|
Full Disclosure
mailing list archives
By Date
By Thread
Apache Tomcat Remote Exploit (PUT request) and Account Scanner
From: "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>
Date: Sun, 18 Mar 2012 09:42:47 +0100
ISOWAREZ RELEASE
By KINGCOPE - YEAR 2012
-== Apache Tomcat Remote Exploit and Account Scanner ==-
the modified pnscan scanner utility scans a range of IPs to find open
apache tomcat servers
by trying the following login access combinations:
tomcat:tomcat
password:password
admin:admin
admin:password
admin:<nopassword>
tomcat:<nopassword>
the included perl script can be used to unlock apache tomcat servers
remotely by using the collected login combinations.
it will retrieve either a root or SYSTEM reverse shell depending on
the operating system
or the equivalent of a reverse shell as the current user tomcat is running as.
the exploit might contain metasploit logic (thanks to jduck).
Enjoy :>
/Kingcope
www.youtube.com/watch?v=_0wgBHDv3UQ
We are waiting days and nights
for a wind to blow
in this land that has been burnt
and we never get relief
We are waiting days and nights
for the light of that day
that will bring to everyone
relief and an end to the pain, to the war, to the occupation
Attachment:
tomcat-remote.zip
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - secunia.com/
By Date
By Thread
Current thread:
- Apache Tomcat Remote Exploit (PUT request) and Account Scanner HI-TECH . (Mar 18)
|