Hacking JBoss with JMX Console

October 27, 2009 7:38 pm | 4 Comments | sid

Often while doing Internal Infrastructure assessments, its common to find unrestricted access to JBOSS JMX console. This web interface allows deployment of arbitrary war files. Here is an excellent article describing the process:
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf

Here is a war file, ready to use: cmd.war (zipped)
Once deployed check for this file on the vulnerable jboss: http://victim:8080/cmd/cmd.jsp

Happy Hacking
————————–
Advert: Testking offers complete collection of latest practice questions for 000-201 as well as 000-330 and 000-331 exams.

Posted in: Research

4 Thoughts on “Hacking JBoss with JMX Console”

Rasool on December 6, 2010 at 12:49 pm said:

The file cannot be downloaded – it gives a 403 forbidden error !
Can you please email it for me ?
same on April 25, 2011 at 8:45 am said:

Same here.
Pingback: From LOW to PWNED [3] JBoss/Tomcat server-status | Shall we play a game?
Pingback: From LOW to PWNED [3] JBoss/Tomcat server-status | Shall we play a game?

Leave a Reply Cancel reply

← Previous Post

The Art of Exploiting Injection Flaws@Black hat Vegas 2013 April 23, 2013
Hello All, The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days … Read More […]
admin
A Collaboration worth mentioning.. November 3, 2012
Hello All, It has been a long time since you have heard from me I am quite excited to share … Read More […]
sid
What to/not to expect from pentest May 3, 2012
Hello, it has been a while since I posted something (nothing unusual), but I really wanted to touch on a … Read More […]
sid
Black Hat Eu 2012 March 18, 2012
Hello All, as always it has been a while since I posted something. Some things never change….. Anyways, I was … Read More […]
sid
Hacking Oracle From Web: Part 2 October 28, 2011
It has been a long time since I posted something. In 2010, I released a paper which talked about how … Read More […]
sid
LDAP/XPATH Injection tools August 16, 2011
At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In … Read More […]
sid
APPSECUSA CTF! Another Write Up July 6, 2011
I recently came across the Appsec USA CTF. I must say it was a fantastic CTF and i wish there … Read More […]
sid
BSQLBF v 2.7 June 20, 2011
An updated version is now available for download. This supports “-nomatch” switch. The -nomatch switch is exactly opposite of the … Read More […]
sid
Upcoming Conferences June 4, 2011
It has been a long time since i posted something here ; infact, so long that i even forgot the … Read More […]
sid
Oracle CPU Jan 2011 January 19, 2011
Oracle recently patched a vulnerability which I reported in 2009. The vulnerability was a SQL Injection in procedure mdsys.reset_inprog_index(). This … Read More […]
sid

Hacking JBoss with JMX Console

4 Thoughts on “Hacking JBoss with JMX Console”

Leave a Reply Cancel reply

Post Navigation

Search

Twitter

Linkedin

Blogs worth reading..

Achives

RSS

Comments