Re: Apache Exploit

[Randy Taylor <rtaylor () enterasys com>]

At 04:45 PM 6/22/2002 +0200, T0aD wrote:
> On Fri, 21 Jun 2002 23:57:41 -0400 (EDT)
> David Bernick <bernz () alpha bernztech org> wrote:
>
> > > In one case (the RH box), it looked like a TCP lockup condition. The 
> thing
> > > just stopped responding to outside stimuli, and right after that, inputs
> > > via the local keyboard stopped as well. I haven't had time to dig 
> into it
> > > further.
> >
> > I've tested the Gobbles 'sploit against the following machines/platforms:
> > 1. RH Linux 6.1 w Apache 1.2.x PIII 512MB
> > 2. RH Linux 7.2 w Apache 1.3.24 PIII 512MB
> > 3. RH Linux 7.2 w/Tux Webserver PII 128MB
> > 4. RH Linux 7.2 w Apache 1.3.26 DualPIII 1GB
> > 5. RH Liunx 6.1 w Apache 1.3.14 on an Alpha processor 512MB

<snip>

> You think thats a linux shellcode you're using ?!
>
> -- toad

No, T0aD, it wasn't Linux shellcode - that was the point.

After cracking the OBSD2.9 box, which wasn't on the target
list, I decided to tap into part of the true spirit of the GOBBLES
crew and ignore all instructions thereafter.

So what happens when you throw GOBBLES OBSD apache-scalp
at a FreeBSD box? A RH Linux box? Fred the W0nd3r Rabbit?
(Fred didn't go foom! Everything else did.)

My comprehension of instructions is notoriously bad. My foothold
in this reality flickers like a bad florescent tube in a really dark
room. My grip on sanity is tenuous at best - after all, look at who
I work for!

Randy Taylor
Enterasys Networks
R&D
Dragon Team

-----
"How would you know I'm mad?" said Alice.
"You must be", said the Cat, "or you wouldn't have come here."
-- Lewis Carroll Alice's Adventures In Wonderland 1864