pwnshell is a stripped down version of the c99 shell and the likes. The only difference is that it a single JSP file, embedded with jQuery with a xterm like interface.

This is most useful at times when we when have an arbitrary file upload to a web-accessible directory that runs on J2EE. It could allow you to browse around the system with the privileges of the web application system user and execute arbitrary system commands. It can also show and alter session variables and help you dump JNDI entries.

pwnshell is a cross platform shell that runs on any system that supports Java 1.5 upwards. It’s usage is also simple – upload it to a vulnerable web directory, point your browser to the shell and when you get the shell, just pretend that you’re looking at the xterm interface. The best of all, it is open source!

Download the pwnshell here.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.