Re: How to exploit gain root of OpenSSL?



El Viernes, 13 de Octubre de 2006 17:06, 09sparky@xxxxxxxxx escribió:
I am looking for a way to exploit (not dos) and gain root, if possible to
an old version of OpenSSL. Nessus results are: The remote host seems to be
running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.

Does anyone have any suggestions?

Thanks,
sparky

If have this one:
* openssl-too-open.c - OpenSSL remote exploit
* Spawns a nobody/apache shell on Apache, root on other servers.

openssl-too-open is a remote exploit for the KEY_ARG overflow in
OpenSSL 0.9.6d and older. It will give you a remote shell with the
priviledges of the server process (nobody when used against Apache,
root against other servers).

If you're interested, contact me off the list.
Cheers
--
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------