參考:
- https://github.com/k1n9/k1n9.github.io/blob/aeeb609fe6a25d67bc2dc5f990a501368fb25409/_posts/2017-08-24-attack-jmx-rmi.md
- https://webcache.googleusercontent.com/search?q=cache%3Ahttps%3A%2F%2Fwww.optiv.com%2Fblog%2Fexploiting-jmx-rmi&oq=cache%3Ahttps%3A%2F%2Fwww.optiv.com%2Fblog%2Fexploiting-jmx-rmi&aqs=chrome…69i57j69i58.1641j0j7&sourceid=chrome&ie=UTF-8
這個比mjet好用。
嘗試利用Solr的CVE-2019-12409:
開啓JMX的RMI服務可以通過在tomcat的catalina.bat/sh裏添加:
set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=<your IP> -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
參考:
https://www.lagou.com/lgeduarticle/86751.html