JBoss是一个开源的符合J2EE规范的应用服务器,作为J2EE规范的补充,Jboss中引入了AOP框架,为普通Java类提供了J2EE服务,而无需遵循EJB规范。JBoss Autopwn是一款针对JBoss服务器的JSP Shell。一但该脚本被成功部署,它就会提供一个交互式的会话并具有文件上传和命令执行能力。JBoss Autopwn的主要特点:

  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets

工具更多信息及下载:https://github.com/SpiderLabs/jboss-autopwn/zipball/master
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.