Attacking a Java Web Server
Attacking a Java Web Server
Sisyphus had long known it was possible, but he didn't dare show anyone. He had discovered a new technique for executing commands on a Java Web Server. The flaw was present in not just any Java Web Server, but rather BEA's WebLogic, one of the most popular and ubiquitous Java servers in use.
He discovered the "hole" two days before but was saving it, in hopes of trading it for a buffer overflow his hacker friend, Budda, was working on for IBM's AIX operating system. The exploit was a remote buffer overflow in the finger server of AIX. Once complete, the finger exploit would allow anyone to remotely execute code of his choosing. Sisyphus knew that Budda was working on the exploit for this attack and he needed it. Bad. Sisyphus had been embarrassed by another hacker on IRC a few months back and wanted to get even. He had been dissed by someone who managed AIX systems and always bragged that no one could hack them. Sisyphus wanted his payback and with Budda's exploit, he would have it.
[Sisyphus jumped on IRC to see if Budda was up...]
<sisyphus> b, you got it yet?
<budda> almost, this one's tough...
<budda> I have to get the command execution line perfect...
<budda> give me a couple hours...<budda> you better have something good!<sisyphus> trust me! :) Sisyphus couldn't sit still. The next two hours were going to be the longest of his life. With the warez from Budda he would finally be able to pay his disrespects to "3l1t3," the self-proclaimed AIX guru who could not be hacked. Now all Sisyphus could do was wait.
Budda was an interesting sort. He had been an AIX administrator himself for nearly ten years and an assembly programmer for nearly five years before that. So he knew a few things about the exploit at hand. But he knew little about Web exploits, and that's where Sisyphus came in. Budda needed an exploit to infiltrate an e-commerce Web site and download as many credit card numbers as he could find. Budda liked to launder his connections on the Internet, and he could only truly be anonymous through fake IDs and stolen credit cards. So a couple of weeks back, Budda told Sisyphus that he was amazed at all the Java Web Servers popping up on the Internet and decided to barter for warez. Budda knew of Sisyphus's plight and offered a trade. The exchange was about to occur.
[IRC call coming in...]<budda> sis, u there?<sisyphus> yup. tell me you got good news my friend!<budda> i got it... :)<budda> ann it rox...<sisyphys> AWESOME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<sisyphus> SEND IT OVER!!!!!!!!!!!!!!<budda> not so fast, let's see your warez...<sisyphus> OK OK.
<sisyphus> here it is ...
[Sisyphus sends a file detailing the remote command execution hack on BEA's WebLogic...]
<budda> got it, let me check it..
[a couple minutes goes by]
<budda> sweeeeeet! This is gunna do it...
<budda> here's the goodz
[Budda sends him the source code and Linux binary for the AIX finger exploit...]
<sisyphus> got it! u r the man b!!
<sisyphus> layta
Sisyphus and Budda both had what they needed. Now let the chaos begin.
EAN: 2147483647
Pages: 156