Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
/ blackjump Public

JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021

License

MIT license
264 stars 32 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tarihub/blackjump

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
img
img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_en.md
README_en.md
 
 
blackjump.py
blackjump.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

blackjump

中文 | English

免责声明: 本工具仅面向合法授权的企业安全建设行为,在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标使用

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任

JumpServer 堡垒机综合漏洞利用

  • 未授权任意用户密码重置 (CVE-2023-42820)
  • 未授权一键下载所有操作录像 (CVE-2023-42442)
  • 未授权任意命令执行漏洞 (RCE 2021)

安装

python3 -m pip install -r requirements.txt

使用指南

  • CVE-2023-42820: 如果知道目标的用户名和邮箱可以指定 --user--email 参数
python3 blackjump.py reset https://vulerability

img.png

python3 blackjump.py dump https://vulerability

img_1.pnge

  • RCE
python3 blackjump.py rce http(s)://vulerability

img.png

  • 帮助
python3 blackjump.py {reset,dump,rce} -h

参考

  1. https://github.com/Veraxy00/Jumpserver-EXP (RCE 2021 漏洞在其基础上优化部分情况命令执行失败或获取不到资产问题)

About

JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021

Topics

jumpserver cve-2023-42442 cve-2023-42820

Resources

Readme

License

MIT license
Activity

Stars

264 stars

Watchers

3 watching

Forks

32 forks
Report repository

Releases

1 tags

Contributors 3

  •  
  •  
  •  

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.