Results 1 to 4 of 4

Thread: "Good ole trusty" Exploits

  1. #1
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Post "Good ole trusty" Exploits

    So i've been dorking with the wunderbar emporium Null Pointer local privilege escalation exploit as of late [any user to root is just down right sexy to me] and immediately got added to my magic bag of tricks.

    My question is what other specific exploits do you guys consider your "old trusty" when you go out for a pentest. i mean we all are card carrying metasploit yahoos, but i'm referring to the side exploit code the may have slid by from a milw0rm or inj3ct0r type find.

    To be more specific about the wunderbar emporium exploit code can be found here:
    http://www.securityfocus.com/data/vu...emporium-3.tgz

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    This is kind of an InfoSec Catch22.

    There are always new attacks on the horizon but at the same time given different platforms, code re-use, etc. we often see that everything that's old is new again.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Whilst I agree with thorin, there are a few in my bag o' tricks (no specifics though as they are more "i just type the exploit commands" rather than thinking about the versions or what not.

    I always try to use what's in meterpreter first (obviously) for remote exploits, but the big ones are usually SMB exploits for windows, samba exploits for Linux (as well as a few ssh ones for older versions), and a couple of solid OS X exploits I wrote myself against targeted software (the sort of thing you are likely to find in the places I was running these pentests).

    I carry 3 privilege escalation exploits each for windows and linux, the new linux one is currently my favourite, but it doesn't work everywhere nor on slightly older OS's.

    All told, my portable active exploit kit contains about 30 exploits which I use consistently.

    More importantly, I always carry a copy of CUPP and hydra precompiled for as many platforms as I can as I am more likely to get hits off those when exploits fail.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4

    Default

    One of the "old and trusty" exploits I keep around is the do_brk priv escalation sploit for Linux 2.4.x kernels. Easy to use, no messy clean up, works against most 2.4 kernels that are in production (2.4.17 - 2.4.24).

    On the windows side, I keep ms05-039-pnp exploit and my newer favorite ms08-067 exploit in my tool box. They just work!

    BTW, I couldn't get the wunderbar sploit (or any other similar clones) to work on my nix 2.6 kernel test images...very annoying!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •