JBoss Autopwn – JSP Hacking Tool For JBoss AS Server


This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features

  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets

Installation

Dependencies include

  • Netcat
  • Curl
  • Metasploit v3, installed in the current path as “framework3”

You can download JBoss Autopwn here:

jboss-autopwn.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

, , ,


Latest Posts:


CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.


3 Responses to JBoss Autopwn – JSP Hacking Tool For JBoss AS Server

  1. secret March 4, 2011 at 9:33 pm #

    Hey, man! Link don’t work, plz update! Tnx! )

  2. STRSHR March 5, 2011 at 10:20 am #

    The whole github profile of spiderlabs is not available, any mirror will be appreciated.

  3. jbossLover March 7, 2011 at 6:38 pm #

    This exploit is the same to http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf or am i wrong?