lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1051023820.4869.102.camel@peppard.dark.lan>
Date: 22 Apr 2003 16:03:40 +0100
From: John Leach <bugtraq@...nleach.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: Exploit for PoPToP PPTP server - Linux version

Hello world,

Find attached a modified version that will compile with gcc on Linux. 
The vulnerability check seems to work, but I've not yet managed a
successful exploit.

John.

P.S: Greets to my Mum.

On Fri, 2003-04-18 at 15:27, einstein, dhtm wrote: 
> hello bugtraq,
> 
> Here is an exploit for a recently discovered vulnerability in PoPToP
> PPTP server under Linux. Versions affected are all prior to
> 1.1.4-b3 and 1.1.3-20030409.
> The exploit is capable of bruteforcing the RET address to find our
> buffer in the stack. Upon a successfull run it brings up a reverse
> shell with privileges of the pptpd daemon (typically root)
> on the victim server.
> 
> P.S. Greets to ERRor, Death and all others.
> 

-- 
GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047
   HTTP: http://www.johnleach.co.uk

View attachment "pptpd-exploit.c" of type "text/x-c" (9177 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ