Robin, Scriptjunkie's attack is in trunk, it's listed as a post mod tho as opposed to an exploit since you already need access to the first box. He has some interesting methods in there too for getting code execution once u release the target and let it boot normally.
The pxe boot looping issue can be easily solved by killing the dhcp server after the first request or with a better config that checks the vendor info (Microsoft dhcp client will send MSFT, Linux dhcp clients vary but they don't send MSFT obviously) -Josh _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
