Re: How to exploit gain root of OpenSSL?
- From: Manuel Arostegui Ramirez <manuel@xxxxxxxxxxxxxx>
- Date: Sat, 14 Oct 2006 10:04:12 +0200
El Viernes, 13 de Octubre de 2006 17:06, 09sparky@xxxxxxxxx escribió:
I am looking for a way to exploit (not dos) and gain root, if possible to
an old version of OpenSSL. Nessus results are: The remote host seems to be
running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
Does anyone have any suggestions?
Thanks,
sparky
If have this one:
* openssl-too-open.c - OpenSSL remote exploit
* Spawns a nobody/apache shell on Apache, root on other servers.
openssl-too-open is a remote exploit for the KEY_ARG overflow in
OpenSSL 0.9.6d and older. It will give you a remote shell with the
priviledges of the server process (nobody when used against Apache,
root against other servers).
If you're interested, contact me off the list.
Cheers
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- How to exploit gain root of OpenSSL?
- From: 09sparky
- How to exploit gain root of OpenSSL?
- Prev by Date: Re: How to exploit gain root of OpenSSL?
- Next by Date: RE: unswitched behavior of a switched network...
- Previous by thread: Re: How to exploit gain root of OpenSSL?
- Next by thread: unswitched behavior of a switched network...
- Index(es):
Relevant Pages
|
