From: Manuel Arostegui Ramirez (manuel@todo-linux.com)
Date: Sat Oct 14 2006 - 04:04:12 EDT
El Viernes, 13 de Octubre de 2006 17:06, 09sparky@gmail.com escribió:
> I am looking for a way to exploit (not dos) and gain root, if possible to
> an old version of OpenSSL. Nessus results are: The remote host seems to be
> running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
>
> Does anyone have any suggestions?
>
> Thanks,
> sparky
If have this one:
* openssl-too-open.c - OpenSSL remote exploit
* Spawns a nobody/apache shell on Apache, root on other servers.
openssl-too-open is a remote exploit for the KEY_ARG overflow in
OpenSSL 0.9.6d and older. It will give you a remote shell with the
priviledges of the server process (nobody when used against Apache,
root against other servers).
If you're interested, contact me off the list.
Cheers
-- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:12 EDT