fapafap Posted January 11, 2012 Share Posted January 11, 2012 So after scanning with nexpose, we have this vuln. The exploit is: http://www.securityfocus.com/bid/47950/exploit. How do you actually use it? Its supposed to be remote, but it doesn't have any input params? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2012 Share Posted January 11, 2012 So after scanning with nexpose, we have this vuln. The exploit is: http://www.securityfocus.com/bid/47950/exploit. How do you actually use it? Its supposed to be remote, but it doesn't have any input params? Broken link. Read the code to see what it does. If you are new to exploitation and penetration testing I would suggest doing some research on the topics. Can't really jump steps from "Found this" to "Pwned". Quote Link to comment Share on other sites More sharing options...
fapafap Posted January 11, 2012 Author Share Posted January 11, 2012 (edited) damn, I think that might ruin my chances of getting an answer here, damn you for replying first! ;) (As a side note- isn't the autopwn angle where Hak5 shines the most, so why not the forum follow same basis? :() http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1938 thats another link to the vuln. And I understand how the exploit works, but it seems to me to be a local exploit...? Edited January 11, 2012 by fapafap Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2012 Share Posted January 11, 2012 Yeah i browsed over it. BTW: Read the "Impact" section ImpactCVSS Severity (version 2.0): CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) Impact Subscore: 6.4 Exploitability Subscore: 10.0 CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service Quote Link to comment Share on other sites More sharing options...
fapafap Posted January 11, 2012 Author Share Posted January 11, 2012 Yeah i browsed over it. BTW: Read the "Impact" section So what does that mean though? Network exploitable, and the impact section doesn't have a legend that explains the terms that I can see. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2012 Share Posted January 11, 2012 It means it can be exploited over the network. It could be on the local network or from across the world if the server is accessible. Quote Link to comment Share on other sites More sharing options...
digip Posted January 11, 2012 Share Posted January 11, 2012 (edited) Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938 I think what they've explained is the crash, how to trigger it manually, server side, but they state that "might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket" meaning you would probably have to work out the remote end of that exploit. Edited January 11, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2012 Share Posted January 11, 2012 Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938 Yeah I was trying to avoid that. Buffer overflows are pretty easy to create a program to exploit. But even that wont work. You need to make your own shellcode regardless lol. Quote Link to comment Share on other sites More sharing options...
fapafap Posted January 11, 2012 Author Share Posted January 11, 2012 Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938 I think what they've explained is the crash, how to trigger it manually, server side, but they state that "might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket" meaning you would probably have to work out the remote end of that exploit. Ah ok thanks, so I was on the right track then in thinking it looked like a local exploit, wish 'other' people would just spit it out :P Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 11, 2012 Share Posted January 11, 2012 Ah ok thanks, so I was on the right track then in thinking it looked like a local exploit, wish 'other' people would just spit it out :P Got to learn on your own though. Know how it works then you will be able to do all sorts of things instead of looking for the quick answer ;) Exploitation is not simple field to take on. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.