Nmap Development mailing list archives
[NSE] IBM Websphere Application Server helper scripts
From: Vlatko Kosturjak <kost () linux hr>
Date: Mon, 13 Jul 2015 06:58:31 +0200
Hello! IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic. Therefore, it should be interesting to any penetration tester doing enterprise scale work where Websphere might be present. It should be also interesting to anyone who is working on securing enterprise environment since Websphere allows deploying own (malicious or not) code to the server. I have written NSE scripts to identify IBM Websphere consoles of application servers and to brute force any usernames and passwords. Scripts are also available at: https://github.com/kost/nmap-nse For demonstration purposes, I have demonstrated basic NSE scripts usage at my blog: https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/ There you can find also basics of WebSphere exploitation. Hope it helps, -- Vlatko Kosturjak - KoSt
Attachment:
http-websphere-console.nse
Description:
Attachment:
http-websphere-console-brute.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] IBM Websphere Application Server helper scripts Vlatko Kosturjak (Jul 12)