Java Shell/Escape issues with RCE

Java Shell/Escape issues with RCE

Sometimes when pwning Oracle stuff or other nutters that use Java, you encounter some RCE opportunities but if you try a regular command it often fails, that’s because you need an escape sequence but also an echo2sh pipe because if we use another echo to echo our command and pipe it to sh, we’ll get our command executed by sh entirely.

sh -c $@|sh . echo command

Example:

sh -c $@|sh . echo id