Apache Tomcat Remote Exploit (PUT request) and Account Scanner

2012.03.18
Credit: KINGCOPE
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

ISOWAREZ RELEASE By KINGCOPE - YEAR 2012 -== Apache Tomcat Remote Exploit and Account Scanner ==- the modified pnscan scanner utility scans a range of IPs to find open apache tomcat servers by trying the following login access combinations: tomcat:tomcat password:password admin:admin admin:password admin:<nopassword> tomcat:<nopassword> the included perl script can be used to unlock apache tomcat servers remotely by using the collected login combinations. it will retrieve either a root or SYSTEM reverse shell depending on the operating system or the equivalent of a reverse shell as the current user tomcat is running as. the exploit might contain metasploit logic (thanks to jduck). Enjoy :> /Kingcope http://www.youtube.com/watch?v=_0wgBHDv3UQ We are waiting days and nights for a wind to blow in this land that has been burnt and we never get relief We are waiting days and nights for the light of that day that will bring to everyone relief and an end to the pain, to the war, to the occupation

References:

http://seclists.org/fulldisclosure/2012/Mar/att-188/tomcat-remote_zip.bin
http://www.youtube.com/watch?v=_0wgBHDv3UQ


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top