mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 09:27:32 +00:00
update: jdwp repository and explaination
This commit is contained in:
parent
08536c564d
commit
df39ded79a
1 changed files with 5 additions and 6 deletions
|
@ -14,7 +14,11 @@
|
|||
|
||||
## Exploiting
|
||||
|
||||
You can use the python exploit located in [https://github.com/IOActive/jdwp-shellifier](https://github.com/IOActive/jdwp-shellifier)
|
||||
JDWP exploitation hinges on the **protocol's lack of authentication and encryption**. It's generally found on **port 8000**, but other ports are possible. The initial connection is made by sending a "JDWP-Handshake" to the target port. If a JDWP service is active, it responds with the same string, confirming its presence. This handshake acts as a fingerprinting method to identify JDWP services on the network.
|
||||
|
||||
In terms of process identification, searching for the string "jdwk" in Java processes can indicate an active JDWP session.
|
||||
|
||||
The go-to tool is [jdwp-shellifier](https://github.com/hugsy/jdwp-shellifier). You can use it with different parameters:
|
||||
|
||||
```bash
|
||||
./jdwp-shellifier.py -t 192.168.2.9 -p 8000 #Obtain internal data
|
||||
|
@ -24,11 +28,6 @@ You can use the python exploit located in [https://github.com/IOActive/jdwp-shel
|
|||
|
||||
I found that the use of `--break-on 'java.lang.String.indexOf'` make the exploit more **stable**. And if you have the change to upload a backdoor to the host and execute it instead of executing a command, the exploit will be even more stable.
|
||||
|
||||
Normally this debugger is run on port 8000 and if you establish a TCP connection with the port and send "**JDWP-Handshake**", the server should respond you with the same string.\
|
||||
Also, you can check this string in the network to find possible JDWP services.
|
||||
|
||||
Listing **processes**, if you find the string "**jdwk**" inside a **java process**, probably it has active the \*\*Java Debug Wired Protocol \*\*and you may be able to move laterally or even **escalate privileges** (if executed as root).
|
||||
|
||||
## More details
|
||||
|
||||
**Copied from** [**https://ioactive.com/hacking-java-debug-wire-protocol-or-how/**](https://ioactive.com/hacking-java-debug-wire-protocol-or-how/)
|
||||
|
|
Loading…
Reference in a new issue