Get the Whitepaper called JBoss Exploitation. This paper goes into detail on popping a shell on open JMX consoles.
You can download it from the following link: https://packetstormsecurity.com/files/download/105479/JBossWhitepaper.pdf
Source: https://packetstormsecurity.com/files/105479/JBoss-Exploitation.html