Thread: JBoss Default Authentication
LinkBack URL
About LinkBacks-
12-29-2010, 06:23 PM #1Garage Member
- Join Date
- Aug 2010
- Location
- Mumbai
- Posts
- 50
- Thanks
- 46
- Thanked 15 Times in 6 Posts
JBoss Default Authentication
I was working on one application and found an interesting Google query while looking for exploitation technique, may be this is not new for you.
The default configuration of JBoss does not restrict access to the console and web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
There you get thousand results..Click on any of the links
and you will gain access to the backend application
http://www.google.com.au/search?q=inurl:inspectMBean
-
The Following 7 Users Say Thank You to d4rkd4wn For This Useful Post:
"vinnu" (12-31-2010), abhaythehero (12-29-2010), AnArKI (12-30-2010), b0nd (12-30-2010), fb1h2s (12-31-2010), H@CK3R_ADI (08-29-2012), prashant_uniyal (12-29-2010)
-
12-29-2010, 09:13 PM #2Security Analyst
- Join Date
- Jul 2010
- Location
- localhost
- Posts
- 498
- Blog Entries
- 8
- Thanks
- 248
- Thanked 104 Times in 55 Posts
Awesome find bro
The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
__________________________________________________ _____________________
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
12-30-2010, 12:44 AM #3Garage Member
- Join Date
- Jul 2010
- Location
- Universe
- Posts
- 179
- Blog Entries
- 1
- Thanks
- 22
- Thanked 21 Times in 11 Posts
great research bro
Using No Way As Way Having No Limitation As Limitation.
____________________________________________
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
12-30-2010, 10:14 AM #4Security Researcher
- Join Date
- Jul 2010
- Posts
- 244
- Blog Entries
- 2
- Thanks
- 178
- Thanked 140 Times in 72 Posts
Similarly this will also help:
inurl:jmx-console/HtmlAdaptor
-
12-30-2010, 01:56 PM #5Security Researcher
- Join Date
- Jul 2010
- Posts
- 244
- Blog Entries
- 2
- Thanks
- 178
- Thanked 140 Times in 72 Posts
JBOSS also has persistent XSS
For examples check the following:
http://app.airtel.in/jmx-console//Ht...loymentScanner
-
The Following 4 Users Say Thank You to "vinnu" For This Useful Post:
abhaythehero (12-30-2010), ajaysinghnegi (01-01-2011), d4rkd4wn (12-30-2010), [s] (12-30-2010)
-
12-30-2010, 05:03 PM #6Security Researcher
![[s]'s Avatar](http://www.garage4hackers.com/avatars/%5Bs%5D.gif?dateline=1333021046 "[s]'s Avatar")
- Join Date
- Nov 2010
- Posts
- 187
- Blog Entries
- 2
- Thanks
- 62
- Thanked 53 Times in 30 Posts
another APache TOMCAT Dork
Vinnu Bro where you added the redirect string :?Code:http://www.google.com/#sclient=psy&hl=en&q=intitle:Example+JSP++inurl%3A%2Fjsp-examples%2F&aq=f&aqi=&aql=&oq=&gs_rfai=&psj=1&fp=83f87efc6f926f13
-
The Following User Says Thank You to [s] For This Useful Post:
d4rkd4wn (12-30-2010)
-
12-31-2010, 08:45 AM #7Security Researcher
- Join Date
- Jul 2010
- Posts
- 244
- Blog Entries
- 2
- Thanks
- 178
- Thanked 140 Times in 72 Posts
Well i did it because few months back airtel said that its webportals are unhackable, it was an open challenge for all hackers.
A jsp shell can be easily loaded on it.
At the same place where we can specify the url for jsp war application we can also inject scripts into it.
U can do it in addURL() text box. The JBOSS has persistent XSS.
..."vinnu"
-
The Following 2 Users Say Thank You to "vinnu" For This Useful Post:
abhaythehero (12-31-2010), prashant_uniyal (12-31-2010)
-
12-31-2010, 12:23 PM #8Security Researcher
- Join Date
- Jul 2010
- Location
- India
- Posts
- 595
- Blog Entries
- 23
- Thanks
- 279
- Thanked 150 Times in 76 Posts
Similarly you could use shodan also as jboss installed servers response witt "jboss" string .
Hacking Is a Matter of Time Knowledge and Patience
-
The Following 2 Users Say Thank You to fb1h2s For This Useful Post:
abhaythehero (12-31-2010), prashant_uniyal (12-31-2010)
-
07-30-2012, 03:09 PM #9InfoSec Consultant
- Join Date
- Jul 2010
- Location
- the blue no-where
- Posts
- 157
- Blog Entries
- 1
- Thanks
- 46
- Thanked 41 Times in 14 Posts
as I recall, there was an auth bypass vulnerability as well where-in attacker could user "PUT" instead of "GET" and get access.
also there is a paper which provides a good insight on how that can be exploited further. thanks to FB1 (for old times sake, I hope it reminds him of something)...
http://www.nruns.com/_downloads/Whit...-a-Browser.pdf
Regards,
the_emptyACCESS is GOD
Reply With QuoteTags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
any ms08-067 alternative for w7/8?
Today, 09:44 AM in Hacking for Beginners