Re: How to exploit gain root of OpenSSL?

From: Manuel Arostegui Ramirez (manuel@todo-linux.com)
Date: Sat Oct 14 2006 - 04:04:12 EDT


El Viernes, 13 de Octubre de 2006 17:06, 09sparky@gmail.com escribió:
> I am looking for a way to exploit (not dos) and gain root, if possible to
> an old version of OpenSSL. Nessus results are: The remote host seems to be
> running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
>
> Does anyone have any suggestions?
>
> Thanks,
> sparky

If have this one:
 * openssl-too-open.c - OpenSSL remote exploit
 * Spawns a nobody/apache shell on Apache, root on other servers.

openssl-too-open is a remote exploit for the KEY_ARG overflow in
OpenSSL 0.9.6d and older. It will give you a remote shell with the
priviledges of the server process (nobody when used against Apache,
root against other servers).

If you're interested, contact me off the list.
Cheers

-- 
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:12 EDT