lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030915161417.A4899@sorbo.sorbonet.org>
Date: Mon, 15 Sep 2003 16:14:17 +0200
From: sorbo <sorbox@...oo.com>
To: sorbox@...oo.com
Subject: remote Pine <= 4.56 exploit fully automatic

Ok here it is
Remote pine exploit
quite efficient since no "real offsets are needed" especially in the
first method of exploitation

Worx against grsec high security with random stack with "hard" method
since it is a return to libc tested vs slackware grsec

portbind on 6682 with FULL therminal support i.e. launch bx from ur exp =D

autodiscovers targets/offsets needed

redhat works too but only "easy" method... because of a pop ebp before a
ret.. there is no leave

worm can easily b made especially with "bruteforce" with about 99%
success!!

have fun =P



sorry i forgot to attach code ;D

View attachment "sorpine.c" of type "text/plain" (20848 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ