|
| 1 | +## Pre-defined SSH Private key for user daltomcat |
| 2 | + |
| 3 | +### Summery |
| 4 | +<hr> |
| 5 | + |
| 6 | +The <b>DALIM Software web applications</b> software stack ships with pre-defined SSH private key for user `daltomcat` |
| 7 | + |
| 8 | +When this software stack is installed on a Linux server, it creates a Linux user with below mentioned configuration (in /etc/passwd file): |
| 9 | + |
| 10 | +`daltomcat:x:****:****:DALiM Tomcat Admin:/home/daltomcat:/bin/bash` |
| 11 | + |
| 12 | +#### Abuse case |
| 13 | + |
| 14 | +An attacker can SSH as user `daltomcat` to a Linux server in which <b>DALIM Software web applications</b> software stack is installed. |
| 15 | + |
| 16 | +To exploit the issue, save below mentioned SSH private key to your machine, chmod it's permission to 400 and SSH to target machine using below menitoned command: |
| 17 | + |
| 18 | +`ssh daltomcat@Server_IP -i id_rsa` |
| 19 | + |
| 20 | + |
| 21 | + |
| 22 | +#### SSH private key content |
| 23 | + |
| 24 | +Below mentioned is the SSH private key for user account `daltomcat`: |
| 25 | + |
| 26 | +``` |
| 27 | +-----BEGIN RSA PRIVATE KEY----- |
| 28 | +MIIEogIBAAKCAQEA28TZ+bYr2OIn4apSrM6Q9qPhWgkOokwyD/VadnMIordEX8he |
| 29 | +36wLJFGyIzg7kWc/zbJ89CutJl6bteC0Tzv6bxl9wCNs1rEpW/eR4wDQRhUpc+pQ |
| 30 | +KlSIhfJa0NOwlgFhol7CR+Hk/9H87pUlNh7vcY7sNH9uRG+CPdX9yuJKP1NZucF2 |
| 31 | +FKNaU2PhytlJl7/xJGsy69wsMFMxEfKhtZgTZN5sK+RbzNxuvJgwj3DmXusalksO |
| 32 | +rpPf1DufqfRT2UvccdwyMh7Gun4CHU7TM8b4hkQO9NmOHI3GvSLcEtJv1lMQ7fLT |
| 33 | +/1ocfR3BjVuB24gmGL54ODn+v9Dv7TI9sCay2QIBIwKCAQBLWW9OTRZY/RT86fB1 |
| 34 | +wypjMN+MlWQaY0RdPi2k9D15neuOjddioWLn4X7ngP56/tQMAq5/mfI5Cn6HgD3S |
| 35 | +Be92jGWg9jPx1ldSu0f2DuhSiumkFdJXp/RLLoWJbSaZ1JaA0AgYpTiSOV4IqCoD |
| 36 | +7Vlow0mrmWeib1/ar8S6lrpe2hzd5VrhmjuXd/S4t/P6yczfyjxU7wAqMPVJ5wJ9 |
| 37 | +XSWBaWwXnCt4FoLRIrFZeJzFvYLea+j0esYCd1uSe1e8wDQXlCjNENE28dgZWYKh |
| 38 | +WJLTtvi80YaJeHLKUix4ZiNzf3oOW6SvScQsMKKBRbhXJz3ohk6F+Xlxei9Umhp0 |
| 39 | +k9WLAoGBAPgRo+8gOcbB+VjKvFGYJb1UupgZWC+lSVDNSZrLChypfSuYMjFGa4qv |
| 40 | +UzzeRnLL8/CawuLuDjK9hsxndGx0/WUawCe1CYmlGJXgFNOe9tIN8yxVsA8axy6+ |
| 41 | +GWh0Vb96XsusrEFqCIi0JcS0dWV5xq9KvocuEwuGvQfDGZ2EBudpAoGBAOLLleiN |
| 42 | +EmXCTKnlWcW5eEjtosAwIDwP+xTXxz+nk56smG/5gAES2eaAn8PBiqpSORbyzW73 |
| 43 | +dOuPg12B7XzTHd9nq+jRpDA1JAtIn5fo4yTkJeJ4cQvw0fPbmcc/Usj1wHaXZfJA |
| 44 | +umzyv3g1MBgOOaznzYwDZKZYxN4eAdMCxfHxAoGAHFnJl6vpWIsycIwyx38aQYYG |
| 45 | +skwKFBLjzrhgLvKiEed8BPtzc1iBUa2jHOYz79zLa/RuC05oBcyEbyHEKab4Y1OD |
| 46 | +rMQ7mrPIS6SUqniRPJPhRuU4sUTjkFA9awX7K9N4jE4/knKEoeiz2/dd37YlVdyo |
| 47 | +D3L63L7xCDON5h23pWsCgYEAz1sMt1xol40S5HnrrXZfWJ7Ar7b45nUC0TpPxSt/ |
| 48 | +pwQzmZOoO37zG+NQPfLH7C3rDarKdBVyNnSVXM6P/RjK2uJxSeQ+V/YSU3WZOm6G |
| 49 | +iCEMsc00KCyisxHrrtrPWKYsTytV5M13PwnToRqvoPcQKQ5yySesetTRQBtvYdam |
| 50 | +WYsCgYEAkuxFor2DGF05bUSLgLKFj2hJ7ZQwkxIXOU/MKt52spL+KHGc/LuCq9Jv |
| 51 | +y43P5UdThFyuS10NBe7iHmbaoLEaRxlO9M38vMIldHDm2nAeQ5AwVVeSEWoSsm2O |
| 52 | +0Waof8fgaW21AMhqudoU1pAvfBNGah7SiKqP/yXjaceWTpSALb0= |
| 53 | +-----END RSA PRIVATE KEY----- |
| 54 | +``` |
| 55 | + |
1 | 56 |
|
0 commit comments