Comments (2)
Hey @CaptainBoggle,
i know its a bit late - like a handfull years late. I recently looked at jexboss as a part of my bachelor-thesis to verify a webapp for CVE-2016-8735 and stumbled upon the same issue with the -jmxtomcat option. Considering it hasn't apperantly been fixed ever since and i see no further comment on it. Here a quick workaround that should fix the issue.
Its a rather small parsing error in the jexboss.py script. In Line 364 and 365 the script takes your URL and parses it in 3 sections split by ":" to (Protocol : //Adress : Port). Line 365 throws the error because it tries to assign an integer to e.g "//127.0.01". Simply increment both parameters by one and it fixes the parsing.
Either provide e.g. http:127.0.0.1:443 as CLI argument -
or add the line shown below to strip the slashes from the Host to prevent subsequent [Errno -2] Name or service not known.
In case you still want to use the double slash in your URL. The script should still work as intended afterwards.
elif vector == 'JMX Tomcat':
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(7)
364 host_rmi = url.split(':')[0] #Change 0->1
+ host_rmi = host_rmi.replace("//","") #Strips the // from the Host Adress
365 port_rmi = int(url.split(':')[1]) #Change 1->2
s.connect((host_rmi, port_rmi))
s.send(b"JRMI\x00\x02K")
msg = s.recv(1024)
octets = str(msg[3:]).split(".")
if len(octets) != 4:
paths[vector] = 505
else:
paths[vector] = 200
Considering the time since you opend the issue you may have found that yourself. For those stumbling across it as well and still wanting to utilize the tool in 2023 for that purpose - that'll do it. Also when you run the script it creates a log file that's rather helpful ;)
EDIT: Done a bit of formatting and provided the additional solution for stripping the slashes from the host_rmi variable. Excuse the frequent edits - first time posting of GitHub. Hope the solution helps some of you encountering the same issue.
from jexboss.
Thank you!
from jexboss.
Related Issues (20)
- -y flag
- Unable to execute shell commands
- request to add CVE-2018-11776 HOT 1
- Checking Struts2 Error HOT 1
- An error occurred while connecting to the host google.com (list index out of range)
- still vulnerable?
- Failed to parse: HOT 1
- DH key too small
- Resume session without re-exploiting
- can't do default windows commands like dir in meterpreter session
- will you update that tools
- how to update this tools??? HOT 1
- * Error contacting the command shell. Try again later... HOT 6
- Read timed out HOT 1
- https / port 443 HOT 1
- Why is the remote WAR sending Host & remote IP to some C&C? HOT 3
- CVE-2017-12149 HOT 2
- More customization
- Problem in Shell
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jexboss.