SlideShare a Scribd company logo

Exploiting a vulnerability to gain a shell

Download as PPTX, PDF
A
Aditya Kamat

Exploiting axis2 and apache tomcat to get a shell with basic privileges.

Education
1 of 12
EXPLOITING A VULNERABILITY TO GAIN A SHELL
ABOUT ME • Name: ADITYA KAMAT • 3rd year BE student at BMSCE. • Very passionate about cyber security (Just a beginner).
OVERVIEW • Scan a machine to check for open ports and the services running on it. • Exploit the application/service. • Get access to a shell with basic privileges.
APACHE HTTP SERVER VS APACHE TOMCAT • Tomcat – Java and HTTP server – C. • Apache Tomcat is used to deploy your Java Servlets and JSPs in the form of a WAR(Web ARchive). • PHP, HTML, JS, etc. can be run on a HTTP server.
A LITTLE ABOUT AXIS2 … • A core engine for web services. • Available in java and C • Allows the addition of Web services interfaces to Web applications. • It can also be used as a standalone server application.
WHAT ARE WE EXPLOITING ? • Proxy service on Apache Axis2 located at http://vulnerable/axis2/services/ProxyService/get ?uri=. • Tomcat manager application located at http://vulnerable/manager/html.
AIM ? • Exploit a vulnerability in Axis2 to get the login credentials for tomcat manager present at /etc/tomcat6/tomcat-users.xml . • Login to tomcat manager application using those credentials. • Upload a simple jsp shell and demonstrate a few commands.
EXPLAINATION OF THE SHELL • if (request.getParameter("x") != null) • Process p = Runtime.getRuntime().exec(request.getParameter("x")); • while (disr != null) { out.println(disr); disr = dis.readLine(); }
DEMO TIME :P
ANY QUESTIONS ¿¿
CREDITS :- • Pentesterlab for the ISO. • Riyaz walikar for the guidance and help. • Null Bangalore team for letting me give this talk.
THANK YOU!

Recommended

Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2Aditya Kamat
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1Aditya Kamat
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3Aditya Kamat
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4Aditya Kamat
 
Scheduling and monitoring with java in mule
Scheduling and monitoring with java in muleScheduling and monitoring with java in mule
Scheduling and monitoring with java in muleAnirban Sen Chowdhary
 
Using spring task scheduler in java in mule
Using spring task scheduler in java in muleUsing spring task scheduler in java in mule
Using spring task scheduler in java in muleAnirban Sen Chowdhary
 
Mule soap
Mule soapMule soap
Mule soapKhasim Saheb
 
Running mule from java
Running mule from javaRunning mule from java
Running mule from javaAnirban Sen Chowdhary
 

Recommended

Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2Aditya Kamat
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1Aditya Kamat
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3Aditya Kamat
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4Aditya Kamat
 
Scheduling and monitoring with java in mule
Scheduling and monitoring with java in muleScheduling and monitoring with java in mule
Scheduling and monitoring with java in muleAnirban Sen Chowdhary
 
Using spring task scheduler in java in mule
Using spring task scheduler in java in muleUsing spring task scheduler in java in mule
Using spring task scheduler in java in muleAnirban Sen Chowdhary
 
Mule soap
Mule soapMule soap
Mule soapKhasim Saheb
 
Running mule from java
Running mule from javaRunning mule from java
Running mule from javaAnirban Sen Chowdhary
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404sRonan Dunne, CEH, SSCP
 
Soap In Mule
Soap In MuleSoap In Mule
Soap In MuleBui Kiet
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler muleSon Nguyen
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-boundSon Nguyen
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Validating a soap request in mule
Validating a soap request in muleValidating a soap request in mule
Validating a soap request in muleAnirban Sen Chowdhary
 
Heuristics to scale your framework
Heuristics to scale your frameworkHeuristics to scale your framework
Heuristics to scale your frameworkvodQA
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLbmani
 
Stored procedure in Mule
Stored procedure in MuleStored procedure in Mule
Stored procedure in MuleKhasim Saheb
 
Creating dynamic json
Creating dynamic jsonCreating dynamic json
Creating dynamic jsonAnirban Sen Chowdhary
 
Accessing jms in mule using groovy
Accessing jms in mule using groovyAccessing jms in mule using groovy
Accessing jms in mule using groovyAnirban Sen Chowdhary
 
Scatter gather in mule
Scatter gather in muleScatter gather in mule
Scatter gather in muleKhasim Cise
 
Soap request in mule
Soap request in mule Soap request in mule
Soap request in mule Praneethchampion
 
Introdcution to Adobe CQ
Introdcution to Adobe CQIntrodcution to Adobe CQ
Introdcution to Adobe CQRest West
 
Resource Prioritization
Resource PrioritizationResource Prioritization
Resource PrioritizationPatrick Meenan
 
Node.js
Node.jsNode.js
Node.jsRTigger
 
Mule soap
Mule soapMule soap
Mule soapD.Rajesh Kumar
 
Creating dynamic json in Mule
Creating dynamic json in MuleCreating dynamic json in Mule
Creating dynamic json in MuleF K
 
Basic example using until successful component
Basic example using until successful componentBasic example using until successful component
Basic example using until successful componentprudhvivreddy
 
Problem-Solving Skills Guide
Problem-Solving Skills GuideProblem-Solving Skills Guide
Problem-Solving Skills Guiderdlteam
 
Communications Skills Guide
Communications Skills GuideCommunications Skills Guide
Communications Skills Guiderdlteam
 
Problem Solving
Problem SolvingProblem Solving
Problem Solvingrdlteam
 

More Related Content

What's hot

Soap In Mule
Soap In MuleSoap In Mule
Soap In MuleBui Kiet
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler muleSon Nguyen
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-boundSon Nguyen
 
Heuristics to scale your framework
Heuristics to scale your frameworkHeuristics to scale your framework
Heuristics to scale your frameworkvodQA
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLbmani
 
Stored procedure in Mule
Stored procedure in MuleStored procedure in Mule
Stored procedure in MuleKhasim Saheb
 
Scatter gather in mule
Scatter gather in muleScatter gather in mule
Scatter gather in muleKhasim Cise
 
Introdcution to Adobe CQ
Introdcution to Adobe CQIntrodcution to Adobe CQ
Introdcution to Adobe CQRest West
 
Resource Prioritization
Resource PrioritizationResource Prioritization
Resource PrioritizationPatrick Meenan
 
Creating dynamic json in Mule
Creating dynamic json in MuleCreating dynamic json in Mule
Creating dynamic json in MuleF K
 
Basic example using until successful component
Basic example using until successful componentBasic example using until successful component
Basic example using until successful componentprudhvivreddy
 

What's hot (19)

Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Soap In Mule
Soap In MuleSoap In Mule
Soap In Mule
 
Using spring scheduler mule
Using spring scheduler muleUsing spring scheduler mule
Using spring scheduler mule
 
Composite source in bound and out-bound
Composite source in bound and out-boundComposite source in bound and out-bound
Composite source in bound and out-bound
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Validating a soap request in mule
Validating a soap request in muleValidating a soap request in mule
Validating a soap request in mule
 
Heuristics to scale your framework
Heuristics to scale your frameworkHeuristics to scale your framework
Heuristics to scale your framework
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQL
 
Stored procedure in Mule
Stored procedure in MuleStored procedure in Mule
Stored procedure in Mule
 
Creating dynamic json
Creating dynamic jsonCreating dynamic json
Creating dynamic json
 
Accessing jms in mule using groovy
Accessing jms in mule using groovyAccessing jms in mule using groovy
Accessing jms in mule using groovy
 
Scatter gather in mule
Scatter gather in muleScatter gather in mule
Scatter gather in mule
 
Soap request in mule
Soap request in mule Soap request in mule
Soap request in mule
 
Introdcution to Adobe CQ
Introdcution to Adobe CQIntrodcution to Adobe CQ
Introdcution to Adobe CQ
 
Resource Prioritization
Resource PrioritizationResource Prioritization
Resource Prioritization
 
Node.js
Node.jsNode.js
Node.js
 
Mule soap
Mule soapMule soap
Mule soap
 
Creating dynamic json in Mule
Creating dynamic json in MuleCreating dynamic json in Mule
Creating dynamic json in Mule
 
Basic example using until successful component
Basic example using until successful componentBasic example using until successful component
Basic example using until successful component
 

Viewers also liked

Problem-Solving Skills Guide
Problem-Solving Skills GuideProblem-Solving Skills Guide
Problem-Solving Skills Guiderdlteam
 
Communications Skills Guide
Communications Skills GuideCommunications Skills Guide
Communications Skills Guiderdlteam
 
Problem Solving
Problem SolvingProblem Solving
Problem Solvingrdlteam
 
Izan esandi
Izan esandiIzan esandi
Izan esandiizan55
 
Wps pixie dust attack
Wps pixie dust attackWps pixie dust attack
Wps pixie dust attackinvad3rsam
 
Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Subash SN
 

Viewers also liked (10)

Problem-Solving Skills Guide
Problem-Solving Skills GuideProblem-Solving Skills Guide
Problem-Solving Skills Guide
 
Communications Skills Guide
Communications Skills GuideCommunications Skills Guide
Communications Skills Guide
 
Problem Solving
Problem SolvingProblem Solving
Problem Solving
 
Izan esandi
Izan esandiIzan esandi
Izan esandi
 
Restaurant management
Restaurant managementRestaurant management
Restaurant management
 
Data visualization for e commerce of jcpenney
Data visualization for e commerce of jcpenneyData visualization for e commerce of jcpenney
Data visualization for e commerce of jcpenney
 
Wps pixie dust attack
Wps pixie dust attackWps pixie dust attack
Wps pixie dust attack
 
Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17Null Bangalore Meet 18/03/17
Null Bangalore Meet 18/03/17
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking Intro
 
Poodle
PoodlePoodle
Poodle
 

Similar to Exploiting a vulnerability to gain a shell

Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of TomcatDebashis Nath
 
Ppt for Online music store
Ppt for Online music storePpt for Online music store
Ppt for Online music storeADEEBANADEEM
 
01 overview-and-setup
01 overview-and-setup01 overview-and-setup
01 overview-and-setupsnopteck
 
Tumbleweed intro
Tumbleweed introTumbleweed intro
Tumbleweed introRich Helton
 
Introduction of tomcat
Introduction of tomcatIntroduction of tomcat
Introduction of tomcatKalkey
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC vipin kumar
 
Web container and Apache Tomcat
Web container and Apache TomcatWeb container and Apache Tomcat
Web container and Apache TomcatAuwal Amshi
 
Java servlet technology
Java servlet technologyJava servlet technology
Java servlet technologyMinal Maniar
 
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt20521742
 
WEB TECHNOLOGY Unit-3.pptx
WEB TECHNOLOGY Unit-3.pptxWEB TECHNOLOGY Unit-3.pptx
WEB TECHNOLOGY Unit-3.pptxkarthiksmart21
 
Chapter 3 servlet & jsp
Chapter 3 servlet & jspChapter 3 servlet & jsp
Chapter 3 servlet & jspJafar Nesargi
 

Similar to Exploiting a vulnerability to gain a shell (20)

Introduction of Tomcat
Introduction of TomcatIntroduction of Tomcat
Introduction of Tomcat
 
JAVA
JAVAJAVA
JAVA
 
Apache
ApacheApache
Apache
 
Ppt for Online music store
Ppt for Online music storePpt for Online music store
Ppt for Online music store
 
01 overview-and-setup
01 overview-and-setup01 overview-and-setup
01 overview-and-setup
 
AJppt.pptx
AJppt.pptxAJppt.pptx
AJppt.pptx
 
Tumbleweed intro
Tumbleweed introTumbleweed intro
Tumbleweed intro
 
Introduction of tomcat
Introduction of tomcatIntroduction of tomcat
Introduction of tomcat
 
Lect06 tomcat1
Lect06 tomcat1Lect06 tomcat1
Lect06 tomcat1
 
Tomcat server
Tomcat server Tomcat server
Tomcat server
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
 
Web container and Apache Tomcat
Web container and Apache TomcatWeb container and Apache Tomcat
Web container and Apache Tomcat
 
Apache tomcat
Apache tomcatApache tomcat
Apache tomcat
 
Java servlet technology
Java servlet technologyJava servlet technology
Java servlet technology
 
Servlet.pptx
Servlet.pptxServlet.pptx
Servlet.pptx
 
Servlet.pptx
Servlet.pptxServlet.pptx
Servlet.pptx
 
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
 
WEB TECHNOLOGY Unit-3.pptx
WEB TECHNOLOGY Unit-3.pptxWEB TECHNOLOGY Unit-3.pptx
WEB TECHNOLOGY Unit-3.pptx
 
Servlet classnotes
Servlet classnotesServlet classnotes
Servlet classnotes
 
Chapter 3 servlet & jsp
Chapter 3 servlet & jspChapter 3 servlet & jsp
Chapter 3 servlet & jsp
 

Recently uploaded

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxElton John Embodo
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 

Recently uploaded (20)

YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World Politics
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 

Exploiting a vulnerability to gain a shell

  • 2. ABOUT ME • Name: ADITYA KAMAT • 3rd year BE student at BMSCE. • Very passionate about cyber security (Just a beginner).
  • 3. OVERVIEW • Scan a machine to check for open ports and the services running on it. • Exploit the application/service. • Get access to a shell with basic privileges.
  • 4. APACHE HTTP SERVER VS APACHE TOMCAT • Tomcat – Java and HTTP server – C. • Apache Tomcat is used to deploy your Java Servlets and JSPs in the form of a WAR(Web ARchive). • PHP, HTML, JS, etc. can be run on a HTTP server.
  • 5. A LITTLE ABOUT AXIS2 … • A core engine for web services. • Available in java and C • Allows the addition of Web services interfaces to Web applications. • It can also be used as a standalone server application.
  • 6. WHAT ARE WE EXPLOITING ? • Proxy service on Apache Axis2 located at http://vulnerable/axis2/services/ProxyService/get ?uri=. • Tomcat manager application located at http://vulnerable/manager/html.
  • 7. AIM ? • Exploit a vulnerability in Axis2 to get the login credentials for tomcat manager present at /etc/tomcat6/tomcat-users.xml . • Login to tomcat manager application using those credentials. • Upload a simple jsp shell and demonstrate a few commands.
  • 8. EXPLAINATION OF THE SHELL • if (request.getParameter("x") != null) • Process p = Runtime.getRuntime().exec(request.getParameter("x")); • while (disr != null) { out.println(disr); disr = dis.readLine(); }
  • 11. CREDITS :- • Pentesterlab for the ISO. • Riyaz walikar for the guidance and help. • Null Bangalore team for letting me give this talk.