From LOW to PWNED [3] JBoss/Tomcat server-status-白红宇

From LOW to PWNED [3] JBoss/Tomcat server-status

阅读量：2434 次

发布时间：2019-05-10

本文共 1066 字，大约阅读时间需要 3 分钟。

Several (tm) months back I did my talk on "From LOW to PWNED" at and .

The slides were published and the video from hashdays is , no video for BSides ATL.

I consistently violate and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.

Post [3] JBoss/Tomcat server-status

There have been some posts/exploits/modules on hitting up unprotected jboss and tomcat servers.

Sometimes even though the deployer functionality is password protected the sever-status may not be.

/web-console/status?full=true

/manager/status/all

LOW?

This can be useful to find:

Lists of applications

Recent URL's accessed
- sometimes with sessionids

Find hidden services/apps

Enabled servlets

owned stuff :-)

Finding 0wned stuff is always fun let's see

Looking at the list of applications list one that doesnt look normal (zecmd)

Following that down leads us to zecmd.jsp that is a jsp shell

If you are interested in zecmd.jsp and jboss worm it comes from --> is a good write up as well as this OWASP preso

thoughts?

-CG

转载地址：http://nvhmb.baihongyu.com/

你可能感兴趣的文章

mongos分片集群下db数量过多导致服务不可用

查看>>

mysql唯一索引的一个小常识--Duplicate entry 'XXX' for key 'XXX'

查看>>

故障处理--mongos count不准

查看>>

大量短连接导致haproxy服务器端口耗尽

查看>>

mongo3.0.9库命名的一个S级bug

查看>>

跨版本导入数据导致mysqld崩溃

查看>>

xtrabackup对于flush tables with read lock操作的设置

查看>>

Gone away故障原因排查

查看>>

Server has authorization schema version 3,but found a schema version 1 user

查看>>

WebSphere的池设置——线程池、连接池

查看>>

caffe-ssd调试问题总结

查看>>

用户态调测工具（二）：perror和man

查看>>

机器学习&深度学习入门历程

查看>>

LTP(Linux Test Project)学习（一）——LTP介绍

查看>>

LTP(Linux Test Project)学习（二）——LTP下载编译执行

查看>>

LTP(Linux Test Project)学习（三）——LTP目录介绍

查看>>

DirtyCow CVE-2016-5195分析

查看>>

caffe编译报错解决记录

查看>>