Reverse shell
The RCE security breach represents the next attack vector after SQL injection, additionally RCE provides also access to the 3rd layer of security concern: the reverse shell.
Rev shell is a direct connection between you and the target, it allows to execute system commands similarly to RCE but with closer affinity, like SSH but getting rid of encryption and authentication with also firewall bypass capacity.
Important
This content is delivered for education purpose and security concern, to use on a controlled environment.
Tip
Share also your concern and add new techniques, open a pull request.
💉jSQL provides a built-in java socket that makes the rev shell really easy to setup compared to what you do usually with external tools like netcat.
The minimal setup for a rev shell is just a matter of one single click, similarly to how RCE is setup with a click.
This requires first to listen on your side on a specific port, then to run a command on the target which connects back directly to your address on that port.
As the remote system has usually access to the web for system and security upgrades, it may also connect back to your IP address without any firewall detection.
It's the opposite direction than previous setup, first the RCE runs a command on the target that listens on a specific port, then you connect back to the target.
Though it's less likely to succeed as the route right back to the target from your IP address is more likely blocked by security measures like firewalls.
Default setup is the standard bash, however you can select multiple other types like perl or python, as the target can be limited by the packages installed in order to open the connection.
You can also experiment with new connection methods that you add to the panel Preferences and use it right away.