Penetration Testing mailing list archives
Re: How to exploit gain root of OpenSSL?
From: Manuel Arostegui Ramirez <manuel () todo-linux com>
Date: Sat, 14 Oct 2006 10:04:12 +0200
El Viernes, 13 de Octubre de 2006 17:06, 09sparky () gmail com escribió:
I am looking for a way to exploit (not dos) and gain root, if possible to an old version of OpenSSL. Nessus results are: The remote host seems to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. Does anyone have any suggestions? Thanks, sparky
If have this one: * openssl-too-open.c - OpenSSL remote exploit * Spawns a nobody/apache shell on Apache, root on other servers. openssl-too-open is a remote exploit for the KEY_ARG overflow in OpenSSL 0.9.6d and older. It will give you a remote shell with the priviledges of the server process (nobody when used against Apache, root against other servers). If you're interested, contact me off the list. Cheers -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- How to exploit gain root of OpenSSL? 09sparky (Oct 13)
- Re: How to exploit gain root of OpenSSL? gat0r (Oct 16)
- Re: How to exploit gain root of OpenSSL? Manuel Arostegui Ramirez (Oct 16)