Archive for the ‘scripts’ Category


The ISC DHCP client ‘dhclient’ is prone to a remote code-execution vulnerability because it fails to properly escape certain shell meta-characters from DHCP server responses.

A remote attacker can exploit this issue through a rogue DHCP server.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

 

 

 

ISC DHCP ‘dhclient’ Shell Characters in Response Remote Code Execution Vulnerability

Bugtraq ID: 47176
Class: Input Validation Error
CVE: CVE-2011-0997
Remote: Yes
Local: No
Published: Apr 05 2011 12:00AM
Updated: Apr 11 2011 02:35PM
Credit: Sebastian Krahmer and Marius Tomaschewski from the SUSE Security Team
Vulnerable: Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux x86_64 -current
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
MandrakeSoft Linux Mandrake 2010.1 x86_64
MandrakeSoft Linux Mandrake 2010.1
MandrakeSoft Linux Mandrake 2010.0 x86_64
MandrakeSoft Linux Mandrake 2010.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
ISC DHCPD 4.1.1
ISC DHCPD 3.1.1
ISC DHCPD 3.0.4
ISC DHCPD 3.0.1 rc9
+ Conectiva Linux Enterprise Edition 1.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
ISC DHCPD 3.0.1 rc8
ISC DHCPD 3.0.1 rc7
– FreeBSD FreeBSD 4.5
– FreeBSD FreeBSD 4.4
– FreeBSD FreeBSD 4.3
– FreeBSD FreeBSD 4.2
– FreeBSD FreeBSD 4.1.1
ISC DHCPD 3.0.1 rc6
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
ISC DHCPD 3.0.1 rc5
ISC DHCPD 3.0.1 rc4
+ OpenPKG OpenPKG 1.0
ISC DHCPD 3.0.1 rc3
ISC DHCPD 3.0.1 rc2
ISC DHCPD 3.0.1 rc14
ISC DHCPD 3.0.1 rc13
ISC DHCPD 3.0.1 rc12
ISC DHCPD 3.0.1 rc11
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
ISC DHCPD 3.0.1 rc10
+ OpenPKG OpenPKG Current
ISC DHCPD 3.0.1 rc1
ISC DHCPD 3.0 rc4
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC DHCPD 3.0 rc12
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC DHCPD 3.0 pl2
ISC DHCPD 3.0 pl1
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Slackware Linux 8.1
ISC DHCPD 3.0 b2pl9
+ MandrakeSoft Linux Mandrake 7.2
ISC DHCPD 3.0 b2pl23
+ MandrakeSoft Single Network Firewall 7.2
ISC DHCPD 3.0
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Multi Network Firewall 2.0
– S.u.S.E. Linux 8.0
– S.u.S.E. Linux 7.3
– S.u.S.E. Linux 7.2
– S.u.S.E. Linux Connectivity Server
– S.u.S.E. Linux Database Server 0
– S.u.S.E. Linux Enterprise Server for S/390
– S.u.S.E. SuSE eMail Server III
– S.u.S.E. SUSE Linux Enterprise Server 7
ISC DHCPD 4.1.1-P1
ISC DHCPD 4.1
ISC DHCPD 4.0.2-P1
ISC DHCPD 4.0.1p1
ISC DHCPD 4.0
ISC DHCPD 3.0.5b1
ISC DHCPD 3.0.2rc1
ISC DHCP Client 3.0 b1pl17
ISC DHCP Client 3.0 b1pl14
ISC DHCP Client 3.0 b1
ISC DHCP Client 4.1.1-P1
ISC DHCP Client 4.1.0p1
ISC DHCP Client 4.1
ISC DHCP Client 4.0.2-P1
ISC DHCP Client 4.0.1p1
ISC DHCP Client 4.0
ISC DHCP Client 3.1.2p1
ISC DHCP Client 3.0
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Not Vulnerable: ISC DHCPD 4.2.1-P1
ISC DHCPD 4.1-ESV-R2
ISC DHCPD 3.1-ESV-R1
ISC DHCP Client 4.2.1-P1
ISC DHCP Client 4.1-ESV-R2
ISC DHCP Client 3.1-ESV-R1

Remote Exploits
Date D A V Description Plat. Author
2011-01-19 Exploit Code Downloads – Verified Novell iPrint <= 5.52 ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256) 85 windows Dr_IDE
2011-01-14 Exploit Code Downloads – Waiting verification Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution 207 windows Sean de Regge
2011-01-12 Exploit Code Downloads – Verified MS11-002: Microsoft Data Access Components Vulnerability 285 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads – Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 338 windows Nephi Johnson
2011-01-09 Exploit Code Downloads – Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 466 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 426 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 634 windows rgod
Local Exploits
Date D A V Description Plat. Author
2011-01-19 Exploit Code Downloads Download Vulnerable Application Waiting verification ALZip 8.12.0.3 Buffer Overflow (SEH) 116 windows C4SS!0 G0M3S
2011-01-18 Exploit Code Downloads Download Vulnerable Application Verified A-PDF All to MP3 Converter 2.0.0 (.wav) Buffer Overflow Exploit 81 windows h1ch4m
2011-01-15 Exploit Code Downloads Download Vulnerable Application Verified eXtremeMP3 Player Buffer Overflow (SEH) 135 windows C4SS!0 G0M3S
2011-01-13 Exploit Code Downloads – Verified MS10-073: Win32k Keyboard Layout Vulnerability 321 windows Ruben Santamarta
2011-01-11 Exploit Code Downloads – Verified Nokia Multimedia Player 1.0 SEH Unicode Exploit 176 windows Carlos Mario Pena.
2011-01-11 Exploit Code Downloads – Waiting verification Mono/Moonlight Generic Type Argument Local Privilege Escalation 153 linux Chris Howie
2011-01-11 Exploit Code Downloads – Waiting verification DriveCrypt <= 5.3 Local Kernel ring0 SYSTEM Exploit 168 windows mu-b
Web Applications
Date D A V Description Plat. Author
2011-01-20 Exploit Code Downloads – Verified PHP Lowbids viewfaqs.php Blind SQL Injection Vulnerability 68 php BorN To K!LL
2011-01-20 Exploit Code Downloads – Verified Phpcms 2008 SQL Injection Vulnerability 100 php R3d-D3v!L
2011-01-19 Exploit Code Downloads – Verified PHP auctions (viewfaqs.php) Blind SQL Injection Vulnerability 92 php BorN To K!LL
2011-01-19 Exploit Code Downloads Download Vulnerable Application Waiting verification Simploo CMS 1.7.1 PHP Code Execution 78 php David Vieira-Kurz
2011-01-18 Exploit Code Downloads Download Vulnerable Application Waiting verification N-13 News 3.4 Remote Admin Add CSRF Exploit 67 php anT!-Tr0J4n
2011-01-18 Exploit Code Downloads Download Vulnerable Application Waiting verification CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability 92 php felix
2011-01-18 Exploit Code Downloads – Verified allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability 99 php Salvatore Fresta
DoS/PoC
Date D A V Description Plat. Author
2011-01-21 Exploit Code Downloads – Verified Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption 13 windows Luigi Auriemma
2011-01-21 Exploit Code Downloads – Waiting verification Panda Global Protection 2010 local Dos 15 windows Heurs
2011-01-21 Exploit Code Downloads – Waiting verification Panda Global Protection 2010 local Dos (unfiltered wcscpy()) 10 windows Heurs
2011-01-21 Exploit Code Downloads Download Vulnerable Application Waiting verification Look n stop 0day Local Dos 12 windows Heurs
2011-01-18 Exploit Code Downloads – Waiting verification Google Chrome v8.0.552.237 address overflow DoS 85 windows Vuk Ivanovic
2011-01-16 Exploit Code Downloads – Verified ActiveX UserManager 2.03 Buffer Overflow 101 windows Blake
2011-01-16 Exploit Code Downloads – Waiting verification Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode DoS Exploit 74 windows MJ0011
Shellcode
Date D Description Plat. Author
2011-01-21 Exploit Code Downloads BSD x86 portbind + fork shellcode (111 bytes) 6 bsd/x86 Tosh
2011-01-21 Exploit Code Downloads BSD x86 connect back Shellcode (81 bytes) 11 bsd/x86 Tosh
2010-12-31 Exploit Code Downloads w32-speaking-shellcode 627 windows SkyLined
2010-12-09 Exploit Code Downloads Create a New User with UID 0 – ARM (Meta) 1815 arm Jonathan Salwan
2010-11-25 Exploit Code Downloads OSX/Intel – setuid shell x86_64 – 51 bytes 1892 osX Dustin Schultz
2010-11-25 Exploit Code Downloads Linux/ARM – add root user with password – 151 bytes 2431 arm Jonathan Salwan
2010-10-26 Exploit Code Downloads ARM ifconfig eth0 and Assign Address 2551 arm Daniel Godas-Lope.
Papers
Date D Description Author
2011-01-17 Exploit Code Downloads The Abuse of ASSOC Explained Mi4night
2011-01-17 Exploit Code Downloads Web Application Vulnerabilities in Context of Browser Extensions Taras Ivashchenko
2011-01-14 Exploit Code Downloads Session Hijacking Basic Filipe Barros
2011-01-12 Exploit Code Downloads Exploiting the otherwise non-exploitable Matthew Jurczyk a.
2011-01-12 Exploit Code Downloads Heap Overflow For Humans – 101 mr_me
2011-01-12 Exploit Code Downloads Go Null Yourself E-Zine #3 storm
2011-01-12 Exploit Code Downloads Go Null Yourself E-Zine #2 storm Wired4Geeks


Date D A V Description Plat. Author
2011-01-14 Exploit Code Downloads Waiting verification Real Networks RealPlayer SP ‘RecordClip’ Method Remote Code Execution 106 windows Sean de Regge
2011-01-12 Exploit Code Downloads Verified MS11-002: Microsoft Data Access Components Vulnerability 181 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 243 windows Nephi Johnson
2011-01-09 Exploit Code Downloads Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 389 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 354 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 571 windows rgod
2010-12-30 Exploit Code Downloads Waiting verification CA ARCserve D2D r15 Web Service Servlet Code Execution 384 windows rgod
2010-12-30 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server Arbitrary (src .php) File Download 420 windows Pr0T3cT10n
2010-12-30 Exploit Code Downloads Download Vulnerable Application Waiting verification Chilkat Software FTP2 ActiveX Component Remote Code Execution 298 windows rgod
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server 1.9.1 Directory Traversal 336 windows John Leitch
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified httpdASM 0.92 Directory Traversal 234 windows John Leitch
2010-12-29 Exploit Code Downloads Verified DD-WRT Information Disclosure Vulnerability 384 hardware Craig Heffner
2010-12-26 Exploit Code Downloads Download Vulnerable Application Verified Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD) 1591 windows TheLeader
2010-12-22 Exploit Code Downloads Download Vulnerable Application Verified WMITools ActiveX Remote Command Execution Exploit 0day 1418 windows WooYun
2010-12-22 Exploit Code Downloads Verified Citrix Access Gateway Command Injection Vulnerability 1120 linux George D. Gal
2010-12-21 Exploit Code Downloads Waiting verification Ecava IntegraXor 3.6.4000.0 Directory Traversal 444 windows Luigi Auriemma
2010-12-15 Exploit Code Downloads Verified Internet Explorer 8 CSS Parser Exploit 4036 windows Nephi Johnson
2010-12-14 Exploit Code Downloads Verified Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll) 0-day 888 windows Dr_IDE
2010-12-11 Exploit Code Downloads Verified Exim 4.63 Remote Root Exploit 2997 linux Kingcope
2010-12-10 Exploit Code Downloads Verified LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD 1278 freebsd Kingcope
2010-12-09 Exploit Code Downloads Waiting verification VMware Tools update OS Command Injection 1587 multiple Nahuel Grisolia
2010-12-05 Exploit Code Downloads Download Vulnerable Application Verified Freefloat FTP Server Buffer Overflow Vulnerability 0day 1722 windows 0v3r
2010-12-03 Exploit Code Downloads Verified Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow 876 windows Dr_IDE
2010-12-03 Exploit Code Downloads Verified iFTPStorage for iPhone / iPod touch <= 1.3 – Directory Traversal 892 hardware XEL
2010-12-02 Exploit Code Downloads Download Vulnerable Application Verified ProFTPD 1.3.3c compromised source remote root Trojan 2727 linux anonymous

well to all of u wanting to view the IP address of someone ur chatting with, here is what to do. If u have any problems just ask i will find a way 2 solve it for u.

“We scan the ports where most hacking activities or unauthorized access might take place. We also do regular network monitoring to look for any suspicious activity. We are not perfect at it, but we are like a credit card company looking for some suspicious activity on the network.”

IP catcher script : Steal Someone’s IP Address !

Here is next worth for my Visitors. Most of you may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. Finding out someone’s IP address is like finding their phone number, an IP address can be used to find the general location where that person lives. Now while most of the tutorials on the net teach you how to steal an ip address via MSN, or any other chat software, in this post I’ll show you how to find IP address of someones computer using script. Using this method for hacking someones ip adress is very easy and effectively, so just follow the steps bellow.

NOTE: This tutorial is for educational purposes only, I am NOT responsible in any way for how this information is used, use it at your own risk.

How to Hack Someones IP Address ?

Alright, I’m gonna give you this script. Register a Free hosting at Byethost.com and follow the steps.

get.php :

$file = “ips.txt”;
$f=fopen($file, ‘a’);
fwrite($f,$_SERVER[‘REMOTE_ADDR’].”\n”);
fclose($f);
?>

File not found

1.) First of all you need to make a new .txt document on the website you’re uploading this to. Name it ips.txt (You can change that in the script aswell where it says $file = ‘ips.txt’; in the second line. Then change the CHMOD to 777.

2.) Now you need to past the script above in to a get.php document, and upload it.

3.) Now you make people visit your site, and they will see only ” File Not Found ” !

4.) To view the IP, you simply add “/ips.txt” after your domain, and you’ll see the IP.