Cal Leeming [Simplicity Media Ltd] wrote:
Actually Ryan, I'll think you'll find a lot of people just wanted to
contribute towards testing, as most authors will appreciate the masses
testing on as many systems as possible.
It's not a case of anyone showing off, it's simply that a lot of
h...@darkstar:~$ cat /etc/slackware-version
Slackware 13.1.0
h...@darkstar:~$ uname -a
Linux darkstar 2.6.33.4-smp #2 SMP Wed May 12 22:47:36 CDT 2010 i686
Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz GenuineIntel GNU/Linux
h...@darkstar:~$ cc full-nelson.c -o full-nelson
h...@darkstar:~$
sp...@alucard ~ $ uname -a
Linux alucard 2.6.35-zen2-knight #1 ZEN SMP PREEMPT Wed Dec 1 12:34:54 BRST
2010 x86_64 Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz GenuineIntel
GNU/Linux
sp...@alucard ~ $ gcc -o nerso full-nelson.c
sp...@alucard ~ $ ./nerso
[*] Failed to open file descriptors.
I heard rumors it's backdoored and sends your /etc/passwd and uname to Dan
Rosenberg.
Just sayin'
On Mon, Dec 13, 2010 at 3:27 PM, fireb...@backtrack.com.br wrote:
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano full-nelson.c
[r...@localhost~]#gcc-o full-nelson.c full-nelson
[r...@localhost~]#./full-nelson
[*] Failed to open file descriptors.
[r...@localhost~]# uname-a
Linux
On 13/12/2010 12:03 PM, highteck wrote:
r...@bt:~# su test
sh-3.2$ cd /tmp
sh-3.2$ id;uname -a
uid=1000(test) gid=1000(test) groups=1000(test)
Linux bt 2.6.34 #1 SMP Wed Jul 21 09:51:09 EDT 2010 i686 GNU/Linux
sh-3.2$ ls
full-nelson.c
sh-3.2$ gcc full-nelson.c -o full-nelson
sh-3.2$
On 13/12/2010 12:05 PM, highteck wrote:
Posted by Benji on Dec 13
I heard rumors it's backdoored and sends your /etc/passwd and uname to
Dan
Rosenberg.
Just sayin'
^^^
1. wheres the shell code to hide such a process?
2. do you see /etc/passwd any ware in there?
3. dan rosenberg is a
But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.
--Ariel
fireb...@backtrack.com.br wrote:
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano full-nelson.c
[r...@localhost~]#gcc-o
I've seen far too many people just sending back Failed to open file
descriptors without giving any indication as to what could have happened.
:| Can people *please* remember to send the author as much debug as possible
(at the very least, an strace), so they can at least see what's going on.
Can
On Mon, Dec 13, 2010 at 12:40 PM, Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk wrote:
I've seen far too many people just sending back Failed to open file
descriptors without giving any indication as to what could have happened.
...
Anyways, the code failed on our
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com
, 13 Dec 2010 20:40:45
To: Ariel Bienerar...@post.tau.ac.il
Cc: leandro_li...@portari.com.br; fireb...@backtrack.com.br;
bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full
...@post.tau.ac.il
Cc: leandro_li...@portari.com.br; fireb...@backtrack.com.br;
bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full-Disclosure - We believe in it.
Charter: http
: leandro_li...@portari.com.br; fireb...@backtrack.com.br;
bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
...@lists.grok.org.uk
Date: Mon, 13 Dec 2010 20:40:45
To: Ariel Bienerar...@post.tau.ac.il
Cc: leandro_li...@portari.com.br; fireb...@backtrack.com.br;
bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
Admitting you will not feed the trolls show that you have fed the trolls
at some point in time and have fell for a troll.
There is no way to properly damage control this statement.
YHBT YHL HAND
On 12/13/2010 04:19 PM, Cal Leeming [Simplicity Media Ltd] wrote:
No more troll feed for you!
-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com
...@portari.com.br,
fireb...@backtrack.com.br, bugt...@securityfocus.com,
full-disclosure@lists.grok.org.uk
Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Please don't inundate me with e-mail because none of you bothered
...@portari.com.br, fireb...@backtrack.com.br,
bugt...@securityfocus.com, full-disclosure@lists.grok.org.uk
Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Please don't inundate me with e-mail because none of you bothered
; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com
More one test:
t...@test:~/Downloads$ ./testing
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa0026610
[+] Resolved econet_ops to 0xa0026720
[+] Resolved commit_creds to 0x810863c0
[+] Resolved prepare_kernel_cred to 0x81086890
[*]
$ ./nelson
[*] Failed to open file descriptors.
$ uname -r
2.6.35.6-48.fc14.x86_64
$ cat /etc/redhat-release
Fedora release 14 (Laughlin)
But I updated a couple of days ago.
--
Best regards,
Vadim
___
Full-Disclosure - We believe in it.
Charter:
Hi Dan,
Tested on:
kernel 2.6.32 (Ubuntu 10.04) worked.
kernel 2.6.28 didn’t work. (Failed to open file descriptors)
Nice work, Dan.
Regards,
Sherif
On Tue, Dec 7, 2010 at 10:25 PM, Dan Rosenberg dan.j.rosenb...@gmail.comwrote:
Hi all,
I've included here a proof-of-concept local
a few test
[...@yangtao ~]$ ./extest
./extest: error while loading shared libraries: requires glibc 2.5 or
later dynamic linker
[...@yangtao ~]$ uname -r
2.6.9-89.0.25.ELsmp
[...@yangtao ~]$ cat /etc/redhat-release
CentOS release 4.8 (Final)
==
[...@kernel ~]$ ./extest
[*]
it's worked on 2.6.35.7, nice exploit
On Wed, Dec 8, 2010 at 6:09 AM, Rem7ter rem7...@gmail.com wrote:
Why gcc exp.c -o exp alert Error: too many Argument? I test it in Linux
2.6.X.
2010/12/7 coderman coder...@gmail.com
On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
, bugt...@securityfocus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel ./test
[*] Failed to open file
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved
If you've applied all your Ubuntu updates, the exploit is not going to
work. I decided to take a more responsible approach to exploit
publishing with this release. Rather than publish a fully weaponized
exploit that could be used by script kiddies everywhere to compromise
innocent users'
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel gcc _2.6.37.local.c -o
...@asp64.com
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Wed, 08 Dec 2010 09:12:36
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Linux kernel exploit
Doesnt work here on Ubuntu 10.10 (VirtualBox) clean install (but with
all updates) with only an “apt-get install
I ran it and my computer turned into a mudkip. I took a picture which
I have uploaded at [0]
I didn't read the instructions was I supposed to?
[0] -
http://www.aspectofthehare.net/wp-content/uploads/2009/07/MudkipComputerGame.png
___
Full-Disclosure
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Hello Dan, is this exploitation not mitigated by best practice
defense-in-depth strategies such as
Debian lenny:
nik...@sandbox:~$ uname -a
Linux sandbox 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010
x86_64 GNU/Linux
nik...@sandbox:~$ make full-nelson
cc full-nelson.c -o full-nelson
nik...@sandbox:~$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved
Media Ltd]
cal.leem...@simplicitymedialtd.co.uk
Reply-to: cal.leem...@simplicitymedialtd.co.uk
To: Dan Rosenberg dan.j.rosenb...@gmail.com
Cc: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
Subject: Re: [Full-disclosure] Linux kernel exploit
Date: Tue, 07 Dec 2010 21:06:44 +
Anyone
Rosenberg
dan.j.rosenb...@gmail.comdan%20rosenberg%20%3cdan.j.rosenb...@gmail.com%3e
*Cc*: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
*Subject*: Re: [Full-disclosure] Linux kernel exploit
*Date*: Tue, 07 Dec 2010 21:06:44 +
Anyone tested this in sandbox yet?
On 07/12/2010
...@gmail.com%3e
*Cc*: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
*Subject*: Re: [Full-disclosure] Linux kernel exploit
*Date*: Tue, 07 Dec 2010 21:06:44 +
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof
*Subject*: Re: [Full-disclosure] Linux kernel exploit
*Date*: Tue, 07 Dec 2010 21:06:44 +
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header
On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears rdse...@mtu.edu wrote:
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Except that he needs to clean up his code - no one uses go to anymore.
Worked on Ubuntu 10.10 .. awesome work :)
On Thu, Dec 9, 2010 at 11:15 AM, Ed Carp e...@pobox.com wrote:
On Tue, Dec 7, 2010 at 1:21 PM, Ryan Sears rdse...@mtu.edu wrote:
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel = 2.6.37 local privilege escalation
* by
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy
dan.j.rosenb...@gmail.com
Cc: full-disclosure@lists.grok.org.uk, bugt...@securityfocus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all
On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
dan.j.rosenb...@gmail.com wrote:
... I've included here a proof-of-concept local privilege escalation
exploit...
* This exploit leverages three vulnerabilities to get root, all of which were
* discovered by Nelson Elhage:
...
* However, the
Why gcc exp.c -o exp alert Error: too many Argument? I test it in Linux
2.6.X.
2010/12/7 coderman coder...@gmail.com
On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
dan.j.rosenb...@gmail.com wrote:
... I've included here a proof-of-concept local privilege escalation
exploit...
* This
46 matches
Mail list logo
