lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6B67002C3FDED3119E5F00508B95969710E95445@TOCOMEXC15>
From: lionel.garcia at airbus.com (GARCIA Lionel)
Subject: ProFTPD-1.2.9rc2 remote root exploit

This line seems suspicious. Don't know the purpose of the shellcode, but I
won't try it.

   /* connect to the bindshell */
   printf("Trying to connect, please wait...\n");

--->   void(*sleep)()=(void*)sc;sleep(5);   <------- Hummm :-\
   if(give_me_a_shell(addr) < 0)

     {
      fprintf(stderr, "Sorry, exploit didn't work.\n");
      return(-1);

The shellcode seems to be locally launched. Anybody to "decrypt" the
shellcode ?



> -----Message d'origine-----
> De : Andreas Gietl [mailto:a.gietl@...dmin.de]
> Envoy? : vendredi 24 octobre 2003 15:36
> ? : Jean-Kevin Grosnakeur; full-disclosure@...ts.netsys.com
> Objet : Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
> 
> 
> On Friday 24 October 2003 14:22, Jean-Kevin Grosnakeur wrote:
> 
> this seems to delete sth on the local harddisk. anybody else 
> seeing this 
> effect?
> 
> > Ladies and gentlemen, here's the source code of the exploit 
> for the latest
> > release of ProFTPD. This is a Zero-Day private exploit, please DON'T
> > REDISTRIBUTE. I will not take responsibility for any 
> damages which could
> > result from the usage of this exploit, use it at your own risk.
> >
> > 
> --------------------------------------------------------------
> ------------
> >
> > Have fun ! @+
> >
> > _________________________________________________________________
> > MSN Messenger 6  http://g.msn.fr/FR1001/866 : plus de 
> personnalisation,
> > plus de fun pour vous et vos amis...
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> -- 
> e-admin internet gmbh
> Andreas Gietl                                            tel 
> +49 941 3810884
> Ludwig-Thoma-Strasse 35                      fax +49 
> (0)1805/39160 - 29104
> 93051 Regensburg                                  mobil +49 
> 171 6070008
> 
> PGP/GPG-Key unter http://www.e-admin.de/gpg.html
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> This mail has originated outside your organization,
> either from an external partner or the Global Internet. 
> Keep this in mind if you answer this message.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031024/c83a8372/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ