The Godzilla installation articles found on the Internet are all the same, and some of them have not changed a single word. As a novice, these articles cannot solve my problems in some aspects, so here is a summary of some problems and solutions that Xiaobai may encounter.
In addition, the link to download Godzilla is attached at the end of the article. It is more troublesome to visit GitHub in China.
Table of contents
foreword
1. This article includes the download and installation of Godzilla, as well as the practice of using Godzilla in the first level of upload-labs-master.
2. I have jdk16 on this machine, and I can use Godzilla normally without having to install a jdk1.8.
3. Upload-labs project address , please search for the installation tutorial on the Internet by yourself, this article uses phpstudy to build the environment (you can also use other environments, just choose a shooting range environment with upload vulnerabilities, this is just for the use of demonstration tools)
1. Download and install
download
Here is a demonstration of downloading from scratch (GitHub domestic access is a bit slow, for the convenience of domestic students, I uploaded a free download address on this site )
Log in to the github official website and search for godzilla.
Click on the first one to support the original author BeichenDream (I didn’t download the others, I don’t know what they are)
(I didn’t know which one was correct when I used github for the first time, because there are many resources on the page, silly points I don’t know. Even if I choose the right resource published by the author, I can’t find where to download it. I always download a bunch of explanation files. There is no main content like a .jar file) I often just click on "code"-
> Downloading the zip only downloads a bunch of instruction files. There is a "releases" on the right, which is where the historical versions of the real tools are downloaded.
Select the latest version (4.0.1), here is the godzilla.jar file we need, just click to download.
Install
Double-click to run the downloaded godzilla.jar file, the first time you open it, the data.db database will be generated in the same directory to store data. (The operating environment requirements are described in detail in the README.md file)
It may be a bit slow to open for the first time, and the Godzilla interface is like this.
2. Tool use
Open the experimental environment of the first level of upload-labs (this is only used to demonstrate the use of Godzilla, other environments are also available)
Generating a Trojan
Open Godzilla, "Manage" -> "Generate", and generate a Trojan horse as shown in the figure. (Professional test, I can’t connect to Godzilla with my own Trojan horse , maybe because Godzilla’s traffic is encrypted, I didn’t find out the specific reason carefully)
Select the file generation path and set the file name.
The Trojan file was successfully generated
Open the generated Trojan file, it is actually a one-sentence Trojan in php.
filter bypass
The first pass of upload-labs is a front-end verification, which can be bypassed by using burp to intercept data packets and modify the content. Change the suffix of gsl.php to .png.
Go to burp and change the suffix of the uploaded file back to php, then forword.
Back to the browser, you can see that the Trojan has been uploaded successfully. Press F12 to view the file path. There is ".../" in the path here that needs to be spliced (a little trick: there is a small arrow in the upper right corner after F12 comes out, select it. Then move the mouse to where the page will automatically locate the code there)
tool connection
The result of url splicing is as follows:
Go back to Godzilla, "Target" -> "Add", fill in the content. It should be consistent with the option selected when the Trojan was generated.
You can "test the connection" first to see if there is any error, and then "add" after prompting "success".
Select the target, right mouse button -> "Enter", you can see the content.
Related resources: https://download.csdn.net/download/zibery/85527055