Looking for old Interbase proof-of-concept exploit
From: Charles 'core' Stevenson (core@bokeoa.com)Date: 01/29/02
- Previous message: Gerardo Richarte: "Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs.ApplicationIDSs"
- Next in thread: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
- Reply: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jan 2002 05:39:54 -0700 From: Charles 'core' Stevenson <core@bokeoa.com> To: "vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>
Hi,
I was reading up on the old Interbase hardcoded backdoor and I'm not
sure how to go about writing some code to interface with the server and
perform authentication and execute arbitrary commands. I wondered if
anyone has created a proof-of-concept exploit or if not has any
information on the protocol that could help me create my own.
Here's the hardcoded backdoor account information:
#define LOCKSMITH_USER "politically"
#define LOCKSMITH_PASSWORD "correct"
The server runs on port 3050. It is sometimes spawned from inetd:
#gds_db stream tcp nowait.30000 root
/usr/local/sbin/gds_inet_server gds_inet_server # InterBase Database
Remote Server
From reading the documentation I gather that it no longer needs to be
run through inetd. I was able to spawn the server by locally running it
with the '-d' flag.
References:
http://www.cert.org/advisories/CA-2001-01.html
http://list.cobalt.com/pipermail/cobalt-users/2001-January/030260.html
http://www.securityfocus.com/bid/2192
Any information would be great.
Best Regards,
Charles Stevenson
- Previous message: Gerardo Richarte: "Re: [NGSEC] Whitepaper Released: Polymorphic shellcodes vs.ApplicationIDSs"
- Next in thread: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
- Reply: Stephen: "Re: Looking for old Interbase proof-of-concept exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
