Skip to content

magev0/groovy-rce-bindshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
README.md
README.md
 
 
write_bindshell.groovy
write_bindshell.groovy
 
 

Repository files navigation

A Groovy RCE payload that writes a JSP bind shell into the web application root. This is useful in environments where outbound connections are restricted and reverse shells are not feasible (e.g., strict egress firewalling).

Example use case:

Initial access is limited to a Groovy script console, and outbound network connections are blocked, preventing reverse shell callbacks. This technique demonstrates how to pivot to an inbound bind shell instead.

I published a detailed PoC explaining the why and how here: https://vipa0z.github.io/2025/10/22/abusing-groovy-script-consoles/

Usage

  1. Modify paths to match the target web application deployment directory.

  2. Execute the Groovy script to drop the JSP bind shell on disk.

  3. Trigger the bind shell by requesting the JSP endpoint:

    curl https://target/bindshell.jsp

About

A Groovy script that deploys a java bindshell for Environments that Support Groovy Consoles. Best used in scenarios where reverse connections are blocked (when you cant get revshells) due to firewall egress filtering.

vipa0z.github.io/2025/10/22/Remote%20Code%20Execution%20in%20liferay-jenkins/

Topics

jenkins rce liferay liferay-portal

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages