JBoss AS Remote Exploit v2
2011-10-13 13:15:05THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011
THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS
PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS:
*PNSCAN W/ SSL SUPPORT
*SYNSCAN MODDED
FILES:
* daytona_bsh.pl, daytona_deployfile.pl, daytona_maindeploy.pl
THE REMOTE EXPLOITS, BEST OF USE IS daytona_bsh.pl
* daytona_bsh_ssl.pl, daytona_deployfile_ssl.pl, daytona_maindeploy_ssl.pl
SSL SUPPORT FOR THE REMOTE EXPLOITS
* synscan-modded.tar
THE SYNSCAN IS MODDED FOR SCANNING JBOSS (X-Powered-By TAG) ON
PORT 8080 ONLY.
* pnscan-1.11.tar.gz
ORIGINAL PARALLEL NETWORK SCANNER (NO CREDITS HERE)
* pnscan-1.11-ssl.tar
PARALLEL NETWORK SCANNER MODDED TO SUPPORT SSL
USAGE: ./pnscan -r JBoss -w "HEAD / HTTP/1.0" 10.10.0.0/16 443
CHEERS,
KINGCOPE
http://www.exploit-db.com/sploits/DAYTONA_FULL.tar.bz2
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.