Jump to content
Nytro

Apache Tomcat Remote Exploit (PUT Request) and Account Scanner

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Apache Tomcat Remote Exploit (PUT Request) and Account Scanner[/h]

ISOWAREZ RELEASEBy KINGCOPE - YEAR 2012
-== Apache Tomcat Remote Exploit and Account Scanner ==-
the modified pnscan scanner utility scans a range of IPs to find open
apache tomcat servers
by trying the following login access combinations:
tomcat:tomcat
password:password
admin:admin
admin:password
admin:<nopassword>
tomcat:<nopassword>
the included perl script can be used to unlock apache tomcat servers
remotely by using the collected login combinations.
it will retrieve either a root or SYSTEM reverse shell depending on
the operating system
or the equivalent of a reverse shell as the current user tomcat is running as.
the exploit might contain metasploit logic (thanks to jduck).
Enjoy :>
/Kingcope
http://www.exploit-db.com/sploits/tomcat-remote.zip

Sursa: Apache Tomcat Remote Exploit (PUT Request) and Account Scanner

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...