| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Mar 2012 09:42:47 +0100
From: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Apache Tomcat Remote Exploit (PUT request) and
Account Scanner
ISOWAREZ RELEASE
By KINGCOPE - YEAR 2012
-== Apache Tomcat Remote Exploit and Account Scanner ==-
the modified pnscan scanner utility scans a range of IPs to find open
apache tomcat servers
by trying the following login access combinations:
tomcat:tomcat
password:password
admin:admin
admin:password
admin:<nopassword>
tomcat:<nopassword>
the included perl script can be used to unlock apache tomcat servers
remotely by using the collected login combinations.
it will retrieve either a root or SYSTEM reverse shell depending on
the operating system
or the equivalent of a reverse shell as the current user tomcat is running as.
the exploit might contain metasploit logic (thanks to jduck).
Enjoy :>
/Kingcope
http://www.youtube.com/watch?v=_0wgBHDv3UQ
We are waiting days and nights
for a wind to blow
in this land that has been burnt
and we never get relief
We are waiting days and nights
for the light of that day
that will bring to everyone
relief and an end to the pain, to the war, to the occupation
Download attachment "tomcat-remote.zip" of type "application/zip" (19471 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists