Sleepy Dragon · 2013/08/01 17:16
From Hacking-weblogic-sysmox.com.pdf
0 x00 profile
This article describes how an attacker can use default passwords to attack WebLogic.
Weblogic
Bea WebLogic is a Java application server for developing, integrating, deploying and managing large distributed Web applications, network applications and database applications. Bring the dynamic capabilities of Java and the security of Java Enterprise standards to the development, integration, deployment, and management of large-scale web applications.
0 x01 installation
Many WebLogic servers are installed with default passwords.
This makes it easy for an attacker to gain access to the WebLogic console.
The default WebLogic administrator account password is
weblogic:weblogic
WebLogic’s default port is 7001
Http://localhost:7001/console
Here is a list of webLogic default passwords:
Cirt.net/passwords?c…
Enter the console interface:
0 x02 Web applications
To deploy a Web application on the console:
Deploy => web application modules => Deploy a new Web Application Module... =>upload your file(s) => Deploy
Copy the codeModules included in Web applications:
You must have a servlet or JSP a web.xml file that contains information about the Web application and a Weblogic.xml file that contains the Web application elements of the WebLogic server.
The deployment of
The attacker uploads a backdoor.war
Weblogic back door
Example:
There are many ways to find a Weblogic server
Examples on the dark clouds:
WooYun: Weak password problem on the website of Guangdong Social Insurance Fund Administration
WooYun: Weak password of Jiangsu Provincial Finance Department
0x03 WebLogic Security Configuration
Download.oracle.com/docs/cd/E12…