Reverse shell
The RCE security breach represents the next attack vector after SQL injection, however RCE also provides access to the 3rd layer of security concern: the reverse shell.
Rev shell is a direct connection between you and the target, it allows to execute system commands similarly to RCE but with closer affinity, like SSH but with getting rid of encryption and authentication with also the capacity to bypass firewalls.
💉jSQL provides a built-in java socket that makes the rev shell really easy to setup compared to what you do usually with external tools like netcat.
The minimal setup for a rev shell is just a matter of one single click, likewise what you do with RCE already with a click.
That mode requires first to listen on your side on a specific port, then to run a command on the target which connects back directly to your address on that port.
As the remote system has usually access to the web for system and security upgrades, it may also connect back to your IP address without any firewall detection.
Here it's the opposite, first the RCE runs a command on the target that listens on a specific port, then you connect back to the target.
It's less likely to succeed as the route right back to the target from your IP address is more likely blocked by security measures like firewalls.
Default setup is the standard bash though you can select multiple other types like perl or python, as the target can propose limited ways to open a connection depending on the packages installed.
You can also experiment with new connection methods and add the CLI commands to the panel Preferences and use it right away.