IOActive
Possible to get the command ouput
Hello @hugsy,
I wondered whether it would even be possible to grab the command output, as going blind is sometimes tricky.
I don't know if it is possible as a loop has to be defined to grab the buffer stream... This kind of stuff works (but for 1 line only), maybe you'll figure out how grab an output:
In a jdb session:
$ print new java.io.BufferedReader( new java.io.InputStreamReader( new java.lang.Runtime().exec("whoami").getInputStream())).readLine()
...
new java.io.BufferedReader( new java.io.InputStreamReader( new java.lang.Runtime().exec("whoami").getInputStream())).readLine() = "root"
By the way, I took the liberty to bundle your original script for Windows in order to easily drop it on internal compromised machines: I obviously put a link to your repo, tell me if anything bothers.
Cheers.
Hey @maaaaz
I already took a look at fetching the result from the command. When I wrote the exploit code, my objective was to make code execution 100% reliable for all JVM (only POC existed at that time).
Using the StreamReader with the exploit to display content would add quite a bit of work which I don't really have time to do right now. But if you do, I gladly accept Pull Request :-)
And thanks for providing a compiled copy of the tool.
Cheers,
