Tuesday, November 17, 2015

Manually Exploiting unprotected JBOSS jmx-console

JBoss is widely used web server for deploying web apps which are developed using Java. The default state may lead for an attacker to take complete control of the server.

These vulnerable website's can easily be found by using simple Google dork . say for example.

intitle:”JBoss Management Console – Server Information” “application server” inurl:”web-console” OR inurl:”jmx-console”


intitle:”JBoss JMX Management Console” inurl:”jmx-console”

Now i will explain in detail how to exploit the unprotected JBOSS jmx-console vulnerability.

Please note : This is for educational purpose and we do not motivate to try out this attack on real/production websites.

  • Visit the affected URL which will be something like "http://example.com/jmx-console/" (which you got using Google dork ) .

  • Search for “service= DeploymentFileRepository“in the jmx-Console page and open it.

  • Now scroll down and search for the ‘void store ( )’ operation.
  • Enter a command shell program by filling up all the parameters in the void store() operation as shown in the figure and click on the invoke button.
The jsp command shell is shown in the fig.

After invoking the void store() operation the shell will be successfully uploaded in the server and can be accessed by the following link


Using this you can execute any command of your choice of the CLI(Command Line Interface) like shutting down the server. I have used a simple shell for demonstration purposes, but we can upload shells with higher privileges which may lead to destructive scenarios and easily get the entire control of the server.

You can find these kind of shells from Google itself.

However you can download a few of the shells from the below link



No comments:

Post a Comment

Approaches to Solve CTF Problems| Solutions

  Hi , i will talking more about CTF(Capture The Flag) Things today.CTF are special kind of information security competition which test your...