admin/dddd
1
0
Fork 0
mirror of https://github.com/SleepingBag945/dddd.git synced 2025-06-08 14:06:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
dddd/gopocs/jdwp.go

111 lines
2.9 KiB
Go
Raw Normal View History

dddd
2023-08-18 08:55:46 +02:00
package gopocs
import (
"dddd/common"
dddd v2.0
2024-04-03 06:32:26 +02:00
"dddd/ddout"
dddd
2023-08-18 08:55:46 +02:00
"dddd/structs"
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
"encoding/hex"
dddd
2023-08-18 08:55:46 +02:00
"fmt"
"github.com/projectdiscovery/gologger"
"strings"
"time"
)
func JDWPScan(info *structs.HostInfo) (err error) {
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(6)*time.Second)
defer func() {
if client != nil {
client.Close()
}
}()
if err != nil {
return err
}
err = client.SetDeadline(time.Now().Add(time.Duration(6) * time.Second))
if err != nil {
return err
}
_, err = client.Write([]byte("JDWP-Handshake"))
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [1/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("JDWP-Handshake")))
dddd
2023-08-18 08:55:46 +02:00
if err != nil {
return err
}
rev := make([]byte, 1024)
n, errRead := client.Read(rev)
if errRead != nil {
return errRead
}
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [1/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
dddd
2023-08-18 08:55:46 +02:00
if !strings.Contains(string(rev[:n]), "JDWP-Handshake") {
// 不是JDWP
return err
}
_, err = client.Write([]byte("\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x01\x07"))
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [2/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x01\x07")))
dddd
2023-08-18 08:55:46 +02:00
if err != nil {
return err
}
rev = make([]byte, 1024)
n, errRead = client.Read(rev)
if errRead != nil {
return errRead
}
if n == 0 {
return err
}
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [2/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
dddd
2023-08-18 08:55:46 +02:00
_, err = client.Write([]byte("\x00\x00\x00\x0b\x00\x00\x00\x03\x00\x01\x01"))
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [3/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("\x00\x00\x00\x0b\x00\x00\x00\x03\x00\x01\x01")))
dddd
2023-08-18 08:55:46 +02:00
if err != nil {
return err
}
rev = make([]byte, 1024)
n, errRead = client.Read(rev)
if errRead != nil {
return errRead
}
审计日志,更新53热点Poc
2024-01-02 14:50:55 +01:00
gologger.AuditTimeLogger("[Go] [JDWP] [3/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
dddd
2023-08-18 08:55:46 +02:00
data := string(rev[:n])
if !strings.Contains(data, "Java Debug Wire Protocol") {
return err
}
javaInfo := data[15:]
dddd v2.0
2024-04-03 06:32:26 +02:00
result := fmt.Sprintf("JDWP://%s Unauthorized", realhost)
// gologger.Silent().Msg(result)
ddout.FormatOutput(ddout.OutputMessage{
Type: "GoPoc",
IP: "",
IPs: nil,
Port: "",
Protocol: "",
Web: ddout.WebInfo{},
Finger: nil,
Domain: "",
GoPoc: ddout.GoPocsResultType{PocName: "JDWP-Unauthorized",
Security: "CRITICAL",
Target: realhost,
InfoLeft: javaInfo,
Description: "JDWP未授权访问,可尝试RCE",
ShowMsg: result},
AdditionalMsg: "",
})
dddd
2023-08-18 08:55:46 +02:00
GoPocWriteResult(structs.GoPocsResultType{
PocName: "JDWP-Unauthorized",
Security: "CRITICAL",
Target: realhost,
InfoLeft: javaInfo,
Description: "JDWP未授权访问,可尝试RCE",
})
return err
}
Reference in New Issue Copy Permalink