Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] IBM Websphere Application Server helper scripts

From: Vlatko Kosturjak <kost () linux hr>
Date: Mon, 13 Jul 2015 06:58:31 +0200
Hello!

IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic. 
Therefore, it should be interesting to any penetration tester doing 
enterprise scale work where Websphere might be present. It should be also 
interesting to anyone who is working on securing enterprise environment 
since Websphere allows deploying own (malicious or not) code to the server.

I have written NSE scripts to identify IBM Websphere consoles of 
application servers and to brute force any usernames and passwords. 

Scripts are also available at:
https://github.com/kost/nmap-nse

For demonstration purposes, I have demonstrated basic NSE scripts usage
at my blog:
https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/

There you can find also basics of WebSphere exploitation. 

Hope it helps,
-- 
Vlatko Kosturjak - KoSt

Attachment: http-websphere-console.nse
Description:

Attachment: http-websphere-console-brute.nse
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: