Full Disclosure mailing list archives
0day remote root BNC exploit
From: poofie () gmx net
Date: Wed, 4 Dec 2002 01:44:57 +0100 (MET)
This is in response to: http://www.fatelabs.com/advisories/shoutcast-advisory.txt _____________________________________________________________________ FaKe Research Laboratories Security Advisory Package: BNC Vendor Web Site: http://gotbnc.com/ Versions: < = Latest (v2.8.4) Platforms: Lots of them Advisory Title: Plaintext BNC Authentication Passwords Advisory ID: F8K20020918:BNC Issue Date: Wed Sep 18 12:34:56 PST 2002 File(s): bnc.conf Local: Yes Remote: No Fix Available: Yes Vendor Contacted: No Researcher: poofie <poofie () fakelabs com> FaKe Web Site: http://www.fakelabs.com ( NOT ORG! ) _____________________________________________________________________ 1. Overview The password is stored in plaintext in the configuration allowing hackers to use the BNC for their illegal activities. This could mean the end of IRC as we know it. Please do not use this exploit for fun or profit. 2. Exploit Here is the 0day exploit from FaKelabs because we have the best exploit collection ever. #!/bin/sh # # PRIVATE FAKELABS EXPLOIT 0DAY HACKER EXPLOIT # BNC password stealing exploit by poofie () fakelabs com # printf "Where do you want to steal the password from? " READ file echo "Stealing the password hahahahahaha" grep 'S:' $file 3. Impact IRC will cease to exist. 4. Greetz Loki - Supreme magistrate CEO flash hacker master ph33r - Previous research on plaintext password methods PhantomOfTheRouter - Blacker than Jesse Jackson crack smoking MSN hack3r hack3r.com - I learned everything from you guys, THANKS |SaMaN| - http://online.securityfocus.com/archive/1/290114/2002-09-01/2002-09-07/0 Contributing useful information. Coder of the http://blackcode.tr.cx hacker team. ushi - Lesbian hacker slut (c) Copyright 1981-2002 FaKe Research Labs. All Copyrights Reserved. Web: http://www.fakelabs.com -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 0day remote root BNC exploit poofie (Dec 03)