Re: re: Working proftpd remote root exploit

[Carl Livitt <carl () learningshophull co uk>]

This is not a universal exploit...  for example, it won't work on redhat
7.3 installations (and slack 9 by the looks of it). These are issues
relating to variables on the heap getting munged by the payload.

Exceptions need to be added to the source for some targets... at present,
rh7.2 has been added and this suffices for now.

If you/anyone else needs to add more targets, use the '-s' mode (sleep for
10 seconds) and attach gdb to the proftpd process and debug from there.

Cheers,
Carl.

On Mon, 13 Oct 2003, chris wrote:

> This sort of worked on ProFtpD 1.2.8 Slackware 9.0, I received an error message though:
>
> "Failing to connect to remote host
> : Success"
>
> I checked my users home directory and found the 'incoming' folder with 'aa' file. The aa file is a shell but it never 
> binded to port 4660. Works but, doesnt work.. sorta. Thanks.
>
> chris () cr-secure net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html