Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/jboss.md

60 lines
4.3 KiB
Markdown
Raw Permalink Blame History

# JBOSS
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
<figure><img src="../../.gitbook/assets/i3.png" alt=""><figcaption></figcaption></figure>
**Bug bounty tip**: **meld aan** vir **Intigriti**, 'n premium **bug bounty platform geskep deur hackers, vir hackers**! Sluit by ons aan by [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) vandag, en begin om bounties tot **$100,000** te verdien!
{% embed url="https://go.intigriti.com/hacktricks" %}
## Enumeration and Exploitation Techniques
Wanneer die sekuriteit van webtoepassings beoordeel word, is sekere paaie soos _/web-console/ServerInfo.jsp_ en _/status?full=true_ sleutel om **bediener besonderhede** te onthul. Vir JBoss bedieners kan paaie soos _/admin-console_, _/jmx-console_, _/management_, en _/web-console_ van kardinale belang wees. Hierdie paaie mag toegang tot **bestuursservlets** toelaat met standaard akrediteer wat dikwels op **admin/admin** gestel is. Hierdie toegang fasiliteer interaksie met MBeans deur spesifieke servlets:
* Vir JBoss weergawes 6 en 7, word **/web-console/Invoker** gebruik.
* In JBoss 5 en vroeëre weergawes, is **/invoker/JMXInvokerServlet** en **/invoker/EJBInvokerServlet** beskikbaar.
Gereedskap soos **clusterd**, beskikbaar by [https://github.com/hatRiot/clusterd](https://github.com/hatRiot/clusterd), en die Metasploit module `auxiliary/scanner/http/jboss_vulnscan` kan gebruik word vir enumerasie en potensiële uitbuiting van kwesbaarhede in JBOSS dienste.
### Exploitation Resources
Om kwesbaarhede uit te buit, bied hulpbronne soos [JexBoss](https://github.com/joaomatosf/jexboss) waardevolle gereedskap.
### Finding Vulnerable Targets
Google Dorking kan help om kwesbare bedieners te identifiseer met 'n navraag soos: `inurl:status EJInvokerServlet`
<figure><img src="../../.gitbook/assets/i3.png" alt=""><figcaption></figcaption></figure>
**Bug bounty tip**: **meld aan** vir **Intigriti**, 'n premium **bug bounty platform geskep deur hackers, vir hackers**! Sluit by ons aan by [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) vandag, en begin om bounties tot **$100,000** te verdien!
{% embed url="https://go.intigriti.com/hacktricks" %}
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink