clusterd: application server attack toolkit

clusterd

clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. See the wiki for more information.

clusterd features

  • clusterd currently supports six different application server platforms, with several more currently in development and research phases
  • JBoss
    • Versions 3.x – 8.1
    • Currently supported deployers:
      • /jmx-console/MainDeployer for 3.x, 4.x, and 6.x
      • /jmx-console/DeploymentFileRepository for 3.x, 4.x, and 5.x
      • /web-console/Invoker (MainDeployer) for 3.x, 4.x, and 6.x
      • /web-console/Invoker (BSHDeployer) for 3.x and 4.x
      • /invoker/JMXInvokerServlet for 3.x, 4.x, and 5.x
      • /invoker/EJBInvokerServlet for 3.x, 4.x, and 5.x
      • /management for 7.x, 8.x
      • SEAM2 for 5.1, 6.x
    • Dump deployed WARs
    • Fetch host OS information
    • Verb tampering vulnerability (CVE-2010-0738)
    • Credential/path disclosure (CVE-2005-2006)
  • ColdFusion
    • Versions 5 – 11
    • Currently supported deployers:
      • Task Scheduler for 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x
      • FCKeditor for 8.x
      • LFI Log Injection 6.x, 7.x, and 8.x
    • Hash retrieval for versions 6 – 10
    • RDS admin bypass (CVE-2013-0632)
    • Pass the hash authentication for versions 7 – 9
  • WebLogic
    • Versions 7, 8.1, 11, and 12
    • Deployer over T3 and T3S currently tested against 11.x and 12.x
    • Dump deployed WARs over T3/T3S
    • Fetch host OS information
  • Tomcat
    • Versions 3.x – 8.x
    • Currently can deploy to all versions with an exposed manager interface
    • Dump deployed WARs
    • Fetch host OS information
  • Railo
    • Versions 3.x – 4.x
    • Currently supported deployers:
      • Task scheduler for 3.x and 4.x
      • Log injection for 3.x and 4.x
      • Thumbnail pre-auth RCE for 3.x and 4.x (up to 4.2.1)
    • Fetch host OS information
    • Pre-auth Password retrieval for 3.x – 4.2.1
  • Axis2
    • Versions 1.4 – 1.6
    • Currently supported deployers:
      • Admin interface for 1.4, 1.5, and 1.6
    • Fetch host OS information
    • View deployed services
    • Credential disclosure for 1.4
  • Glassfish
    • Versions 3.x – 4.x
    • View deployed services
    • Currently supported deployers:
      • Admin upload for 3.x and 4.x
  • Simple API for adding new platforms, fingerprints, deployers, and exploits
  • Various auxiliary modules for vulnerabilities and exploitation techniques

Installation

Requirements


Python >= 2.7.x
Requests >= 2.2.x

git clone https://github.com/hatRiot/clusterd.git

 

Source: https://github.com/hatRiot/clusterd