[IPS] PUTTY SSH-Client Exploit

From: Daniel Alcántara de la Hoz (seguridad@iproyectos.net)
Date: 12/28/02

Next message: phrackstaff@phrack.org: "PHRACK #60 HAS BEEN RELEASED"

Previous message: Daniel Ahlberg: "GLSA: cyrus-sasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Daniel Alcántara de la Hoz <seguridad@iproyectos.net>
To: <bugtraq@securityfocus.com>
Date: Sat, 28 Dec 2002 15:51:46 -0000

-----------------------------------------------------------
I-PROYECTOS Division Seguridad (Security Research)
-----------------------------------------------------------
2003 seguridad@iproyectos.net

   Proof of concept code / Exploit
-----------------------------------------------------------

In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.

It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.

This is intented for educational/testing purposes.

-----------------------------------------------------------
Developed by:
             Rand ( jcamilleri@ono.com )
             Dani ( dani@iproyectos.net )

application/octet-stream attachment: IP-putty.c

Next message: phrackstaff@phrack.org: "PHRACK #60 HAS BEEN RELEASED"
Previous message: Daniel Ahlberg: "GLSA: cyrus-sasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]