[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets)
From: Kira <trir00t@xxxxxxxxx>
Date: Tue, 1 Nov 2005 17:55:01 +0700

Dear All

I wrote Snort Back Orifice Preprocessor Exploit for Win32 targets. It's for
educational purpose only.
This exploit was tested on

- Snort 2.4.2 Binary + Windows XP Professional SP1
- Snort 2.4.2 Binary + Windows XP Professional SP2
- Snort 2.4.2 Binary + Windows Server 2003 SP1
- Snort 2.4.2 Binary + Windows Server 2000 SP0
- Snort 2.4.2 Bianry + Windows 2000 Professional SP0

Note 01: This exploit was written in form of MetaSploit module, so you need
metasploit to launch it.
Note 02: The exploit's quite reliable, but if it doesn't work on your
machine, try to find address of 'jmp esp' instruction and replace it to the
old return address.

Regards,

Kira

Attachment: snort_bo_overflow_win32.pm
Description: Binary data

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets)
  - From: rd

Prev by Date: RE: [Full-disclosure] for IE researchers, found a link crashing IE
Next by Date: [Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets)
Previous by thread: RE: [Full-disclosure] for IE researchers, found a link crashing IE
Next by thread: Re: [Full-disclosure] Snort Back Orifice Preprocessor Exploit (Win32 targets)
Index(es):
- Date
- Thread