JRMPClient payload: how does it work? #43
Comments
|
The author of this is @mbechler and there's some minimal docs in the source code, but my understanding is that https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/exploit/JRMPClient.java#L21 /**
* Generic JRMP client
*
* Pretty much the same thing as {@link RMIRegistryExploit} but
* - targeting the remote DGC (Distributed Garbage Collection, always there if there is a listener)
* - not deserializing anything (so you don't get yourself exploited ;))
*
* @author mbechler
*
*/It's hard to say what the issue is without seeing the exception, but in the future you're probably better off asking usage/support type questions in the gitter chat https://gitter.im/frohoff/ysoserial. |
|
Should probably have named the client and the payload differently to avoid confusion ;) Usage for payloads.JRMPClient:
What kind of exception are you seeing? A ClassCastException would be expected (and in that case I guess you should see the request coming in, if the address is correct and reachable). Unfortunately the code that the reverse call is made in swallows any exceptions so if you need to go further you would have to attach a debugger (code in question should be DGCClient$Endpoint.makeCleanCalls) to see what is wrong. |
|
Thanks! I will follow-up in the gitter chat. |
|
Thanks. Closing. |
Hello:
Can the author of this payload please provide the steps for this exploit to work?
I streamed the payload into a WebLogic instance but I get an exception.
I also tried to create a JRMPListener and use them together but with no success. I guess I do not understand how this payload should work.
Can you please help me?
Thank you!
The text was updated successfully, but these errors were encountered: