lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 19 May 2006 11:59:41 -0700 (PDT)
From: Tauqeer Ahmad <ahmadtauqeer@...oo.com>
To: Sanjay Rawat <sanjayr@...oto.com>, bugtraq@...urityfocus.com
Subject: Re: POC exploit for freeFTPd 1.0.10


Hello Sanjay

There was no technical difficulty. That was just a POC
to proof the vulnerability and not to exploit it in
the wild. The choice at your disposal is limit less.
You can also debug the programe on windows 2003 server
and include the offsets. you can debug it on windows
2000 professional, windows in chiness language ;),
windows in japanis, windows in other languages.

Regards,

Tauqeer Ahmad 
 


--- Sanjay Rawat <sanjayr@...oto.com> wrote:


---------------------------------

Hello Ahmad:
I am wondering why you have not given option for
Windows 2000 SP4Professional in your python code. Is
there any technical difficulty?
I think one can include the following snippet in your
code after line #95
---------------------------------------
elif value == '4:
               eip = "\x29\x4c\xE1\x77"  # 77E14c29
JMP ESP IN USER32.DLL(windows 2000 Prof. SP4)
-------------------------------------

Please correct me if I am missing something. As of
now, I could not testthis addition though.

regards
-Sanjay


At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi,

The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.

http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py

Disclaimer:

All the information and exploit in this mail and the
previous are provided for the educational purpose
only. Please do not i repeat do not run this exploit
against any system without prior permission.

Regards,

Tauqeer Ahmad 
0x-Scientist-x0


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com 

Sanjay Rawat
Senior SoftwareEngineer
INTOTO Software (India) Private Limited 
Uma Plaza, Above HSBCBank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082|India  
Office: + 91 4023358927/28 Extn 422 
Website :www.intoto.com
Homepage:http://sanjay-rawat.tripod.com






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ