28 lines
No EOL
826 B
Text
28 lines
No EOL
826 B
Text
ISOWAREZ RELEASE
|
|
By KINGCOPE - YEAR 2012
|
|
|
|
-== Apache Tomcat Remote Exploit and Account Scanner ==-
|
|
|
|
the modified pnscan scanner utility scans a range of IPs to find open
|
|
apache tomcat servers
|
|
by trying the following login access combinations:
|
|
|
|
tomcat:tomcat
|
|
password:password
|
|
admin:admin
|
|
admin:password
|
|
admin:<nopassword>
|
|
tomcat:<nopassword>
|
|
|
|
the included perl script can be used to unlock apache tomcat servers
|
|
remotely by using the collected login combinations.
|
|
it will retrieve either a root or SYSTEM reverse shell depending on
|
|
the operating system
|
|
or the equivalent of a reverse shell as the current user tomcat is running as.
|
|
the exploit might contain metasploit logic (thanks to jduck).
|
|
|
|
Enjoy :>
|
|
|
|
/Kingcope
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18619.zip (tomcat-remote.zip) |