ISOWAREZ RELEASE By KINGCOPE - YEAR 2012 -== Apache Tomcat Remote Exploit and Account Scanner ==- the modified pnscan scanner utility scans a range of IPs to find open apache tomcat servers by trying the following login access combinations: tomcat:tomcat password:password admin:admin admin:password admin:<nopassword> tomcat:<nopassword> the included perl script can be used to unlock apache tomcat servers remotely by using the collected login combinations. it will retrieve either a root or SYSTEM reverse shell depending on the operating system or the equivalent of a reverse shell as the current user tomcat is running as. the exploit might contain metasploit logic (thanks to jduck). Enjoy :> /Kingcope http://www.youtube.com/watch?v=_0wgBHDv3UQ We are waiting days and nights for a wind to blow in this land that has been burnt and we never get relief We are waiting days and nights for the light of that day that will bring to everyone relief and an end to the pain, to the war, to the occupation
Attachment:
tomcat-remote.zip
Description: Zip archive
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/