Vulnerability Development mailing list archives
Re: Apache Exploit
From: Randy Taylor <rtaylor () enterasys com>
Date: Mon, 24 Jun 2002 10:39:12 -0400
At 04:45 PM 6/22/2002 +0200, T0aD wrote:
On Fri, 21 Jun 2002 23:57:41 -0400 (EDT) David Bernick <bernz () alpha bernztech org> wrote:> > In one case (the RH box), it looked like a TCP lockup condition. The thing> > just stopped responding to outside stimuli, and right after that, inputs> > via the local keyboard stopped as well. I haven't had time to dig into it> > further. > > I've tested the Gobbles 'sploit against the following machines/platforms: > 1. RH Linux 6.1 w Apache 1.2.x PIII 512MB > 2. RH Linux 7.2 w Apache 1.3.24 PIII 512MB > 3. RH Linux 7.2 w/Tux Webserver PII 128MB > 4. RH Linux 7.2 w Apache 1.3.26 DualPIII 1GB > 5. RH Liunx 6.1 w Apache 1.3.14 on an Alpha processor 512MB
<snip>
You think thats a linux shellcode you're using ?! -- toad
No, T0aD, it wasn't Linux shellcode - that was the point. After cracking the OBSD2.9 box, which wasn't on the target list, I decided to tap into part of the true spirit of the GOBBLES crew and ignore all instructions thereafter. So what happens when you throw GOBBLES OBSD apache-scalp at a FreeBSD box? A RH Linux box? Fred the W0nd3r Rabbit? (Fred didn't go foom! Everything else did.) My comprehension of instructions is notoriously bad. My foothold in this reality flickers like a bad florescent tube in a really dark room. My grip on sanity is tenuous at best - after all, look at who I work for! Randy Taylor Enterasys Networks R&D Dragon Team ----- "How would you know I'm mad?" said Alice. "You must be", said the Cat, "or you wouldn't have come here." -- Lewis Carroll Alice's Adventures In Wonderland 1864
Current thread:
- Apache Exploit Stefan Esser (Jun 20)
- Re: Apache Exploit Blue Boar (Jun 20)
- Re: Apache Exploit Randy Taylor (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 20)
- Message not available
- Re: Apache Exploit Randy Taylor (Jun 21)
- Re: Apache Exploit David Bernick (Jun 21)
- Re: Apache Exploit T0aD (Jun 22)
- Re: Apache Exploit Alex Balayan (Jun 23)
- Re: Apache Exploit Randy Taylor (Jun 24)
- Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit Randy Taylor (Jun 20)
- Re: Apache Exploit Blue Boar (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 20)
- Re[2]: Apache Exploit dullien (Jun 20)
- Re[2]: Apache Exploit Michal Zalewski (Jun 20)
- Re: Apache Exploit Jefferson Ogata (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 21)
- Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 21)