The Hacker News Logo
Subscribe to Newsletter

Pwnshell : A Better JSP Shell download !

pwnshell is a stripped down version of the c99 shell and the likes. The only difference is that it a single JSP file, embedded with jQuery with a xterm like interface.

This is most useful at times when we when have an arbitrary file upload to a web-accessible directory that runs on J2EE. It could allow you to browse around the system with the privileges of the web application system user and execute arbitrary system commands. It can also show and alter session variables and help you dump JNDI entries.

pwnshell is a cross platform shell that runs on any system that supports Java 1.5 upwards. It’s usage is also simple – upload it to a vulnerable web directory, point your browser to the shell and when you get the shell, just pretend that you’re looking at the xterm interface. The best of all, it is open source!

Download the pwnshell here.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.