mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 14:40:37 +00:00
58 lines
4.3 KiB
Markdown
58 lines
4.3 KiB
Markdown
# JBOSS
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhack AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
<figure><img src="../../.gitbook/assets/i3.png" alt=""><figcaption></figcaption></figure>
|
|
|
|
**Siri ya tuzo ya mdudu**: **jiandikishe** kwa **Intigriti**, jukwaa la **tuzo za mdudu za premium lililoundwa na wakora**, Jiunge nasi kwenye [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) leo, na anza kupata tuzo hadi **$100,000**!
|
|
|
|
{% embed url="https://go.intigriti.com/hacktricks" %}
|
|
|
|
## Mbinu za Uchunguzi na Utekaji
|
|
|
|
Wakati wa kutathmini usalama wa programu za wavuti, njia fulani kama _/web-console/ServerInfo.jsp_ na _/status?full=true_ ni muhimu kwa kufunua **maelezo ya seva**. Kwa seva za JBoss, njia kama _/admin-console_, _/jmx-console_, _/management_, na _/web-console_ zinaweza kuwa muhimu. Njia hizi zinaweza kuruhusu ufikiaji wa **servlets za usimamizi** na sifa za msingi mara nyingi zikiwa **admin/admin**. Ufikiaji huu unawezesha mwingiliano na MBeans kupitia servlets maalum:
|
|
|
|
* Kwa toleo la 6 na 7 la JBoss, hutumika **/web-console/Invoker**.
|
|
* Katika JBoss 5 na toleo za awali, **/invoker/JMXInvokerServlet** na **/invoker/EJBInvokerServlet** zinapatikana.
|
|
|
|
Zana kama **clusterd**, inapatikana kwa [https://github.com/hatRiot/clusterd](https://github.com/hatRiot/clusterd), na moduli ya Metasploit `auxiliary/scanner/http/jboss_vulnscan` inaweza kutumika kwa uchunguzi na uwezekano wa kutumia udhaifu katika huduma za JBOSS.
|
|
|
|
### Vifaa vya Utekaji
|
|
|
|
Kutumia udhaifu, rasilimali kama [JexBoss](https://github.com/joaomatosf/jexboss) hutoa zana muhimu.
|
|
|
|
### Kutafuta Malengo Yaliyo na Udhaifu
|
|
|
|
Google Dorking inaweza kusaidia kutambua seva zenye udhaifu kwa utaftaji kama: `inurl:status EJInvokerServlet`
|
|
|
|
<figure><img src="../../.gitbook/assets/i3.png" alt=""><figcaption></figcaption></figure>
|
|
|
|
**Siri ya tuzo ya mdudu**: **jiandikishe** kwa **Intigriti**, jukwaa la **tuzo za mdudu za premium lililoundwa na wakora**, Jiunge nasi kwenye [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) leo, na anza kupata tuzo hadi **$100,000**!
|
|
|
|
{% embed url="https://go.intigriti.com/hacktricks" %}
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhack AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|