From df39ded79a5e6e2eff20134fc8d388dd49c3156e Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Thu, 28 Dec 2023 18:48:26 +0000
Subject: [PATCH] update: jdwp repository and explaination

---
 .../pentesting-jdwp-java-debug-wire-protocol.md       | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md b/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md
index 061b133144d..6ed074b439e 100644
--- a/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md
+++ b/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md
@@ -14,7 +14,11 @@
 
 ## Exploiting
 
-You can use the python exploit located in [https://github.com/IOActive/jdwp-shellifier](https://github.com/IOActive/jdwp-shellifier)
+JDWP exploitation hinges on the **protocol's lack of authentication and encryption**. It's generally found on **port 8000**, but other ports are possible. The initial connection is made by sending a "JDWP-Handshake" to the target port. If a JDWP service is active, it responds with the same string, confirming its presence. This handshake acts as a fingerprinting method to identify JDWP services on the network.
+
+In terms of process identification, searching for the string "jdwk" in Java processes can indicate an active JDWP session.
+
+The go-to tool is [jdwp-shellifier](https://github.com/hugsy/jdwp-shellifier). You can use it with different parameters:
 
 ```bash
 ./jdwp-shellifier.py -t 192.168.2.9 -p 8000 #Obtain internal data
@@ -24,11 +28,6 @@ You can use the python exploit located in [https://github.com/IOActive/jdwp-shel
 
 I found that the use of `--break-on 'java.lang.String.indexOf'` make the exploit more **stable**. And if you have the change to upload a backdoor to the host and execute it instead of executing a command, the exploit will be even more stable.
 
-Normally this debugger is run on port 8000 and if you establish a TCP connection with the port and send "**JDWP-Handshake**", the server should respond you with the same string.\
-Also, you can check this string in the network to find possible JDWP services.
-
-Listing **processes**, if you find the string "**jdwk**" inside a **java process**, probably it has active the \*\*Java Debug Wired Protocol \*\*and you may be able to move laterally or even **escalate privileges** (if executed as root).
-
 ## More details
 
 **Copied from** [**https://ioactive.com/hacking-java-debug-wire-protocol-or-how/**](https://ioactive.com/hacking-java-debug-wire-protocol-or-how/)