hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Apache/1.3.27
GovernmentSecurity.org > System Security > Linux & Unix Systems
Acid_Attack
Sep 25 2003, 08:53 PM
Is there any win32/linux exploit for Apache/1.3.27 ?
Certox
Sep 25 2003, 09:18 PM
yep, here is one:

D:\tools>apache -h
Apache + mod_mylo remote exploit
By Carl Livitt (carllivitt at hush dot com)

Arguments:
-t target Attack 'target' host
-T platform Use parameters for target 'platform'
-h This help.

Available platforms:
0. SuSE 8.1, Apache 1.3.27 (installed from source) (default)
1. RedHat 7.2, Apache 1.3.20 (installed from RPM)
2. RedHat 7.3, Apache 1.3.23 (installed from RPM)
3. FreeBSD 4.8, Apache 1.3.27 (from Ports)

So to use:

C:\apache -t 44.44.44.44 <-- this will exploit SuSE 1.3.27

C:\apache -T1 4.4.4.4 <--- exploit RedHat 7.2

Just use -T# for the type u want to expliot

Simple smile.gif

Enjoy,
Certox cool.gif
Acid_Attack
Sep 25 2003, 10:47 PM
Thanks alot!
I will try it out smile.gif
Filou
Sep 25 2003, 10:57 PM
Thanks .. Will check it out too ..

gR33tz Filou
Certox
Sep 25 2003, 11:24 PM
unsure.gif Sorry about the double post unsure.gif

*Jumps off bridge*
atrhacker
Sep 26 2003, 03:05 PM
it 's a local xploit ?
thatsmej
Sep 26 2003, 05:06 PM
QUOTE (atrhacker @ Sep 26 2003, 03:05 PM)
it 's a local xploit ?

QUOTE

D:\tools>apache -h
Apache + mod_mylo remote exploit


READ

Barvaz88
Sep 27 2003, 12:50 PM
Certox We need cygwin1.dll too wink.gif
enlightnr
Sep 27 2003, 04:11 PM
Looks nice, Cheers for posting it!
derquakecommander
Sep 27 2003, 04:53 PM
has anybody a commendline apache 1.3 scanner?
and not scan100 scan 500 or scan1000 because they put the ip's not realy good out biggrin.gif
i had made a Apache Autohacker but i need a good scanner
0xc0000005
Sep 28 2003, 04:33 PM
a Scanner 4 wich OS ?

Linux (or *nix)
or
Win32?

I think you are 1 of 100000 Win32 users so, NO !
GhostCow
Sep 28 2003, 05:01 PM
i got linux... can you post a decent scanner please? blink.gif
derquakecommander
Sep 28 2003, 05:52 PM
QUOTE (0xc0000005 @ Sep 28 2003, 04:33 PM)
a Scanner 4 wich OS ?

Linux (or *nix)
or
Win32?

I think you are 1 of 100000 Win32 users so, NO !

lol yes i'm 1 of 100000 Win32 users
and i'm 1 of 1000 unix users
but i don't use unix very often.
tvm
Sep 30 2003, 12:18 AM
QUOTE

and not scan100 scan 500 or scan1000 because they put the ip's not realy good out


?¿?¿?¿?¿?¿?¿?¿?¿?¿?¿ blink.gif
JDog45
Sep 30 2003, 02:23 AM
Is there an exploit for Apache 2.* ?
vnet576
Sep 30 2003, 02:25 AM
QUOTE (tvm @ Sep 30 2003, 12:18 AM)
QUOTE

and not scan100 scan 500 or scan1000 because they put the ip's not realy good out


?¿?¿?¿?¿?¿?¿?¿?¿?¿?¿ blink.gif

rofl....my thoughts exactly blink.gif blink.gif unsure.gif unsure.gif
maxxis
Oct 4 2003, 12:12 AM
Exploit: boomerang.pl

Apache win32: 1.3.14 - 1.3.24
atrhacker
Oct 4 2003, 10:13 PM
IS there a remote exploit on apache 1.3.19 with unix machine ?

thanks
0xc0000005
Oct 5 2003, 07:51 PM
so lets ask all:

IS there a remote exploit on XXX

there is da remote exploit on YOUR BRAIN dry.gif mad.gif mad.gif mad.gif

try Google or visit some Security Sites or call 0-800-REMOTE-EXPLOIT
d4s!d
Oct 5 2003, 08:07 PM
QUOTE (0xc0000005 @ Oct 5 2003, 07:51 PM)
so lets ask all:

IS there a remote exploit on XXX

there is da remote exploit on YOUR BRAIN dry.gif mad.gif mad.gif mad.gif

try Google or visit some Security Sites or call 0-800-REMOTE-EXPLOIT

yes that's right

always the same questions mad.gif
tookie
Oct 6 2003, 12:07 AM
many thnx dude for the info , gonna check it out wink.gif
--Elite--
Oct 6 2003, 03:37 AM
May i ask u , to send me the source code ?
to compile on linux.....

thnQ
atrhacker
Oct 6 2003, 11:45 AM
QUOTE (0xc0000005 @ Oct 5 2003, 07:51 PM)
so lets ask all:

IS there a remote exploit on XXX

there is da remote exploit on YOUR BRAIN dry.gif mad.gif mad.gif mad.gif

try Google or visit some Security Sites or call 0-800-REMOTE-EXPLOIT

Im' sorry for this question ... I will not do it again wink.gif

I' m new on this forum and i don't know very well the rules .

sorry

and have a good day

Flinston
Oct 7 2003, 09:35 AM
only one little question ... what will happen if the exploit (1.3.27) gets in ?

Will it drop a system shell !? I think so ... right?
Kakarott
Dec 25 2003, 02:20 AM
hi dude's

first. thangs 4 share

i try its out

but i gonna get

C:\>apache -t 127.0.0.1
[-] Attempting attack [ SuSE 8.1, Apache 1.3.27 (installed from source) (default
) ] ...
[-] Trying 0x08117cdb ...

C:\>apache -t 127.0.0.1
[-] Attempting attack [ SuSE 8.1, Apache 1.3.27 (installed from source) (default
) ] ...
[-] Trying 0x08117d0a ...

so can anyone tell me more of it?


greetz @ll
darren
Dec 25 2003, 04:02 AM
Err nm
-=4c1d-Rain=-
Dec 25 2003, 08:41 PM
QUOTE (Kakarott @ Dec 25 2003, 02:20 AM)
hi dude's

first. thangs 4 share

i try its out

but i gonna get

C:\>apache -t 127.0.0.1
[-] Attempting attack [ SuSE 8.1, Apache 1.3.27 (installed from source) (default
) ] ...
[-] Trying 0x08117cdb ...

C:\>apache -t 127.0.0.1
[-] Attempting attack [ SuSE 8.1, Apache 1.3.27 (installed from source) (default
) ] ...
[-] Trying 0x08117d0a ...

so can anyone tell me more of it?


greetz @ll

eeehh.. 'dude' you r trying to exploit you own apache service... nothing wrong with that but, this is exploit is for a few linux distro's and you r not running linux!
GhostCow
Dec 26 2003, 12:06 AM
you must admit, the mans got a point there biggrin.gif
ecl1ptic
Dec 27 2003, 07:34 PM
umm.. dude he is running a version of linux. SuSe is a version of linux, and according to that guys post about this exploit, it is also a valid target.
ganz2
Dec 29 2003, 06:54 AM
little old...
l0wkey
Dec 29 2003, 08:58 PM
LOL the man definatly has a point
Jesus
Feb 1 2004, 05:20 AM
Hi all... I'm looking for a working 1.3.29 exploit
I tested this one and it failed.

running

Apache/1.3.29 (Unix) DAV/1.0.3 mod_auth_passthrough/1.8 mod_jk/1.2.0 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.4 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.6b
raif
Feb 1 2004, 06:26 AM
QUOTE (ecl1ptic @ Dec 27 2003, 02:34 PM)
umm.. dude he is running a version of linux. SuSe is a version of linux, and according to that guys post about this exploit, it is also a valid target.

i don't think Suse's prompt is 'C:\>' rolleyes.gif lol
LinUx-RooT
Feb 23 2004, 02:54 PM
but how can i use this is exploit smile.gif
captainil
Feb 24 2004, 03:34 AM
1.3.27 is too old :>
spyfire
Mar 25 2004, 10:39 AM
hi all, i was looking for a exploit on apache 1.3 27 from linux and i found this http://lists.netsys.com/pipermail/full-dis...une/005967.html but this is bullshit, isn't it?
LaMersSs
Mar 26 2004, 05:22 PM
try it lol
spyfire
Mar 29 2004, 07:56 AM
it crash my linux blink.gif
LittleHacker
Mar 29 2004, 07:31 PM
it's a hot topic, please continue tongue.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.