Path: blob/master/modules/exploits/jboss_jmx_upload_exploit/config.yaml
1154 views
#1# Copyright (c) 2006-2025 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#5beef:6module:7jboss_jmx_upload_exploit:8enable: true9category: "Exploits"10name: "Jboss 6.0.0M1 JMX Deploy Exploit"11description: "Deploy a JSP reverse or bind shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br />Remember to run the MSF multi/handler listener with java/jsp_shell_reverse_tcp as payload, in case you are using the reverse payload."12authors: ["antisnatchor", "l33tb0y"]13target:14working: ["ALL"]15not_working: "O"161718