Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 75.1 Icon
edited by Nicolas Gregoire
on 2012/01/17 12:00
Change comment: There is no comment for this version
To version Icon 76.1 Icon
edited by Nicolas Gregoire
on 2012/01/17 12:02
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -45,6 +45,8 @@
45 45  
46 46  = Java code execution =
47 47  
48 +== Basic Java calls ==
49 +
48 48  The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
49 49  
50 50  |=Namespace|=Extension function|=PoC|=Sample output
... ... @@ -51,6 +51,17 @@
51 51  |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
52 52  Wed Jan 11 22:45:07 CET 2012
53 53  
56 +== Executing arbitrary classes ==
57 +
58 +-- It is afaik not possible to get a pure Java reverse-shell, as we can't create threads :-( --
59 +
60 +{{warning}}
61 +TODO : javapayload => loading arbitrary byte code (aka classes) via reflection
62 +$> java javapayload.builder.Builder Template XalanJ.xsl bind-jsh-4444.xsl BindTCP 127.0.0.1 4444 - - JSh
63 +List supported payloads !
64 +Check supported versions of Xalan !
65 +{{/warning}}
66 +
54 54  = OS command execution =
55 55  
56 56  Once Java code execution is possible, it is trivial to execute arbitrary OS commands using the java.lang.Runtime class.