lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.56.0310131943170.32528@officeserver.learningshophull.co.uk> From: carl at learningshophull.co.uk (Carl Livitt) Subject: re: Working proftpd remote root exploit This is not a universal exploit... for example, it won't work on redhat 7.3 installations (and slack 9 by the looks of it). These are issues relating to variables on the heap getting munged by the payload. Exceptions need to be added to the source for some targets... at present, rh7.2 has been added and this suffices for now. If you/anyone else needs to add more targets, use the '-s' mode (sleep for 10 seconds) and attach gdb to the proftpd process and debug from there. Cheers, Carl. On Mon, 13 Oct 2003, chris wrote: > This sort of worked on ProFtpD 1.2.8 Slackware 9.0, I received an error message though: > > "Failing to connect to remote host > : Success" > > I checked my users home directory and found the 'incoming' folder with 'aa' file. The aa file is a shell but it never binded to port 4660. Works but, doesnt work.. sorta. Thanks. > > chris@...secure.net
Powered by blists - more mailing lists