-
Notifications
You must be signed in to change notification settings - Fork 424
Reverse shell
The RCE security breach represents the next attack vector after SQL injection, however RCE also provides access to the 3rd layer of security concern: the reverse shell.
Rev shell is a direct connection between you and the target, it allows to execute system commands similarly to RCE but with closer affinity, like SSH but with neither encryption nor authentication.
jSQL provides a built-in java socket that makes the rev shell really easy to setup compared to what you do usually with external tools like netcat.
The minimal setup of rev shell is just a matter of one click, likewise what you do with RCE already with a single click.
That mode requires first to listen on your side on a specific port, then to run a command on the target which connects back directly to your address on that port.
Here it's the opposite, first the RCE runs a command on the target that listens on a specific port, then you connect back to the target.
It's less likely to succeed as the route from your address right back to the target is more likely affected by security measures like firewalls.
Default setup is the standard bash but you can select multiple other types like perl and python, as the target can propose several ways to open a connection depending on the packages installed.
You can also experiment with new connection methods, add the new CLI commands to the panel Preferences and use it right away.