Hacking the Java Debug Wire Protocol – or – “How I met your Java debugger”
By Christophe Alladoum – @_hugsy_ TL;DR: turn any open JDWP service into reliable remote code execution (exploit inside) <plagiarism> Kids, I’m gonna tell you an incredible story. </plagiarism> This is the story of how I came across an interesting protocol during a recent engagement for IOActive and turned it into a reliable way to execute remote code. In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester’s point of view. I will cover some JDWP internals and…