The Actual method of exploitation on any other operating system besides *BSD (what is supplied with that exploit) is totally different from OS to OS. Through my own research I have noticed exploitation on linux is actually more complicated. This is why in the source they comment it took 2 months to exploit each OS, they are different methods of getting the program to run how you want. -----Original Message----- From: gotcha [mailto:gotchaat_private] Sent: Friday, August 23, 2002 9:00 AM To: Jeremy Junginger; pen-testat_private Cc: vuln-devat_private Subject: Re: Apache-Nosejob hi there i have setup a test bed with FBSD 4.5 and also tried brute forcing but came out with nothing, then i started doing an investigation on how i could use this apache-nosejob and spawn a shell on linux or solaris sparc and what i was told was that if i changed the shell code and found the ret address, i would beable to spawn a shell on the specific machine, but you guessed it nothing, i am still testing !!!! regards ----- Original Message ----- From: "Jeremy Junginger" <jjungingerat_private> To: <pen-testat_private> Cc: <vuln-devat_private> Sent: Thursday, August 22, 2002 7:38 AM Subject: Apache-Nosejob > Good Morning, > > I've got a lab set up with the following host: > > FreeBSD 4.5 > Apache 1.3.23 (downloaded from > http://packetstormsecurity.org/UNIX/admin/apache_1.3.23.tar.gz ) > > And am running the apache-nosejob script against it in order to > understand the chunked encoding vulnerability: > > http://packetstorm.decepticons.org/0206-exploits/apache-nosejob.c > > When I ran ./apache-nosejob -o f -h x.x.x.x(address of host), the script > ran for over 12 hours with no successful penetration :). I have also > tried the script with the -b 0x80a0000, -d -150, -z 36, -r 6 switches to > no avail. Perhaps you could suggest some alternate r|d|z values for the > Brute Force settings? Thanks, > > -Jeremy > >
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 11:11:07 PDT