Apache Tomcat Remote Exploit (PUT request) and Account Scanner

2012.03.18

Credit: KINGCOPE

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

ISOWAREZ RELEASE
By KINGCOPE - YEAR 2012

-== Apache Tomcat Remote Exploit and Account Scanner ==-

the modified pnscan scanner utility scans a range of IPs to find open apache tomcat servers by trying the following login access combinations:

tomcat:tomcat
password:password
admin:admin
admin:password
admin:<nopassword>
tomcat:<nopassword>

the included perl script can be used to unlock apache tomcat servers
remotely by using the collected login combinations.
it will retrieve either a root or SYSTEM reverse shell depending on
the operating system
or the equivalent of a reverse shell as the current user tomcat is running as.
the exploit might contain metasploit logic (thanks to jduck).

Enjoy :>

/Kingcope

http://www.youtube.com/watch?v=_0wgBHDv3UQ
We are waiting days and nights
for a wind to blow
in this land that has been burnt
and we never get relief

We are waiting days and nights
for the light of that day
that will bring to everyone
relief and an end to the pain, to the war, to the occupation

References:

http://seclists.org/fulldisclosure/2012/Mar/att-188/tomcat-remote_zip.bin

http://www.youtube.com/watch?v=_0wgBHDv3UQ

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache Tomcat Remote Exploit (PUT request) and Account Scanner

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.