Exploiting JMX deployments through DumpHeap for Remote Code Execution

Posted on Mon 31 July 2017 in Pentesting • Tagged with JMX, JMX Security, Pentesting JMX, JMX Dumpheap

I came across a common component the JAVA JMX console being enabled across different instances, some them would be Hadoop components, Apache Zookeeper, Cassandra.This made me look deeper into some of the functionality.


Continue reading

NoSQL Exploitaiton Framework - Automating Squeezing Information out of Redis Servers

Posted on Mon 10 August 2015 in NoSQL Security • Tagged with NoSQL, Redis, NoSQL Exploitation Framework

N.B : This is a series of blog posts i have planned to keep demoing out the features of the framework as well as some research i have done on NoSQL databases.

Introduction to Redis

Redis is NoSQL database, which stores everything in RAM as key/value pairs. By default …


Continue reading