Blackjump Save

JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021

Project README

blackjump

中文 | English

免责声明: 本工具仅面向合法授权的企业安全建设行为,在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标使用

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任

JumpServer 堡垒机综合漏洞利用

  • 未授权任意用户密码重置 (CVE-2023-42820)
  • 未授权一键下载所有操作录像 (CVE-2023-42442)
  • 未授权任意命令执行漏洞 (RCE 2021)

安装

python3 -m pip install -r requirements.txt

使用指南

  • CVE-2023-42820: 如果知道目标的用户名和邮箱可以指定 --user--email 参数
python3 blackjump.py reset https://vulerability

img.png

python3 blackjump.py dump https://vulerability

img_1.pnge

  • RCE
python3 blackjump.py rce http(s)://vulerability

img.png

  • 帮助
python3 blackjump.py {reset,dump,rce} -h

参考

  1. https://github.com/Veraxy00/Jumpserver-EXP (RCE 2021 漏洞在其基础上优化部分情况命令执行失败或获取不到资产问题)
Open Source Agenda is not affiliated with "Blackjump" Project. README Source: tarihub/blackjump
Stars
149
Open Issues
0
Last Commit
2 months ago
Repository
tarihub/blackjump
License
MIT
Tags
Cve 2023 42442 Cve 2023 42820 Jumpserver

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?