You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This exploitation script is meant to be used by pentesters against active JDWP service, in order to gain Remote Code Execution.
How does it work ?
Well, in a pretty standard way, the script only requires a Python 2 interpreter:
% python ./jdwp-shellifier.py -h
usage: jdwp-shellifier.py [-h] -t IP [-p PORT] [--break-on JAVA_METHOD]
[--cmd COMMAND]
Universal exploitation script for JDWP by @_hugsy_
optional arguments:
-h, --help show this help message and exit
-t IP, --target IP Remote target IP (default: None)
-p PORT, --port PORT Remote target port (default: 8000)
--break-on JAVA_METHOD
Specify full path to method to break on (default:
java.net.ServerSocket.accept)
--cmd COMMAND Specify full path to method to break on (default:
None)
This command will only inject Java code on the JVM and show some info like Operating System, Java version. Since it does not execute external code/binary, it is totally safe and can be used as Proof-Of-Concept
