remote exploit bug

[vreezver]

hello
i'm a starter in linux security.
i am now trying to exploit the crackaddr() bug in the sendmail 8.10.x versions.

here's how it goes:


--------------------------------
vreezver@Linux:[$] ./exploit <target_ip> <my_ip> <targer_number>
# target number here is 0

Sendmail <8.12.8 crackaddr() exploit by bysin
from the l33tsecurity crew

Resolving address... Address found
Connecting... Connected!
Sending exploit... Exploit sent!
Waiting for root prompt... # instead of getting a shell prompt nothing happens.

vreezver@Linux:[$]
-------------------------------------------------------
i'm working through a lan and getting access to the intrenet from a server

- maybe this root prompt less is due to a firewall blocking

-maybe i should use my extern ip address instead of the one i am using inside the lan

i'd like to know what is the real trouble
i am using a Linux/Knoppix 5.1.1 version based on a 2.6.19 kernel.

thanx for reponding me
Edited by -=Xploitz=-
thanx

[-=Xploitz=-]

vreezver

There is no need to post your e-mail address. If they know the answer, or want to offer you hints,.... they will. They will post it publicly here so that all may see and learn from it. Your not special.

Thanks.

[vreezver]

ok i didnt mean to look special
i prefer them to respond publicly
thanx

[-=Xploitz=-]

No worries.

Just remember for next time.

[thorin]

--------------------------------
vreezver@Linux:[$] ./exploit <target_ip> <my_ip> <targer_number>
# target number here is 0

Sendmail <8.12.8 crackaddr() exploit by bysin
from the l33tsecurity crew

Resolving address... Address found
Connecting... Connected!
Sending exploit... Exploit sent!
Waiting for root prompt... # instead of getting a shell prompt nothing happens.
-------------------------------------------------------
i'm working through a lan and getting access to the intrenet from a server

- maybe this root prompt less is due to a firewall blocking

Could be.

-maybe i should use my extern ip address instead of the one i am using inside the lan

If you're trying to connect to an external IP you'll need to provide your external IP (since from the outside looking in your internal IP isn't reachable....you might wanna read RFC 1918 and brush up on some IP routing information). However, if you're connecting to an External IP you better be sure you have written permission.

[purehate]

If your using knopix as your attack machine this really has nothing to do with backtrack. The problem is most likely the service is not vunerable. this happens because of updates or wrong version. If your sure the version is exploitable then the next issue is usually your router or server. you must be clear on which port your exploit is returning on and foorward it to your attack machine. for example if I send a exploit and it sends back a reverse shell on port 5000 then port 5000 on my firewalled router must be forwarded to the internal ip of my attack machine. If you are exploiting across the net then yes you should be using your external IP. if you send a command to reurn on 192.168.1.100 then that's not going to work for obvious reasons.

[vreezver]

ok.thanks Torin,
but what i am saying is that i m getting a remote shell without being able to access it. what could be the problem?

[vreezver]

If your sure the version is exploitable then the next issue is usually your router or server

ok. purehate, we did have already realised it but with no assurance ; we think it ts a router problem.

you must be clear on which port your exploit is returning on and foorward it to your attack machine.

so you mean i "should be clear" in my source on the returning port right?

[thorin]

Uh earlier you said no shell.
"instead of getting a shell prompt nothing happens."
So which is it?

[vreezver]

uh...
the exploit worked successfully
and prints out : <<exploit sent>>
and then << waiting for root prompt>>

this means the root was sent but we didnt receive it