For a long time, I used http://www.jackson-t.ca/runtime-exec-payloads.html to convert my payload to a suitable format for java.lang.Runtime. One day, I saw this website is down. I missed it so much so I host its content here as a legacy tool.
Besides the original content, I added support for Python3, Ruby and NodeJS. For Python3 and Ruby, I use Hex encoding instead of Base64. I tried to use __import__("base64") on Python3 but it gave me a NameError though __import__("os") not. The Hex decoding of Ruby can be used as the default Array#pack function so no need to use the require method to include the Base64 module.
Occasionally there are times when command execution payloads via Runtime.getRuntime().exec()
fail. This can happen when using web shells, deserialization exploits, or through other vectors.
Sometimes this is because redirection and pipe characters are used in a way that doesn't make sense in the context of the process that's being launched. For example, executing ls > dir_listing
in a shell should output a listing of the current directory into a file called dir_listing
. But in the context of the exec()
function, that command would instead be interpreted to fetch the listings of the >
and dir_listing
directories.
Other times, arguments with spaces within them are broken by the StringTokenizer class which splits command strings by spaces. Something like ls "My Directory"
would then be interpreted as ls '"My' 'Directory"'
.
With the help of Base64 encoding, the converter below can help reduce these issues. It can make pipes and redirects great again through calls to Bash or PowerShell and it also ensures that there aren't spaces within arguments.
Input:
Choose input type:
Result: