Giters

hatRiot / clusterd

application server attack toolkit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

tomcat aux module do not execute

thsle3p opened this issue · comments

commented

When the argument for a aux module is specified to clusterd it goes about fingerprinting the target server but does not execute the aux module example:
./clusterd.py -i [ip] -p 8080 -a tomcat --tc-ofetch

    clusterd/0.3.1 - clustered attack toolkit
        [Supporting 7 platforms]

[2014-07-23 02:49PM] Started at 2014-07-23 02:49PM
[2014-07-23 02:49PM] Servers' OS hinted at windows
[2014-07-23 02:49PM] Fingerprinting host '[ip]'
[2014-07-23 02:49PM] Server hinted at 'tomcat'
[2014-07-23 02:49PM] Checking tomcat version 3.3 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 3.3 Tomcat Admin...
[2014-07-23 02:49PM] Checking tomcat version 4.0 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 4.1 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 4.1 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 4.0 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 5.0 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 5.5 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 5.5 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 5.0 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 6.0 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 6.0 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 7.0 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 7.0 Tomcat Manager...
[2014-07-23 02:49PM] Checking tomcat version 8.0 Tomcat...
[2014-07-23 02:49PM] Checking tomcat version 8.0 Tomcat Manager...
[2014-07-23 02:49PM] Matched 1 fingerprints for service tomcat
[2014-07-23 02:49PM] Tomcat (version 5.0)
[2014-07-23 02:49PM] Fingerprinting completed.
[2014-07-23 02:49PM] Finished at 2014-07-23 02:49PM
Notice that the tomcat credential fetcher did not execute

commented

Your output there would suggest Tomcat 5.0 as the remote server; the module you're trying to run, --tc-ofetch, only works against version 3.3. You can check versioning information of auxiliary modules by running ./clusterd.py --aux-list

commented

Doh! Missed that.
On Wed, 2014-07-23 at 14:09 -0700, bryan alexander wrote:

Your output there would suggest Tomcat 5.0 as the remote server; the
module you're trying to run, --tc-ofetch, only works against version
3.3. You can check versioning information of auxiliary modules by
running ./clusterd.py --aux-list


Reply to this email directly or view it on GitHub.