Sleepy Dragon · 2013/08/01 17:16

From Hacking-weblogic-sysmox.com.pdf

0 x00 profile


This article describes how an attacker can use default passwords to attack WebLogic.

Weblogic

Bea WebLogic is a Java application server for developing, integrating, deploying and managing large distributed Web applications, network applications and database applications. Bring the dynamic capabilities of Java and the security of Java Enterprise standards to the development, integration, deployment, and management of large-scale web applications.

0 x01 installation


Many WebLogic servers are installed with default passwords.

This makes it easy for an attacker to gain access to the WebLogic console.

The default WebLogic administrator account password is

weblogic:weblogic

WebLogic’s default port is 7001

Http://localhost:7001/console

Here is a list of webLogic default passwords:

Cirt.net/passwords?c…

Enter the console interface:

0 x02 Web applications


To deploy a Web application on the console:

Deploy => web application modules => Deploy a new Web Application Module... =>upload your file(s) => Deploy
Copy the code

Modules included in Web applications:

You must have a servlet or JSP a web.xml file that contains information about the Web application and a Weblogic.xml file that contains the Web application elements of the WebLogic server.

The deployment of

The attacker uploads a backdoor.war

Weblogic back door

Example:

There are many ways to find a Weblogic server

Examples on the dark clouds:

WooYun: Weak password problem on the website of Guangdong Social Insurance Fund Administration

WooYun: Weak password of Jiangsu Provincial Finance Department

0x03 WebLogic Security Configuration


Download.oracle.com/docs/cd/E12…