Re: Snort Back Orifice Preprocessor Exploit (Win32 targets)

[rd <rd () thc org>]

Kira wrote:
> Dear All
>
> I wrote Snort Back Orifice Preprocessor Exploit for Win32 targets. It's
> for educational purpose only.
> This exploit was tested on
>
> - Snort 2.4.2 Binary + Windows XP Professional SP1
> - Snort 2.4.2 Binary + Windows XP Professional SP2
> - Snort 2.4.2 Binary + Windows Server 2003 SP1
> - Snort 2.4.2 Binary + Windows Server 2000 SP0
> - Snort 2.4.2 Bianry + Windows 2000 Professional SP0
>
> Note 01: This exploit was written in form of MetaSploit module, so you
> need metasploit to launch it.
> Note 02: The exploit's quite reliable, but if it doesn't work on your
> machine, try to find address of 'jmp esp' instruction and replace it to
> the old return address.

hi,

Just a note that the THCsnortbo.c exploit is not Linux specific exploit
as some people thought. It can be use to exploit snort for x86 *BSD,
Windows aswell without any problem (of course exploitation technique and
how to get offset are different, depends on OS and the generated binary
by compiler). What you need is to add shellcodes, know how to get
offsets and few minor changes in some cases.

cheers,

--rd

p/s: pls dont email me to ask for more targets. tired to delete such
emails. i'm not feeding kiddies -.-
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/