JBOSS Application Server Lab JMX Console Beanshell Deployer

JBOSS Application Server Lab JMX Console Beanshell Deployer

This post is a part of my Attack Path series. To read more about my pathway to eCPPT - go here.

Working on a lab this morning (Metasploit -Vulnerable Application Server V)  I located a jboss 4.0.5ga instance. Jboss is a Java based application platform. The labs focus was around locating and exploiting a jboss application server. There wasn't a lot intricacy here - but I'll document anyways.

nmap scan showing the webserver in question

I know, db_nmap.

Fingerprint


A quick banner with curl shows JBOSS version as 4.0.5ga. Easy enough.

Quick search for next steps - poking around I ended up using 16319 beanshell war upload msf module.

The flag was hidden on the file system. Module completed.