JBoss AS 2.0 - Remote Command Execution

EDB-ID:

17977

CVE:


EDB Verified:

Author:

kingcope

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2011-10-11

Vulnerable App: 
THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011
THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS
PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS:
*PNSCAN W/ SSL SUPPORT
*SYNSCAN MODDED

FILES:
      * daytona_bsh.pl, daytona_deployfile.pl, daytona_maindeploy.pl
        THE REMOTE EXPLOITS, BEST OF USE IS daytona_bsh.pl

      * daytona_bsh_ssl.pl, daytona_deployfile_ssl.pl, daytona_maindeploy_ssl.pl
        SSL SUPPORT FOR THE REMOTE EXPLOITS

      * synscan-modded.tar
        THE SYNSCAN IS MODDED FOR SCANNING JBOSS (X-Powered-By TAG) ON PORT 8080 ONLY.

      * pnscan-1.11.tar.gz
        ORIGINAL PARALLEL NETWORK SCANNER (NO CREDITS HERE)

      * pnscan-1.11-ssl.tar
        PARALLEL NETWORK SCANNER MODDED TO SUPPORT SSL
        USAGE: ./pnscan -r JBoss -w "HEAD / HTTP/1.0" 10.10.0.0/16 443

CHEERS,
KINGCOPE

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17977.tar.bz2 (DAYTONA_FULL.tar.bz2)
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services