Comments (4)
frohoff
commented on July 2, 2024
The author of this is @mbechler and there's some minimal docs in the source code, but my understanding is that exploit.JRMPClient is for directly exploiting DGC listeners (i.e. if there isn't a DGC listener open, it won't work).
https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/exploit/JRMPClient.java#L21
/**
* Generic JRMP client
*
* Pretty much the same thing as {@link RMIRegistryExploit} but
* - targeting the remote DGC (Distributed Garbage Collection, always there if there is a listener)
* - not deserializing anything (so you don't get yourself exploited ;))
*
* @author mbechler
*
*/It's hard to say what the issue is without seeing the exception, but in the future you're probably better off asking usage/support type questions in the gitter chat https://gitter.im/frohoff/ysoserial.
from ysoserial.
mbechler
commented on July 2, 2024
Should probably have named the client and the payload differently to avoid confusion ;)
Usage for payloads.JRMPClient:
- Launch a exploit.JRMPListener somewhere where the remote host can connect to with the secondary payload you like (generally the payload is only useful if the secondary payload is present on your exploitation target but you cannot get it there because there is some filter on the ObjectInputStream)
- Deliver the payloads.JRMPClient with the address/port that the listener is reachable on
- Now the remote end should try to contact that listener for performing distributed garbage collection, that call delivers the secondary payload via an exception. That connection should be visible in the output of JRMPListener.
- Remote deserializes exception (iirc with the TCCL from handling the original call) with a stock ObjectInputStream -> there you go.
What kind of exception are you seeing? A ClassCastException would be expected (and in that case I guess you should see the request coming in, if the address is correct and reachable). Unfortunately the code that the reverse call is made in swallows any exceptions so if you need to go further you would have to attach a debugger (code in question should be DGCClient$Endpoint.makeCleanCalls) to see what is wrong.
from ysoserial.
alexandersolovey
commented on July 2, 2024
Thanks! I will follow-up in the gitter chat.
from ysoserial.
frohoff
commented on July 2, 2024
Thanks. Closing.
from ysoserial.
Related Issues (20)
- Troubleshooting docs
- i can't found ysoserial.jar ! HOT 2
- ysoserial doesn't work with Java 18 HOT 1
- another way to Get PoC with RCE HOT 1
- Help understanding the CommonsBeanutils1 payload HOT 1
- Error while generating or serializing payload(openjdk17) HOT 1
- Ysoserial doesn't work with Java version 17 HOT 11
- Error: Unable to access jarfile ysoserial.jar HOT 6
- Error while generating or serializing payload (FIXED) HOT 2
- A tool for fuzzing the right payload HOT 3
- I don't know how to input next. HOT 2
- How can I create the sleep payload in the following payload with ysoserial? HOT 1
- Common Collection1 failed HOT 1
- Hello, I have some confusion about the code implementation of URLDNS HOT 2
- getting error while executing the command HOT 1
- ERROR when building → javax.interceptor depency no longer available at repo.jenkins-ci.org
- Ysoserial - System.IO.FileNotFoundException HOT 1
- parameter 'descriptor' has been removed from the plugin, please verify documentation.
- javax.interceptor-api/3.1 is no longer available HOT 1
- Build Failure HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ysoserial.