Giter Site home page Giter Site logo

Comments (2)

H4Xv1 avatar H4Xv1 commented on May 19, 2024

Hey @CaptainBoggle,

i know its a bit late - like a handfull years late. I recently looked at jexboss as a part of my bachelor-thesis to verify a webapp for CVE-2016-8735 and stumbled upon the same issue with the -jmxtomcat option. Considering it hasn't apperantly been fixed ever since and i see no further comment on it. Here a quick workaround that should fix the issue.

Its a rather small parsing error in the jexboss.py script. In Line 364 and 365 the script takes your URL and parses it in 3 sections split by ":" to (Protocol : //Adress : Port). Line 365 throws the error because it tries to assign an integer to e.g "//127.0.01". Simply increment both parameters by one and it fixes the parsing.

Either provide e.g. http:127.0.0.1:443 as CLI argument -
or add the line shown below to strip the slashes from the Host to prevent subsequent [Errno -2] Name or service not known.
In case you still want to use the double slash in your URL. The script should still work as intended afterwards.

            elif vector == 'JMX Tomcat':

                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.settimeout(7)
364             host_rmi = url.split(':')[0]            #Change 0->1
+               host_rmi = host_rmi.replace("//","")  #Strips the // from the Host Adress
365             port_rmi = int(url.split(':')[1])      #Change 1->2
                s.connect((host_rmi, port_rmi))
                s.send(b"JRMI\x00\x02K")
                msg = s.recv(1024)
                octets = str(msg[3:]).split(".")
                if len(octets) != 4:
                    paths[vector] = 505
                else:
                    paths[vector] = 200

Considering the time since you opend the issue you may have found that yourself. For those stumbling across it as well and still wanting to utilize the tool in 2023 for that purpose - that'll do it. Also when you run the script it creates a log file that's rather helpful ;)

EDIT: Done a bit of formatting and provided the additional solution for stripping the slashes from the host_rmi variable. Excuse the frequent edits - first time posting of GitHub. Hope the solution helps some of you encountering the same issue.

from jexboss.

CaptainBoggle avatar CaptainBoggle commented on May 19, 2024

Thank you!

from jexboss.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.