Re: How to exploit gain root of OpenSSL?

[Manuel Arostegui Ramirez <manuel () todo-linux com>]

El Viernes, 13 de Octubre de 2006 17:06, 09sparky () gmail com escribió:
> I am looking for a way to exploit (not dos) and gain root, if possible to
> an old version of OpenSSL.  Nessus results are: The remote host seems to be
> running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
>
> Does anyone have any suggestions?
>
> Thanks,
> sparky

If have this one:
 * openssl-too-open.c - OpenSSL remote exploit
 * Spawns a nobody/apache shell on Apache, root on other servers.

openssl-too-open is a remote exploit for the KEY_ARG overflow in
OpenSSL 0.9.6d and older. It will give you a remote shell with the
priviledges of the server process (nobody when used against Apache,
root against other servers).

If you're interested, contact me off the list.
Cheers
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------