JBoss Autopwn
JBoss script that deploys a JSP shell on target JBoss AS servers to obtain remote shell access. Supports multiplatform targets including Windows, Linux, and Mac with bind/reverse shells and Meterpreter/VNC for Windows.
Description
jboss-autopwn is a specialized exploitation tool for JBoss Application Server (AS) deployments. It automates the deployment of a malicious JSP web shell, leveraging JBoss's upload and command execution capabilities to establish interactive shell access on vulnerable servers.
Use cases include penetration testing of Java-based web applications running JBoss AS, particularly those with default or misconfigured management interfaces. The tool targets common deployment scenarios across Windows, Linux, and MacOS environments.
Key features encompass multiplatform compatibility, support for both bind and reverse bind shells, and Windows-specific payloads including Meterpreter reverse shells and VNC access. This makes it valuable for red team operations against enterprise Java infrastructure.
How It Works
The tool first retrieves authentication cookies from the target JBoss server. It then creates and deploys a BeanShell (BSH) script followed by a malicious .war file containing a JSP web shell. Once deployed, the shell enables command execution. Platform-specific binaries (jboss-linux, jboss-win) handle shell connections using netcat-like functionality with support for bind/reverse shells, UDP mode, and keepalive options. Windows targets additionally support Metasploit Meterpreter and VNC payloads.
Installation
sudo apt install jboss-autopwnFlags
Examples
jboss-linux 192.168.1.200 8080 2> /dev/nulljboss-autopwn 192.168.1.200 8080jboss-linux 192.168.1.200 8080jboss-win 192.168.1.200 8080jboss-linux -hjboss-win -hjboss-linux 192.168.1.200 8080 -u