Exploitation via the web console (Java applet)

In this section, we will discuss the JBoss web console. Note that the JBoss web console has been deprecated and was replaced with the administration console, but it is still useful to us because, on older versions of the JBoss server, the web console can still be exploited. We may also face some errors while opening the web console in the browser, as shown:

To allow the applet to run, we need to change our Java security settings and add the domain name and IP address of the JBoss instance to the Java exception site list, as shown:

Once the exception is added, we will still get a warning from ...

Get Hands-On Web Penetration Testing with Metasploit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.