If we find a JBoss AS instance on a machine and we need to perform a vulnerability assessment, we can always use Metasploit for this. Metasploit has a module for this called auxiliary/scanner/http/jboss_vulnscan, which we can use to perform vulnerability scanning on JBoss AS. The module checks for a few vulnerabilities, such as authentication bypass, a default password, and accessible JMX-console functions. The following are the steps we can observe to carry out a vulnerability assessment on JBoss AS:
- To use jboss_vulnscan, we type the following command in msfconsole:
use auxiliary/scanner/http/jboss_vulnscan
show options
The following screenshot shows the output of the preceding command:
- We set the required options, as shown:
- Once we run the scanner, it will check against various vulnerabilities and report which vulnerabilities are found on the server, as shown:
This module looks through the specific files in the application and the Java naming services that are running on different ports.