Metasploit mailing list archives
Re: JBoss Application Server Exploit Modules
From: Patrick Hof <patrick.hof () redteam-pentesting de>
Date: Tue, 15 Jun 2010 23:07:42 +0200
Hi, Tyler Krpata <krpatasec () gmail com> wrote:
Good stuff! To jump on the bandwagon, attached is a scanner that I was working on that is a good smoke test for some of these vulns on a JBoss instance. One thing it doesn't currently do is see if the RMI port is open, which I will get around to adding.
I was getting started to write such a scanner myself, it's great that there's already someone who did the work :). I suggest you add the following URLs to the checks: /web-console/Invoker /invoker/JMXInvokerServlet If one of those returns a Java serialized object, you can send arbitrary JMX commands to the JBoss AS and therefore exploit it. See the older whitepaper "Bridging the Gap between the Enterprise and You" on http://www.redteam-pentesting.de/publications/jboss for an explanation. Regards, Patrick -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- JBoss Application Server Exploit Modules Patrick Hof (Jun 15)
- Re: JBoss Application Server Exploit Modules Tyler Krpata (Jun 15)
- Re: JBoss Application Server Exploit Modules Patrick Hof (Jun 15)
- Re: JBoss Application Server Exploit Modules Tyler Krpata (Jun 25)
- Re: JBoss Application Server Exploit Modules Patrick Hof (Jun 15)
- Re: JBoss Application Server Exploit Modules Giorgio Casali (Jun 28)
- Re: JBoss Application Server Exploit Modules Patrick Hof (Jun 28)
- Re: JBoss Application Server Exploit Modules Giorgio Casali (Jun 28)
- Re: JBoss Application Server Exploit Modules Patrick Hof (Jun 28)
- Re: JBoss Application Server Exploit Modules Tyler Krpata (Jun 15)