JBoss AS 2.0 - Remote Command Execution

EDB-ID:

17977

CVE:



Author:

kingcope

Type:

remote


Platform:

Windows

Date:

2011-10-11


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011
THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS
PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS:
*PNSCAN W/ SSL SUPPORT
*SYNSCAN MODDED

FILES:
      * daytona_bsh.pl, daytona_deployfile.pl, daytona_maindeploy.pl
        THE REMOTE EXPLOITS, BEST OF USE IS daytona_bsh.pl

      * daytona_bsh_ssl.pl, daytona_deployfile_ssl.pl, daytona_maindeploy_ssl.pl
        SSL SUPPORT FOR THE REMOTE EXPLOITS

      * synscan-modded.tar
        THE SYNSCAN IS MODDED FOR SCANNING JBOSS (X-Powered-By TAG) ON PORT 8080 ONLY.

      * pnscan-1.11.tar.gz
        ORIGINAL PARALLEL NETWORK SCANNER (NO CREDITS HERE)

      * pnscan-1.11-ssl.tar
        PARALLEL NETWORK SCANNER MODDED TO SUPPORT SSL
        USAGE: ./pnscan -r JBoss -w "HEAD / HTTP/1.0" 10.10.0.0/16 443

CHEERS,
KINGCOPE

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17977.tar.bz2 (DAYTONA_FULL.tar.bz2)