apace struts

1. How to Hack Apache Struts Vulnerable sites & how to find apache struts vulnerable sites By (Zero Cool)
2.  
3. Full Guide in Youtube Video Link:
4. :::::::: https://www.youtube.com/watch?v=ZSaJNRx6EA4 ::::::::::
5.  
6.  
7. Filetypes which maybe Vulnerable to apache struts are commonly:
8.  
9. .action
10. .do
11. .lib
12. .jspa
13. .lab
14. .seam
15. .cvsp
16. .jhtml
17. .xhtml
18. .java
19. .json
20. .pm
21. .vm
22. .jsp
23. .bat
24. .sh
25. .out
26. .el
27. .bson
28. .com
29. .psml
30. .cfm
31. .axd
32.  
33.  
34. Google Dorks:
35.  
36. Usage: intext:stacktraces
37.  
38.  
39. stacktraces
40. struts.devMode=false
41. in your WEB-INF/classes/struts.properties file.
42. There is no Action mapped for namespace
43. org.apache.catalina.core
44. No result defined for action com
45. Exception Name: java.io.FileNotFoundException
46. org.apache.jasper.runtime
47. java.lang.reflect.Method.invoke
48. org.apache.struts2.interceptor.DeprecationInterceptor.intercept
49. coldfusion.runtime.UndefinedElementException
50. java.util.TreeMap.get
51. java.lang.NullPointerException
52. java.util.Locale
53. com.opensymphony.xwork2
54. at org.apache.tomcat.util.net
55. at com.bea.netuix.nf
56. ognl.Ognl.getValue
57. at freemarker.core.Environment
58. org.apache.tomcat.util.threads
59. org.glassfish.grizzly.filterchain
60. org.springframework.security.web
61. com.opensymphony.xwork2
62. org.smarteda.wsc.common.struts
63. org.apache.struts2.impl
64.  
65.  
66. sun.reflect.NativeMethodAccessorImpl.invoke
67. sun.reflect.NativeMethodAccessorImpl.invoke
68. sun.reflect.DelegatingMethodAccessorImpl.invoke
69. com.opensymphony.xwork2.DefaultActionInvocation.invoke
70. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
71. com.opensymphony.xwork2.DefaultActionInvocation.invoke
72. com.samilpower.interceptor.StationWithInverterChooseFlowInterceptor.intercept
73. com.opensymphony.xwork2.DefaultActionInvocation.invoke
74. com.samilpower.interceptor.RequestAuthorizationManagerInterceptor.doIntercept
75. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
76. com.opensymphony.xwork2.DefaultActionInvocation.invoke
77. com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept
78. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
79. com.opensymphony.xwork2.DefaultActionInvocation.invoke
80. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
81. com.opensymphony.xwork2.DefaultActionInvocation.invoke
82. com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept
83. com.opensymphony.xwork2.DefaultActionInvocation.invoke
84. com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept
85. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
86. com.opensymphony.xwork2.DefaultActionInvocation.invoke
87. com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
88. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
89. com.opensymphony.xwork2.DefaultActionInvocation.invoke
90. com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
91. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
92. com.opensymphony.xwork2.DefaultActionInvocation.invoke
93. com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept
94. com.opensymphony.xwork2.DefaultActionInvocation.invoke
95. org.apache.struts2.interceptor.MultiselectInterceptor.intercept
96. com.opensymphony.xwork2.DefaultActionInvocation.invoke
97. org.apache.struts2.interceptor.CheckboxInterceptor.intercept
98. com.opensymphony.xwork2.DefaultActionInvocation.invoke
99. org.apache.struts2.interceptor.FileUploadInterceptor.intercept
100. com.opensymphony.xwork2.DefaultActionInvocation.invoke
101. sun.reflect.GeneratedMethodAccessor489.invoke
102. sun.reflect.DelegatingMethodAccessorImpl.invoke
103. org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs
104. org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod
105. org.springframework.aop.aspectj.AspectJAroundAdvice.invoke
106. org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
107. org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke
108. org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
109. org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept
110. com.samilpower.action.LoginAction$$EnhancerByCGLIB$$cb7d22c3.changeLangeuage
111. org.apache.struts2.impl.StrutsActionProxy.execute
112. org.apache.struts2.dispatcher.Dispatcher.serviceAction
113. org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction
114. org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter
115. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
116. org.apache.catalina.core.ApplicationFilterChain.doFilter
117. com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent
118. com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter
119. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
120. org.apache.catalina.core.ApplicationFilterChain.doFilter
121. org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter
122. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
123. org.apache.catalina.core.ApplicationFilterChain.doFilter
124. org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal
125. org.springframework.web.filter.OncePerRequestFilter.doFilter
126. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
127. org.apache.catalina.core.ApplicationFilterChain.doFilter
128. org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal
129. org.springframework.web.filter.OncePerRequestFilter.doFilter
130. org.apache.catalina.core.ApplicationFilterChain.doFilter
131. com.samilpower.assist.SamilpoerI18nAssist.doFilter
132. org.apache.catalina.core.ApplicationFilterChain
133. org.apache.catalina.core.StandardContextValve.invoke
134. org.apache.catalina.authenticator.AuthenticatorBase.invoke
135. org.apache.catalina.core.StandardHostValve.invoke
136. org.apache.catalina.valves.ErrorReportValve.invoke
137. org.apache.catalina.connector.CoyoteAdapter.service
138. org.apache.coyote.http11.AbstractHttp11Processor.process
139. org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process
140. org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run
141. org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run
142.  
143. ________________________________________________________________________________________________________________________________________
144.  
145. Useful Files: (espacially for jboss,tomcat...etc) just deploy =D
146.  
147.  
148. 1.File/shell uploader in .war:
149. http://s000.tinyupload.com/index.php?file_id=29724587056705449390
150. Usage:
151. i.How to find the path of your Uploader (in my case see the highlighted link) :::::::: http://i.imgur.com/b3pjU6t.jpg ::::::::
152. ii.Your uploaded file will be available at ::::::: PathToUploader/upload/YourFilename
153. for example At my case (http://vulnerablesite.com/war/WebApp_ID/upload/zerocool.html)
154.  
155.  
156.  
157. 2.Deface Page in .war:
158. http://s000.tinyupload.com/index.php?file_id=60934504532305661865
159. Usage:
160. i.Just change the index.html file with your deface page script :)
161. ________________________________________________________________________________________________________________________________________
162.  
163. Special Thanks to leets:
164. Kashmiri Cheetah,Mr.X3ro,An0n 3xPloiteR,Umair Ahmed,Devil Killer,Ahmed Raza Memon,John Kazak.....
165. Team PCG,PCA,PCT,PCS,BlackLeets.... and all Pakistani Hackers
166.  
167. Enjoy! all Dorks Created by Zero Cool
168. Make your own Way to find sites :)