Skip to content
/ jsp-bytecode-webshell Public

Dynamic JSP webshell that receives Java class bytecode, loads and execute it, returning the output to the operator.

License

GPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joaovarelas/jsp-bytecode-webshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
client.java
client.java
 
 
image01.png
image01.png
 
 
payload_template.java
payload_template.java
 
 
webshell.jsp
webshell.jsp
 
 

Repository files navigation

jsp-bytecode-webshell

Dynamic JSP webshell that receives Java class bytecode, loads and execute it, returning the output to the operator. The client generates the bytecode during runtime using a payload template that calls java.Runtime.exec() with a provided string as input, XORs it and sends to JSP page.

How to use

  1. Upload webshell.jsp to target server (e.g. as Tomcat WAR package)

    • jar cvf app.war webshell.jsp

  2. Compile and run client.java and provide the webshell URL argument:

    • javac client.java && java client http://127.0.0.1:8080/app/webshell.jsp

References

About

Dynamic JSP webshell that receives Java class bytecode, loads and execute it, returning the output to the operator.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages