1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hack/Inject Java Shell into Tomcat Java Server / Recover Our Files

Discussion in 'Hire a Freelancer' started by laranjagx4, Mar 31, 2013.

  1. laranjagx4

    laranjagx4 Regular Member

    Joined:
    Mar 28, 2012
    Messages:
    204
    Likes Received:
    102
    Hello,


    Long story short,
    I paid one developer to make a software for me a few years ago. Now, this person has disappeared, I think he is not in the country anymore, and all of our data is hosted in his server. We keep trying to get in touch with him but he says that if we keep bothering him, he will shut the server down. We have valuable data in his server, since we've used his software for the past five years, and we can't lose everything.


    The only thing that we need is to have access to all of our files so we can host them in another server by our own.


    Here are some info:


    - It is a Apache Tomcat/6.0.16 server


    - Most of the files extensions are .do and .jsp


    - Tomcat runs on port 8080, but port 8080 is closed to open internet and all the traffic is passed through port 80 using Apache's Mod_Proxy.


    - I can upload any kind of file to the server, but I can't access the files. Since the uploaded files are placed in a folder outside Tomcat's main folder, I don't have permission to run the uploaded files.


    - I have access to the software administrative webpage, so I can upload files.


    I just need someone that can inject a shell and run it, or can retrieve all my files + database. Since I have sensitive data in there, I will not provide you my username/password. This is how we will do this:


    - I will provide wil remote access to a Virtual Machine with Windows 7 installed.
    - You will access it via Remote Desktop or Teamviewer.
    - You need to add me on Skype and we will be chatting eventually while you do the job, in case you have any question or concern.
    - I will watch everything that you are doing.
    - If I feel that you are doing anything that you shouldn't be doing (this inclues download reports or copying sensitive data), I will close the remote session and kick you out.


    Only serious people please.


    This should be a fairly easy task to do for someone who knows what he/she is doing, so please don't take too long to do it. If you charge by hour and I see that you're just fooling around the website/system, I will close the remote session.
     
  2. indianbill007

    indianbill007 Jr. VIP Jr. VIP

    Joined:
    Jan 8, 2010
    Messages:
    4,813
    Likes Received:
    4,051
    Occupation:
    Making Money when the world is sleeping
    Location:
    Menlo Park - Next to Zuck
    What you are asking to do is hacking and is illegal and violates BHW TOS as well, since its a BH forum not hack forums.

    Installing a shell on anyone's server without his permission is a criminal activity.

    I am not bashing you, just making everyone know since the guy who owns the server can prosecute you or the freelancer who takes your job if he is in any of those countries where hacking is a cyber crime, including 3rd world countries like India, Romania etc.

    So whoever takes this job, just be warned and don't get yourself butt-fucked.. Some companies don't take this activity lightly.
     
  3. Raffy

    Raffy Regular Member

    Joined:
    Nov 30, 2012
    Messages:
    212
    Likes Received:
    613
    [​IMG]
     
  4. laranjagx4

    laranjagx4 Regular Member

    Joined:
    Mar 28, 2012
    Messages:
    204
    Likes Received:
    102
    Do you suggest any other way to get my dad company's data back ???
    The guy has disappeared, he was a Mexican developer and he probably is in Mexico right now.
    I can't prosecute him since I have no idea where he is at. I hired him because he was new in the country, but he was a very good Java developer and his software fits our needs.

    But I can't handle this situation anymore. My dad company's life is hosted in his server and I no longer have root access to it. Me and my employees can still log into the system and work, but I'm afraid that some day he will simply shut the server down.

    I'm " in the palm of his hands" and I hate being in this situation..

    What should I do then ????
     
  5. indianbill007

    indianbill007 Jr. VIP Jr. VIP

    Joined:
    Jan 8, 2010
    Messages:
    4,813
    Likes Received:
    4,051
    Occupation:
    Making Money when the world is sleeping
    Location:
    Menlo Park - Next to Zuck
    As I said, am not bashing you or anything, you may be right that you need your data back.

    But the freelancers who are taking up your job, need to know what they are doing is illegal. Its just a warning to the community here, please don't take it personally.
     
  6. Newelly

    Newelly Regular Member

    Joined:
    Jul 25, 2012
    Messages:
    306
    Likes Received:
    93
    Location:
    ViceOffers
    @Indianbill; I'm not quiet sure what he is trying to put across, but from my gathering his site is not yet offline; this means that he can do a full site back up saving all databases and files from the FTP. Therefore his dad's lifetime business won't be lost and can be cloned or reuploaded on to a new server.

    -Newelly
     
  7. benny>>

    benny>> Registered Member

    Joined:
    Jul 18, 2010
    Messages:
    78
    Likes Received:
    24
    Occupation:
    Teacher
    Location:
    Australia
    Impossible to stop them stealing data. They can record their screen as they remote desktop you and then take what they want later.