Exploiting JMX deployments through DumpHeap for Remote Code Execution

Posted on Mon 31 July 2017 in Pentesting • Tagged with JMX, JMX Security, Pentesting JMX, JMX Dumpheap

I came across a common component the JAVA JMX console being enabled across different instances, some them would be Hadoop components, Apache Zookeeper, Cassandra.This made me look deeper into some of the functionality.


Continue reading