Apache Tomcat Remote Exploit (PUT Request) and Account Scanner


SUBMITTED BY: Guest

DATE: Nov. 25, 2013, 9:03 p.m.

FORMAT: Text only

SIZE: 917 Bytes

HITS: 2226

  1. Apache Tomcat Remote Exploit (PUT Request) aISOWAREZ RELEASE
  2. By KINGCOPE - YEAR 2012
  3. -== Apache Tomcat Remote Exploit and Account Scanner ==-
  4. the modified pnscan scanner utility scans a range of IPs to find open
  5. apache tomcat servers
  6. by trying the following login access combinations:
  7. tomcat:tomcat
  8. password:password
  9. admin:admin
  10. admin:password
  11. admin:<nopassword>
  12. tomcat:<nopassword>
  13. the included perl script can be used to unlock apache tomcat servers
  14. remotely by using the collected login combinations.
  15. it will retrieve either a root or SYSTEM reverse shell depending on
  16. the operating system
  17. or the equivalent of a reverse shell as the current user tomcat is running as.
  18. the exploit might contain metasploit logic (thanks to jduck).
  19. Enjoy :>
  20. /Kingcope
  21. http://www.exploit-db.com/sploits/tomcat-remote.zipnd Account Scanner

comments powered by Disqus