InfoSec LAB

Fish_Web_4848

Created: 2 min read

Web

Nmap discovered a Web server on the target port 4848 The running service is Sun GlassFish Open Source Edition 4.1

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fish]
└─$ curl -I -X OPTIONS  http://$IP:4848/
HTTP/1.1 200 OK
Server: GlassFish Server Open Source Edition  4.1 
X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition  4.1  Java/AdoptOpenJDK/1.8)
Set-Cookie: JSESSIONID=f5d03bae322b0b0e3dcd48c7cebe; Path=/; HttpOnly
Content-Type: text/html;charset=UTF-8
Date: Sat, 30 Oct 2021 04:02:32 GMT
Transfer-Encoding: chunked
 
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fish]
└─$ curl -I http://$IP:4848/         
HTTP/1.1 200 OK
Server: GlassFish Server Open Source Edition  4.1 
X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition  4.1  Java/AdoptOpenJDK/1.8)
Set-Cookie: JSESSIONID=f5d0c17c3155549a846a318bdde0; Path=/; HttpOnly
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8
Date: Sat, 30 Oct 2021 04:02:34 GMT

Webroot Redirected to a GlassFish login page at /j_security_check No credential is known at this time and default/weak credentials failed.

GlassFish is an open-source Jakarta EE platform application server project started by Sun Microsystems, then sponsored by Oracle Corporation, and now living at the Eclipse Foundation and supported by OmniFish, Fujitsu and Payara. The supported version under Oracle was called Oracle GlassFish Server. GlassFish is free software and was initially dual-licensed under two free software licences: the Common Development and Distribution License (CDDL) and the GNU General Public License (GPL) with the Classpath exception. After having been transferred to Eclipse, GlassFish remained dual-licensed, but the CDDL license was replaced by the Eclipse Public License (EPL). Source code is available for review

Vulnerabilities

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fish]
└─$ searchsploit GlassFish 4.1
------------------------------------------------------------------------------ ---------------------------------
 Exploit Title                                                                |  Path
------------------------------------------------------------------------------ ---------------------------------
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)                        | linux/webapps/45198.rb
Oracle GlassFish Server 4.1 - Directory Traversal                             | multiple/webapps/39441.txt
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit) | windows/webapps/45196.rb
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit) | windows/webapps/45196.rb
------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Papers: No Results

Glsasfish 4.1 suffers from a directory traversal vulnerability; CVE-2017-1000028

Interactive Graph View

Backlinks