tag:blogger.com,1999:blog-8539880144347728238.post4905036162179403589..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Hacking Unprotected JBOSS JMX Console InstallationsUnknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8539880144347728238.post-83895557356367936282013-02-11T22:00:37.551-05:002013-02-11T22:00:37.551-05:00You people need to do ten years in prison.You people need to do ten years in prison.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-45476074921319533392011-03-30T20:42:54.735-04:002011-03-30T20:42:54.735-04:00"I tried this couple of weeks ago using the o..."I tried this couple of weeks ago using the original PDF during a Penetration Test. Everything seemed to work fine but the last step, opening the .jsp on browser, I could not find the full path to the jsp shell."<br /><br />-I encountered the same problem. :/Valeriehttp://yourweddingdays.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-54899370842209346112010-04-30T14:36:12.233-04:002010-04-30T14:36:12.233-04:00Even if Protected ;D
Have a look here:
http://bl...Even if Protected ;D<br /><br />Have a look here:<br /><br />http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.htmlErikhttp://www.securiteam.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-23287178205159403102010-01-04T18:37:31.998-05:002010-01-04T18:37:31.998-05:00RedTeam's info is very good (albeit spotty to ...RedTeam's info is very good (albeit spotty to those not fluent in German). The /{web|jmx}-console vector can be very potent indeed, but is often quickly discovered by the admin. Also, as for dumping a .jsp up there, keep in mind that JSPs in most cases have to be run-time compiled (ala JIT) into servlets (this is true if you have any inline/nested classes in your JSP), and if the install is an older JBoss install using a JRE (vs JDK) then there is a very strong chance that you'll get exceptions thrown by the presence of your JSP since the server isn't set up for run-time JSP compilation. I would, instead, pre-compile your JSP into a servlet...much cleaner. It also allows you to mask the footprint of your war a bit more as you can name the servlet whatever you want vs. having the server create servlet .class files that are named using names from your code.<br /><br />PS, Try a google query sometime for "MBean Inspector inurl:HtmlAdapter"...very enlightening :>asynknoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-83084510268087827322009-12-09T16:28:49.459-05:002009-12-09T16:28:49.459-05:00Hi,
This paper is more complete, describes other ...Hi,<br /><br />This paper is more complete, describes other attack vectors such as RMI:<br /><br />http://www.redteam-pentesting.de/publications/2009-11-30-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting_EN.pdfAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-68301357993710559432009-12-07T15:30:30.863-05:002009-12-07T15:30:30.863-05:00Idd, JBOSS doesn't have password on default in...Idd, JBOSS doesn't have password on default installation.pentesthttp://www.indahax.comnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-13870134402760110742009-11-30T21:50:35.715-05:002009-11-30T21:50:35.715-05:00I tried this couple of weeks ago using the origina...I tried this couple of weeks ago using the original PDF during a Penetration Test. Everything seemed to work fine but the last step, opening the .jsp on browser, I could not find the full path to the jsp shell.Unknownhttps://www.blogger.com/profile/18395833456750651602noreply@blogger.com