lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.56.0310131943170.32528@officeserver.learningshophull.co.uk>
From: carl at learningshophull.co.uk (Carl Livitt)
Subject: re: Working proftpd remote root exploit

This is not a universal exploit...  for example, it won't work on redhat
7.3 installations (and slack 9 by the looks of it). These are issues
relating to variables on the heap getting munged by the payload.

Exceptions need to be added to the source for some targets... at present,
rh7.2 has been added and this suffices for now.

If you/anyone else needs to add more targets, use the '-s' mode (sleep for
10 seconds) and attach gdb to the proftpd process and debug from there.

Cheers,
Carl.

On Mon, 13 Oct 2003, chris wrote:

> This sort of worked on ProFtpD 1.2.8 Slackware 9.0, I received an error message though:
>
> "Failing to connect to remote host
> : Success"
>
> I checked my users home directory and found the 'incoming' folder with 'aa' file. The aa file is a shell but it never binded to port 4660. Works but, doesnt work.. sorta. Thanks.
>
> chris@...secure.net


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ