[IPS] PUTTY SSH-Client Exploit

From: Daniel Alcántara de la Hoz (seguridadat_private)
Date: Sat Dec 28 2002 - 07:51:46 PST

Next message: Matthias Andree: "[VulnWatch] Leafnode security announcement SA:2002:01"

Previous message: phrackstaffat_private: "PHRACK #60 HAS BEEN RELEASED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------
I-PROYECTOS  Division Seguridad (Security Research)
-----------------------------------------------------------
   2003 seguridadat_private

   Proof of concept code / Exploit
-----------------------------------------------------------
 
 In December 16, 2002 Rapid 7.Inc released a security alert about
vulnerabilities in ssh2 implementations from multiple vendors. We have
used the concept to code this exploit/proof of concept.
 
 It's a fake server to exploit the putty client. To test it you need to
change the url in the shellcode; that file will be downloaded and run
on exploitation.
 
 This is intented for educational/testing purposes.
 
 -----------------------------------------------------------
Developed by:
             Rand ( jcamilleriat_private )
             Dani ( daniat_private )

application/octet-stream attachment: IP-putty.c

Next message: Matthias Andree: "[VulnWatch] Leafnode security announcement SA:2002:01"
Previous message: phrackstaffat_private: "PHRACK #60 HAS BEEN RELEASED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 28 2002 - 12:28:42 PST