Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Milw0rm Update corrupts sploitlist.txt

  1. #1
    Just burned his ISO Neo23x0's Avatar
    Join Date
    Feb 2006
    Posts
    20

    Default Milw0rm Update corrupts sploitlist.txt

    I performed a milw0rm update with "update-milw0rm".
    After that it starts the "update-milw0rm" script.

    This script creates a erroneous sploitlist.txt file.
    Why? I noticed that it greps for some header-lines of each file to create the sploitlist.txt.

    Has anybody a hack to this.

    Thanks a lot

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Please explain your problem because I don't get it.

  3. #3
    Just burned his ISO Neo23x0's Avatar
    Join Date
    Feb 2006
    Posts
    20

    Default

    sploitlist.txt contains a grepable list of exploits provided by milw0rm.

    After performing an update using "update-milw0rm" this list is corrupted.

    Now it contains

    ./makeindex-milw0rm
    ./platforms/QNX/local/1347.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/QNX/local/1479.sh #!/bin/sh
    ./platforms/QNX/local/1481.sh #!/bin/sh
    ./platforms/aix/local/1001.txt -bash-2.05b$
    ./platforms/aix/local/1044.c /*
    ./platforms/aix/local/1045.c /*
    ./platforms/aix/local/1046.c /*
    ./platforms/aix/local/333.c <stdio.h>
    ./platforms/aix/local/335.c <stdio.h>
    ./platforms/aix/local/699.c exploit for /usr/bin/paginit
    ./platforms/aix/local/701.sh /tmp/aap/bin
    ./platforms/aix/local/898.sh #!/usr/bin/sh
    ./platforms/aix/local/4231.c 07/2007: public release
    ./platforms/aix/local/4232.sh #!/bin/sh
    ./platforms/aix/local/4233.c 07/2007: public release
    ./platforms/aix/local/4612.py #
    ./platforms/asp/remote/1010.pl #!/usr/bin/perl
    ./platforms/asp/remote/1015.txt <!--
    ./platforms/asp/remote/1070.pl #!/usr/bin/perl
    ./platforms/asp/remote/1071.pl -w
    ./platforms/asp/remote/1112.txt Change /str0ke -->
    ./platforms/asp/remote/1252.htm <!--
    ./platforms/asp/remote/1399.txt <!--
    ./platforms/asp/remote/1418.txt Contacts:{
    ./platforms/asp/remote/1419.pl #!/usr/bin/perl
    ./platforms/asp/remote/1472.pl #!/usr/bin/perl
    ...
    ...
    and so on

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Heres mine after a update. seems fine.
    Code:
    Downloading Exploit archive from Milw0rm
    --08:02:53--  http://www.milw0rm.com/sploits/milw0rm.tar.bz2
               => `milw0rm.tar.bz2'
    Resolving www.milw0rm.com... 76.74.9.18
    Connecting to www.milw0rm.com|76.74.9.18|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 4,294,268 (4.1M) [application/x-tar]
    
    100%[================>] 4,294,268    155.65K/s    ETA 00:00
    
    08:03:22 (148.57 KB/s) - `milw0rm.tar.bz2' saved [4294268/4294268]
    
    Extracting Archive
    Generating Exploit List, please wait
    Done!
    You can "cat sploitlist.txt |grep -i exploit"
    
    bash: fortune: command not found
    
    BackTrack exploits # ls
    framework2/  framework3-trunk/  update-milw0rm*
    framework3/  milw0rm/
    BackTrack exploits # cd /pentest/exploits/milw0rm
    BackTrack milw0rm # ls
    makeindex-milw0rm*  platforms/  rport/  sploitlist.txt
    BackTrack milw0rm # cat sploitlist.txt |grep -i exploit
    ./rport/21/107.c proftpd 1.2.7/1.2.9rc2 remote root exploit by bkbll (bkbll#cnhonker.net, 2003/10/1)
    ./rport/21/150.c Serv-U FTPD 4.x "SITE CHMOD" Reverse Bindshell Exploit
    ./rport/21/158.c ex_servu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit
    ./rport/21/348.c 7350wurm - x86/linux wu_ftpd remote root exploit
    ./rport/21/2936.pl FTP server (GNU inetutils 1.4.2) Remote Root Exploit
    ./rport/21/3021.txt ProFTPd remote root exploit
    ./rport/23/409.c 7350854 - x86/bsd telnetd remote root exploit
    ./rport/25/46.c Remote Buffer Overflow Exploit for Kerio MailServer 5.6.3 */
    ./rport/25/582.c Crab's exploit for YahooPOPs <= 1.6 SMTP
    ./rport/25/637.c Remote exploit for MailCarrier by NoPh0BiA,
    ./rport/25/2601.c IMail 2006 and 8.x SMTP Stack Overflow Exploit
    ./rport/53/3554.pm MetaSploit exploit for remote buffer overflow issue in dproxy
    ./rport/69/3170.pm Msf::Exploit::3com_tftp_long_mode;
    ./rport/80/189.c iisex iis exploit (<- nost's idea) v2
    ./rport/80/344.c Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit (2)
    ./rport/80/660.c Remote exploit for the php memory_limit vulnerability found by Stefan
    ./rport/80/4093.pl Apache w/ mod_jk Remote Exploit
    ./rport/80/4243.c corehttp[v0.5.3alpha]: httpd remote buffer overflow exploit. ]**********
    ./rport/81/940.c /*[ sumus[v0.2.2]: (httpd) remote buffer overflow exploit. ]****
    ./rport/135/76.c Windows remote RPC DCOM exploit
    ./rport/135/109.c Windows RPC2 Universal Exploit (MS03-039) & Remote DoS (RPC3) */
    ./rport/143/397.c 7350owex- x86/linux WU-IMAP 2000.287(1-2) remote exploit
    ./rport/143/670.c Remote Mercury32 Imap exploit [14 types of attacks] WOW!
    ./rport/143/1124.pl IpSwitch IMAIL Server IMAPD Remote r00t Exploit by kcope
    ./rport/445/3022.txt Microsoft ASN.1 remote exploit for CVE-2005-1935
    ./rport/445/3746.txt Exploit v2 features:
    ./rport/873/398.c 7350fuqnut - rsync <= 2.5.1 remote exploit -- linux/x86 ver.
    ./rport/873/399.c 7350rsync - rsync <= 2.5.1 remote exploit - x86 ver.
    ./rport/2100/80.c Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit */
    ./rport/2947/3099.pm Msf::Exploit::gpsd_format_string;
    ./rport/3306/98.c Mysql 3.23.x/4.0.x remote exploit
    ./rport/3690/304.c subversion-1.0.2 exploit by Gyan Chawdhary ...
    ./rport/7144/1574.c GNU PeerCast <= v0.1216 Remote Exploit
    ./rport/8000/712.c SHOUTcast DNAS/Linux v1.9.4 format string remote exploit */
    ./rport/8080/3913.c webdesproxy[v0.0.1]: (cygwin) remote buffer overflow exploit. ]*
    ./rport/20031/990.c Bakbone Netvault heap overflow exploit.
    ./platforms/aix/local/699.c exploit for /usr/bin/paginit
    ./platforms/asp/remote/3493.txt Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit
    ./platforms/asp/remote/1759.txt 6.00 SQL Injection / Exploit by tracewar(tracewar@gmail.com)
    ./platforms/asp/remote/3046.txt FileUp viewsrc.asp remote script source disclosure exploit
    ./platforms/cgi/remote/464.txt demonstration exploit URLs are provided:
    ./platforms/cgi/remote/1039.pl This exploit uses a backdoor that isn't located on this server.
    ./platforms/bsd/local/396.c 7350-crocodile - x86/OpenBSD ftp exploit
    ./platforms/bsd/local/202.sh BSDi 3.0 / 4.0 rcvtty[mh] Local Exploit
    ./platforms/bsd/local/3578.c ejecsploit.c - local root exploit for bsd's eject.c
    ./platforms/bsd/remote/409.c 7350854 - x86/bsd telnetd remote root exploit
    ./platforms/osX/local/896.c MacOS X[CF_CHARSET_PATH]: local root exploit. ]*********
    ./platforms/osX/local/1186.c Adobe Version Cue VCNative[OSX]: local root exploit. (dyld) ]
    ./platforms/osX/local/3985.txt OS X <= 10.4.8 pppd Plugin Loading Privilege Escalation Exploit
    ./platforms/php/local/2554.php for use old cpanel exploit ( http://www.milw0rm.com/exploits/2466 ) you need have
    ./platforms/php/remote/2159.pl Title: PHPMyRing's (view_com.php) Remote SQL injection Exploit
    ./platforms/php/remote/2197.pl Woltlab Burning Board <= 2.3.5 (links.php) SQL Injection Exploit (2)
    ./platforms/php/remote/2253.pl Phaos <= 0.9.2 basename() Remote Command Execution Exploit
    ./platforms/php/remote/2397.py MyReview 1.9.4 SQL Injection exploit
    ./platforms/php/remote/3435.txt netForo 0.1g(file_to_download)Remote File Disclosure Exploit
    ./platforms/php/remote/2919.pl mx_act (mxBB Games Module) --Remote File Inclusion Exploit
    ./platforms/php/remote/3501.txt PHP DB Designer <= 1.02 Remote File Include Exploit
    ./platforms/php/remote/3503.txt MPM Chat 2.5 (view.php logi) Local File Include Exploit
    ./platforms/php/remote/3454.pl Module phgstats 0.5 (phgdir) Remote File Include Exploit
    ./platforms/php/remote/3538.txt <= 1.1.2 Remote SQL Injection Exploit
    ./platforms/php/remote/1011.php Maxwebportal <= 1.36 password.asp Change Password Exploit (2 - php)
    ./platforms/php/remote/1012.txt Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html)
    ./platforms/php/remote/436.txt demonstration exploit HTTP form is provided:
    ./platforms/php/remote/4550.pl BBsProcesS Remote Blind SQL Injection Exploit
    ./platforms/php/remote/1762.php ISPConfig <= 2.2.2 (session.inc.php) Remote File Inclusion Exploit
    ./platforms/php/remote/2352.txt WebSPELL <= 4.01.01 Accessible Database Backup Download Exploit
    ./platforms/php/remote/4276.txt Exploit Name: Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability
    ./platforms/php/remote/2568.txt # WebSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit
    ./platforms/php/remote/4510.txt <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector
    ./platforms/php/remote/2666.txt MP3 Streaming DownSampler for PHP v3.0 (fullpath) Remote File Include Exploit
    ./platforms/php/remote/818.txt Exploit:
    ./platforms/php/remote/4586.txt v1.0 Shell Upload Exploit
    ./platforms/php/remote/4587.txt vuln.: miniBB 2.1 (table) Remote SQL Injection Exploit
    ./platforms/php/remote/1740.pl The different versions from 2.3.8, are also remotely exploitable.
    ./platforms/sco/local/1402.c SCO Openserver 5.0.7 termsh exploit
    ./platforms/sco/local/1534.c SCO Unixware 7.1.3 ptrace local root exploit
    ./platforms/irix/local/336.c /bin/login exploit by DCRH 24/5/97
    ./platforms/irix/local/337.c /usr/sbin/iwsh.c exploit by DCRH 27/5/97
    ./platforms/hp-ux/dos/212.c theoretical exploit for hpux ftpd vulnerability */
    ./platforms/hp-ux/local/2633.c HP-UX swpackage buffer overflow exploit
    ./platforms/hp-ux/local/2634.c HP-UX swmodify buffer overflow exploit
    ./platforms/hp-ux/local/2635.c HP-UX swask format string local root exploit
    ./platforms/hp-ux/local/2636.c HP-UX libc timezone environment overflow exploit
    ./platforms/linux/local/71.c 0x333xgalaga => XGalaga 2.0.34 local game exploit (Red Hat 9.0)
    ./platforms/linux/local/104.c 0x333hztty => hztty 2.0 local root exploit
    ./platforms/linux/local/120.c TerminatorX V. <= 3.81 local root exploit by Li0n7
    ./platforms/linux/local/12.sh Linux Kernel < 2.4.20 Module Loader Local Root Exploit
    ./platforms/linux/local/140.c 0x333xsok (2) => xsok 1.02 local game exploit
    ./platforms/linux/local/325.c linux_lpr_exploit.c ----------
    ./platforms/linux/local/374.c Begin Code: sox-exploiter.c ---------------------------------
    
    ./platforms/linux/remote/3821.c 3proxy[v0.5.3g]: (linux) ......
    BackTrack milw0rm #

  5. #5
    Just burned his ISO Neo23x0's Avatar
    Join Date
    Feb 2006
    Posts
    20

    Default

    That works, right.
    Try to grep for "windows" or better example "cisco" before the update i had some results for cisco. After the update - none.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    write out your exact grep command because when I grep windows I get every thing but cisco I only get one entry. Lets see if we are on the same page.

  7. #7
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    3

    Default

    Quote Originally Posted by Neo23x0 View Post
    This script creates a erroneous sploitlist.txt file.
    Why? I noticed that it greps for some header-lines of each file to create the sploitlist.txt.
    I placed a sploitlist-bt.txt file in the archive which won't be overwritten by the update script. So use the update script and the file sploitlist-bt.txt instead of sploitlist.txt for grepping and you should be good to go.

    /str0ke

  8. #8
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Milw0rm CVS

    Thanks everyone,

    The Milw0rm exploit archive is going to have a CVS repository, so all the update scripts that exist now are irrelevant.
    Hang in there until BT3!

    Muts

  9. #9
    Just burned his ISO Neo23x0's Avatar
    Join Date
    Feb 2006
    Posts
    20

    Default

    Code:
    bt exploits # ./update-milw0rm
    
    100%[===========================================================>] 4,366,022     64.77K/s    ETA 00:00
    
    19:58:24 (64.36 KB/s) - `milw0rm.tar.bz2' saved [4366022/4366022]
    
    Extracting Archive
    Generating Exploit List, please wait
    Done!
    You can "cat sploitlist.txt |grep -i exploit"
    bt exploits # cd milw0rm/
    bt milw0rm # cat sploi
    sploitlist-bt.txt  sploitlist.txt
    bt milw0rm # cat sploitlist.txt | grep cisco
    bt milw0rm # cat sploitlist.txt | grep windows
    
    ....(a lot of lines like these) ...
    ./milw0rm/platforms/windows/local/4302.php <?php
    ./milw0rm/platforms/windows/local/4303.php <?php
    ./milw0rm/platforms/windows/local/4311.php <?php
    ./milw0rm/platforms/windows/local/4314.php <?php
    ./milw0rm/platforms/windows/local/4325.php <?php
    ./milw0rm/platforms/windows/local/4345.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./milw0rm/platforms/windows/local/4354.py DJ 5.0 Local Buffer OverFlow
    ./milw0rm/platforms/windows/local/4355.php <?php
    ./milw0rm/platforms/windows/local/4361.pl #!/usr/bin/perl
    ./milw0rm/platforms/windows/local/4364.php <?php
    ./milw0rm/platforms/windows/local/4431.py vbexploit.py FileName.vbp
    ./milw0rm/platforms/windows/local/4517.php <?php
    ./milw0rm/platforms/windows/local/4531.py #!/usr/bin/python
    ...
    
    
    bt milw0rm # cat sploitlist.txt | grep solaris
    ./platforms/solaris/dos/235.pl -w
    ./platforms/solaris/dos/240.sh #!/bin/sh
    ./platforms/solaris/local/1073.c /*
    ./platforms/solaris/local/1074.c
    ./platforms/solaris/local/1092.c /*
    ./platforms/solaris/local/114.c #############################
    ./platforms/solaris/local/1182.c /*
    ./platforms/solaris/local/1248.pl
    ./platforms/solaris/local/1360.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/solaris/local/197.c /*
    ./platforms/solaris/local/2067.c Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure exploit
    ./platforms/solaris/local/210.c /*
    ./platforms/solaris/local/2241.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/solaris/local/2242.sh #!/bin/sh
    ./platforms/solaris/local/2330.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/solaris/local/2331.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/solaris/local/2360.c /bin /boot /dev /dump /etc /home /lib /lost+found /mnt /opt /pentest /proc /root /sbin /sys /tmp /usr /var
    ./platforms/solaris/local/247.c <stdio.h>
    ./platforms/solaris/local/250.c /*
    ./platforms/solaris/local/2543.sh #!/bin/sh
    ./platforms/solaris/local/256.c <stdio.h>
    ./platforms/solaris/local/2569.sh #!/bin/sh
    ./platforms/solaris/local/2641.sh #!/bin/sh
    
    ....

  10. #10
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    3

    Default

    Give it a try now. I have added a sploitlist-bt.txt file for grepping.

    /str0ke

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •