Once I get the entry set, I click on the first link: Noting that it's using the server name instead of IP address, I quickly add an entry into the hosts file in order to keep this from failing. We select Launch and we are brought to a secondary page which is a slight deviation from Tomcat but we'll roll with it: When we choose "OK", we see our uploaded payload: Once we get into the admin interface, we see something that looks similar to Tomcat:Īssuming we're dealing with the same format, we generate a. Not long after, I retrieve the credentials and I'm heading for the admin interface:
#Glassfish twitter password
Eventually, I moved on because I don't know enough about this particular hash and the Internet didn't provide any concrete assistance.Ĭ:\glassfish\glassfish4\glassfish\domains\domain1\config\local-passwordīut once again, I couldn't get the hash type and I was unable to crack it.įor the purpose of my education, I reset the password to one that I could brute force and then I went after it with Metasploit: In each case, I ended up with a string and a possible hash type to crack with Hashcat but none were successful.
There were also some reversing angles using base64 -d, xxd, and sed but that also went nowhere. First, there wasn't an obvious hash type. I spend entirely too much time trying to crack this hash - unsuccessfully. When we execute our script, I go after the win.ini file and when that works, I go after the GlassFish hash: I prefer to write this into a loop that allows me to hit a few different files should I choose to do so. I've highlighted the vulnerable URL and you can literally paste this into a browser to get the same result.
Print " Target file format = windows/win.ini"įile = raw_input(" Enter target file: ") Ssl._create_default_https_context = ssl._create_unverified_context Getattr(ssl, '_create_unverified_context', None)): If (not os.environ.get('PYTHONHTTPSVERIFY', '') and When I view the contents of the file for the GlassFish 4.1 Directory Traversal, I see a basic Local File Inclusion vulnerability which I decide to go after with Python: In our enumeration process, we uncover the GlassFish login page: Glassfish is a complete Java EE application server." So not exactly the same but perhaps they were built with a similar style. When I searched for the difference, I came up with: "Tomcat is simply an HTTP server and a Java servlet container. When I began poking around, the avenues of attack for GlassFish felt similar to Tomcat. The supported version is called Oracle GlassFish Server." Moving on.Īccording to Wiki: "GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation. But then I had an issue with the server where it was living and I ended up rebuilding the image. Rather than just upload the images with some text, I decided to go back through it once more. I had the screenshots but when I looked at it, I could remember that I wanted to discuss a few points but I couldn't remember exactly what. I wanted to write this up a while back but I got distracted and by the time I returned to my notes, I felt like I'd lost the flow.
0 kommentar(er)
