Proxy Toolkit is coded in Java and checks to see what information a web proxy forwards.
29df10b97dc837a93d9fbf6d310c5ccfc8236ae4560a8bdac470fa265c494422MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
f61d2b74017f34d562ef1f8005602a6819466baf7b6498a42f91e32a9baad685The Marvin Obfuscater rewrites Java applications in a way that makes it almost impossible to decompile them and understand their inner workings.
36eefe20974a847ba0aea32ac4993e8c9a8a7b31f92d74c8263cb61ab2edde47Sneaky Pete is a java program which lets you input an alphabetic passphrase into a computer without using a keyboard, thus foiling keylogging software/hardware. It also incorporates anti-TEMPEST fonts to make it harder for monitor-scanners to see what letters are on your display.
93beb1efc57a9397ed67dd64e1510987e1481359afba0055c83617c4bbb54338MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
bd773bec00af0e7d8bcc99ef91ef50f897b8e537c10e4aebd81edb326fa08f81MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
36b73f3dcb05c96281c1d2e354b7df64078559e80ebc22d9517b6d1729fe5f51This Java script will cause Internet Explorer to consume 100% resources.
37fd1eabbdbe8272dd0ce763e7f8d8c888aeb4e557e21eba18d3ac7943018484Shell In A Box provides shell access to a server from within any Java-enabled Web browser. Requests are tunneled over HTTP using the same proxy settings that the browser uses. On the server, it installs as a CGI program, and there is no client-side installation necessary. It sports full VT102 emulation with Unicode support, international font files, ANSI colors, a scrollback buffer, mouse position reporting, clipboard support, and user-configurable emulation modes. All user preferences are stored as cookies in the client's browser.
bab597954c3f02125d4b13bcb88954599602b33329b4ce52df6299fcffb5f9eaMindTerm is a complete GPL'd ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
ec96c48385cd58025243e1c2925497216c44b890432e4900de31255d59b293e3Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon. In this release, we support connecting via the Secure Sockets Layer. This client is supported on Windows and any Unix platform where a Java 2 (or Swing) runtime environment is present. It was written in 100% Pure Java and can act as either an application or an applet.
b7e3b9759b71158776ea56defbffbe8684fda83e7caebdfc1f97d39ddc158e8bJava ftp login scanner is a multithreaded tool which scans ftp sites for a certain user.
0ca0c45899e4dc186b34df4c304fb411ff3ea49bfc3e06ac23f5c68068c135a5Cum Security Toolkit (cst v1.0) - Contains a scriptscanner and a portscanner Coded in Java. The http-script scanner features the ability to use a proxy server, a scripts-to-scan database, anti-IDS url encoding, fake "X-Forwarded-For:" header, and uses fake "Referer: " info. The port scanner is a full TCP connection scanner which can scan port ranges and grab banners.
4a48a8b8b4f3c855330733200affaf3d5fdca4f02a949b6e0d9a50938eab9560Jport is a simple Java portscanner. Source and binary included. Works best under linux, uses 150 threads. The New version has more features than ever including Port Identifications and New Threading System Increases Speed.
e9b358fa969b04de8f60451731c2236d117a412656235d7b93a8a5e56aab9343MindTerm is a complete ssh-client in pure java. It can be used either as a standalone java-application or as a java- applet. The source-code is freely available (GPL). Three packages of importance are provided, terminal, ssh, and security. The terminal package is a rather complete vt102/xterm-terminal. The ssh-package contains the ssh- protocol and also "drop-in" socket replacements to use ssh- tunnels transparently from a java application/applet. It also contains functionality to realize a ssh-server. Finally the security package contains RSA, DES, 3DES, RC4 and Blowfish ciphers.
7b2ac91d1bd9578c2eef264a4cdd776c1b5f84b36cb4f31b4ab466c58c3211a3JFwadmin is a Java 2 high-level X11 tool for ipchains. The GUI displays easy-to-understand services. Features include boot scripts generation, firewall save and restore, automatic interface and IP address and routes detection, and current firewall configuration display.
a80573d3cd212e7e45aa2cb8102be9da230368247fd6e3df5d0a857857234495Jport is a simple Java portscanner. Source and binary included. Works best under linux, uses 150 threads.
df9b35e71711661319d2f111f6300beacbe6068795407489e86ac27bfe0424d7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed