Hacking JBoss with JMX Console

<< Back to blog

Often while doing Internal Infrastructure assessments, its common to find unrestricted access to JBOSS JMX console. This web interface allows deployment of arbitrary war files. Here is an excellent article describing the process:
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf

Here is a war file, ready to use: cmd.war (zipped)
Once deployed check for this file on the vulnerable jboss: http://victim:8080/cmd/cmd.jsp

Happy Hacking :)
————————–
Advert: Testking offers complete collection of latest practice questions for 000-201 as well as 000-330 and 000-331 exams.

4 Comments

2 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>