search

qtc-de / beanshooter

JMX enumeration and attacking tool.
GNU General Public License v3.0
378 stars 45 forks source link

Tonka Loading Error #33

Open Toejam123 opened 1 year ago

Toejam123 commented 1 year ago

For some reason, I'm unable to deploy Tonka. I was able to download / load the file successfully with:

java -jar beanshooter-4.1.0-jar-with-dependencies.jar mlet load 127.0.0.1 1234 tonka http://127.0.0.1 --jmxmp

The unsupported version error makes me think the tonka jar file is not compatible with the current java version running on the server. Would you have any ideas on how to resolve?

java -jar beanshooter-4.1.0-jar-with-dependencies.jar tonka deploy 127.0.0.1 1234 --jmxmp

Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
[+] Starting MBean deployment.
[+]
[+]     Deplyoing MBean: TonkaBean
[-]     Caught unexpected javax.management.remote.JMXServerErrorException during registering MBean.
[-]     Please report this to improve beanshooter :)
[-]     StackTrace:
javax.management.remote.JMXServerErrorException: java.lang.UnsupportedClassVersionError: de/qtc/beanshooter/tonkabean/TonkaBean : Unsupported major.minor version 52.0
        at javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:751)
        at javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)
        at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:266)
        at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
        at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
Caused by: java.lang.UnsupportedClassVersionError: de/qtc/beanshooter/tonkabean/TonkaBean : Unsupported major.minor version 52.0
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(Unknown Source)
        at java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.defineClass(Unknown Source)
        at java.net.URLClassLoader.access$000(Unknown Source)
        at java.net.URLClassLoader$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(Unknown Source)
        at javax.management.loading.MLet.findClass(Unknown Source)
        at javax.management.loading.MLet.findClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClass(Unknown Source)
        at java.lang.ClassLoader.loadClassInternal(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Unknown Source)
        at com.sun.jmx.mbeanserver.ClassLoaderRepositorySupport.loadClass(Unknown Source)
        at com.sun.jmx.mbeanserver.ClassLoaderRepositorySupport.loadClass(Unknown Source)
        at com.sun.jmx.mbeanserver.MBeanInstantiator.findClassWithDefaultLoaderRepository(Unknown Source)
        at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.createMBean(Unknown Source)
        at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.createMBean(Unknown Source)
        at com.sun.jmx.mbeanserver.JmxMBeanServer.createMBean(Unknown Source)
        at javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:176)
        at javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)
        ... 4 more
qtc-de commented 1 year ago

Hi @Toejam123 :wave:

you are fully correct, the problem seems to be an incompatible Java version. If you downloaded beanshooter from the release section, it is compiled for Java 8 (major-minor version 52). Java is backward compatible regarding class loading. This means that any Java 8+ software should be able to load the tonka bean.

In your example, the server is probably running Java 7 or even older. To make beanshooter working here you need to compile it for Java 7 (or older) too. Here are the steps to fix the issue:

  1. Install Java 7 (could be not that straight forward, as Java 7 is deprecated and not offered by most package managers anymore. However, manual installation or via Docker should be possible)
  2. Clone beanshooter repository on the Machine you installed Java 7
  3. Run mvn package within the beanshooter clone

I cannot guarantee that this will resolve the issue, as beanshooter and its dependencies may include code that is not Java 7 compatible. However, it would be interesting to know that. So, if you give it a try, please report your experiences :upside_down_face:

Best Tobias

Toejam123 commented 1 year ago

Unfortunately, it was unsuccessful. Looks as if the beanshooter jar file isn't compatible.

This was the versions that I was using (Java 1.7 was halted once I tried compiling with maven):

Apache Maven 3.0.5
Maven home: /usr/share/maven
Java version: 1.8.0_111, vendor: Oracle Corporation
Java home: /usr/lib/jvm/java-8-openjdk-amd64/jre

Getting the same error once I try to run the jar file:

java -jar beanshooter-4.1.0-jar-with-dependencies.jar 
Exception in thread "main" java.lang.UnsupportedClassVersionError: de/qtc/beanshooter/Starter : Unsupported major.minor version 52.0
        at java.lang.ClassLoader.defineClass1(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:803)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:442)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:64)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:354)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:348)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:347)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:312)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
        at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)
peter5he1by commented 1 year ago

Here's my suggestions:

If the server run jdk 7, you can mvn package the tonka-bean maven project, not the beanshooter project. And then use custom stager to stage your compiled tonka-xxx.jar. For better ease of use, I used Jetbrains IDEA CE to do these things.

But if the server run jdk 6 or lower, you may find that IDEA does not support such low versions of jdk (either does the maven). So you need to build tonka.jar using jar executable by yourself. You can check the article below.

https://stackoverflow.com/questions/4597866/java-creating-jar-file

qtc-de commented 1 year ago

Thanks for sharing your experiences. @Toejam123 when the server runs Java 7, you need to compile the tonka bean with Java 7. Any build using Java 8 (regardless of the minor version) will not work.

@peter5he1by described a possible workflow. I will check whether it is possible to compile the tonka bean per default with Java 7 within my release workflows. If it is, I will adopt it :)