You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**2.Access 'inject.jsp' to inject a memory backdoor into the system. After injecting, delete 'inject.jsp,' but the backdoor will still persist.**
49
49
50
-
50
+
51
51
52
52
Successfully removed 'inject.jsp' and established a connection to the memory backdoor.
53
53
54
-
54
+
55
55
56
56
**3.Backdoor Persistence**
57
57
58
58
Prevent the memory-resident backdoor from being cleared upon restart by replacing the zimbra-license.jar plugin. Substitute the malicious zimbra-license-success.jar for the original system jar file to achieve backdoor persistence.
59
59
60
-
60
+
61
61
62
62
**4.Clearing logs**
63
63
64
64
Utilize the 'zimbraplugin ClearLog' function to erase logs of malicious JSP access.
65
65
66
-
66
+
67
67
68
68
**5.Functional payload**
69
69
70
70
Utilize specific functionalities as needed. Upon clicking the corresponding function, the payload will be sent to the server backdoor, and the corresponding payload will be executed in memory.
71
71
72
-
72
+
73
73
74
74
**6.Traffic**
75
75
76
-
76
+
77
77
78
78
**7.Test Version**
79
79
@@ -83,7 +83,7 @@ Utilize specific functionalities as needed. Upon clicking the corresponding func
83
83
84
84
**1.Upload shell.jar to inject a backdoor into the target system at runtime**
85
85
86
-
86
+
87
87
88
88
The backdoor has been successfully injected; delete shell.jar.
89
89
@@ -93,11 +93,11 @@ To prevent the loss of the backdoor upon system restart, modify the startup logi
0 commit comments