cyrixx
Jan 30 2004, 01:13 PM
CODE /*
nolimit
Jan 30 2004, 06:50 PM
lots of compile errors, don't have time atm to go through atm, if someone else does.
x1`
Jan 30 2004, 06:57 PM
port 80 then ?
nolimit
Jan 30 2004, 07:08 PM
depends on the HTTP server , but of course most are port 80, so yes.
fre4k
Jan 30 2004, 08:14 PM
are they any vuln scanner for it
*sry for my bad english*
-fre4k
mortello
Jan 30 2004, 09:04 PM
Damn guys, this just got out of nowhere and you already ask for what port to scan (this is a bit stupid of a question) and that other guy asks for the scanner....not everything falls off trees....just relax and wait if you don't know how to compile....
x1`
Jan 30 2004, 09:06 PM
i cant compile it
what compiler to use?
fre4k
Jan 30 2004, 09:22 PM
hey can compile this one! anybody need?
x1`
Jan 30 2004, 09:29 PM
yep i do can u post it in downloads section , and proabably other people need it
fre4k
Jan 30 2004, 09:40 PM
Here it is
www.wordi.de/Download/crec.rar have fun ^^
-fre4k
PLZ notice if this works ^^ THX
x1`
Jan 30 2004, 09:49 PM
that link dosent work please fix or just attact the file to downloads section
fre4k
Jan 30 2004, 09:53 PM
copy This:
www.wordi.de/Download/crec.rar
in your i-net-explorer and it works ^^ ka why?!
x1`
Jan 30 2004, 09:58 PM
oh sorry about that my mistake thx for the compiled version
nolimit
Jan 30 2004, 10:02 PM
CODE °╔▐┌╧▐δ╔╘╪▐╚╚·╗ⁿ╫╘┘┌╫·╫╫╘╪╗╠╚ëΣêë╗∞Φ·Φ╧┌╔╧╬╦╗∞Φ·Φ╘╪╨▐╧·╗┘╥╒▀╗╫╥╚╧▐╒╗┌╪╪▐╦╧╗╣╗T½╗
phaeton
Jan 30 2004, 10:13 PM
yep, the app worx, just trying to scan for links go getcheck.exe (if thats the name of the default service) but can't find any yet.
vnet576
Jan 30 2004, 10:21 PM
Be careful with this one people..cybercheck is used mainly by banks, I don't think I have to mention how dangerous that could be.
oxydrine
Jan 30 2004, 10:58 PM
??
this link is good but dont click on it, juste use the url
XtrA
Jan 30 2004, 11:07 PM
what should i scan?
clubfed
Jan 30 2004, 11:27 PM
heh i visited dozens of sites that allegedly use this and only 1 in 10 were even running on win32 (most were linux) and of those none had the vulnerable exe cgi anywhere. i couldn't find a vulnerable site or even a site that has this cgi after an hour of searching, so fvck it
if anyone else figures it out... though i'm sure its too late now, please post. thanks. i am simply curious to see if it was even a real bug.
phaeton
Jan 30 2004, 11:35 PM
Yeah, I would not touch this sploit myself, its too close to banks, and I'm sure they watch their boxes closely. Nonetheless, thanks for the post.
jimmy
Jan 31 2004, 01:17 AM
maybe it would better work with more targets
I'll see if I can compile and than look for more offsets.
compiles without any probs, just wondering now which offsets it uses. don't see that in description
SyN/AcK
Jan 31 2004, 03:17 AM
Thanks alot and nice work!
cyrixx
Jan 31 2004, 03:50 AM
compiles nice with linux...
ohhhh, emmmm, here's the sploit for linux:
CODE /*
clubfed
Jan 31 2004, 09:07 AM
just to clarify, that's not the exploit "for linux" but rather, one that compiles on linux. still the only published exploits are for the win32 exe cgi, which doesn't seem to exist anywhere in the wild. i happily challenge everyone/anyone to point out even one site that has this cgi on it. :)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here .
what compiler to use?
if anyone else figures it out... though i'm sure its too late now, please post. thanks. i am simply curious to see if it was even a real bug.
