Dynamic JSP webshell that receives Java class bytecode, loads and execute it, returning the output to the operator. The client generates the bytecode during runtime using a payload template that calls java.Runtime.exec() with a provided string as input, XORs it and sends to JSP page.
-
Upload
webshell.jspto target server (e.g. as Tomcat WAR package)jar cvf app.war webshell.jsp
-
Compile and run
client.javaand provide the webshell URL argument:javac client.java && java client http://127.0.0.1:8080/app/webshell.jsp
-
Only for educational and ethical use-cases.