DefCon 18: WAS JSP
Version 1.0.0
- slides online
- View slides online in S5 format.
- Mouse over lower right corner for slide controls.
- slides-1.0.0.zip
- Slides zipped into one file.
- defcon18-1.0.0.ear
- EAR for demo application.
- When deploying, make sure to enable
Deploy Web services or WS4JEE will not work.
- exploit-1.0.0.jar
- Exploit for Apache Axis 1
- Usage:
java -jar exploit-1.0.0.jar ctx-root-url relative-path-to-axis1 command-to-run [command-arguments...]
- unicode-1.0.0.jar
- Tool to display UTF-8 decoding for a JVM.
- Usage:
java -jar unicode-1.0.0.jar
- You will want to run this through a pager (more) or redirect the output to a file.
- defcon18-src-1.0.0.zip
- Sources for demo application, exploit and unicode tool. You will need Maven and a JDK to build it.
- WebSphere Application Server (WAS) Web Site
- Time bombed trial available from here
- WAS Fixes by version
- Where to get updates for WAS
schallee-spam-at-spam-dot-darkmist-net