mirror of
https://github.com/SleepingBag945/dddd.git
synced 2025-06-08 14:06:33 +00:00
111 lines
2.9 KiB
Go
111 lines
2.9 KiB
Go
package gopocs
|
|
|
|
import (
|
|
"dddd/common"
|
|
"dddd/ddout"
|
|
"dddd/structs"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"github.com/projectdiscovery/gologger"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func JDWPScan(info *structs.HostInfo) (err error) {
|
|
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
|
client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(6)*time.Second)
|
|
defer func() {
|
|
if client != nil {
|
|
client.Close()
|
|
}
|
|
}()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = client.SetDeadline(time.Now().Add(time.Duration(6) * time.Second))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = client.Write([]byte("JDWP-Handshake"))
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [1/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("JDWP-Handshake")))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rev := make([]byte, 1024)
|
|
n, errRead := client.Read(rev)
|
|
if errRead != nil {
|
|
return errRead
|
|
}
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [1/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
|
|
if !strings.Contains(string(rev[:n]), "JDWP-Handshake") {
|
|
// 不是JDWP
|
|
return err
|
|
}
|
|
|
|
_, err = client.Write([]byte("\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x01\x07"))
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [2/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x01\x07")))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rev = make([]byte, 1024)
|
|
n, errRead = client.Read(rev)
|
|
if errRead != nil {
|
|
return errRead
|
|
}
|
|
if n == 0 {
|
|
return err
|
|
}
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [2/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
|
|
_, err = client.Write([]byte("\x00\x00\x00\x0b\x00\x00\x00\x03\x00\x01\x01"))
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [3/3] Dumped TCP request for %s\n\n%s\n", realhost, hex.Dump([]byte("\x00\x00\x00\x0b\x00\x00\x00\x03\x00\x01\x01")))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rev = make([]byte, 1024)
|
|
n, errRead = client.Read(rev)
|
|
if errRead != nil {
|
|
return errRead
|
|
}
|
|
gologger.AuditTimeLogger("[Go] [JDWP] [3/3] Dumped TCP response for %s\n\n%s\n", realhost, hex.Dump(rev[:n]))
|
|
data := string(rev[:n])
|
|
if !strings.Contains(data, "Java Debug Wire Protocol") {
|
|
return err
|
|
}
|
|
|
|
javaInfo := data[15:]
|
|
result := fmt.Sprintf("JDWP://%s Unauthorized", realhost)
|
|
// gologger.Silent().Msg(result)
|
|
|
|
ddout.FormatOutput(ddout.OutputMessage{
|
|
Type: "GoPoc",
|
|
IP: "",
|
|
IPs: nil,
|
|
Port: "",
|
|
Protocol: "",
|
|
Web: ddout.WebInfo{},
|
|
Finger: nil,
|
|
Domain: "",
|
|
GoPoc: ddout.GoPocsResultType{PocName: "JDWP-Unauthorized",
|
|
Security: "CRITICAL",
|
|
Target: realhost,
|
|
InfoLeft: javaInfo,
|
|
Description: "JDWP未授权访问,可尝试RCE",
|
|
ShowMsg: result},
|
|
AdditionalMsg: "",
|
|
})
|
|
|
|
GoPocWriteResult(structs.GoPocsResultType{
|
|
PocName: "JDWP-Unauthorized",
|
|
Security: "CRITICAL",
|
|
Target: realhost,
|
|
InfoLeft: javaInfo,
|
|
Description: "JDWP未授权访问,可尝试RCE",
|
|
})
|
|
|
|
return err
|
|
}
|