Hi folks, exist some fake stuff related to bind8 in scene. No real stuff confirmed yet. See above (it is a edit vesion of bind8.2.3-slack.c exploit): * Unreleased 0date:09.11.02 fsck -f 0x01,0x0b * Discovered and exploited by Solar Eclipse * Remote Exploit for for bind.8.x * usage: ./exp -t[type] -s[shellcode] -t[offset] h[hostname] * example: ./exp -t 1 remotehost bind8.2.3-slack.c HEADER: /* * Copyright (c) 2001 - Security.is * * * Discovered and exploited by portal and tf8 of security chan, April 2001 * Remote Exploit for Slackware 7.x, for bind.8.2.3-REL * usage: ./exp -t[type] -s[shellcode] -t[offset] -h[hostname] * example: ./exp -t 1 remotehost Regards... Nilton Gomes Bompreço System Administrator H2G-Labs Security Services -- Mensagem original -- >I take it everyone has seen the latest advisory from ISC? > >Anyone got a idea exactly where the problem is, or got an exploit? > >ISC do say that an exploit isn't available, but it's been a few hours >since then :-) > > >Dom >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Dom De Vitto Tel. 07855 805 271 >http://www.devitto.com mailto:domat_private >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > > > >-----Original Message----- >From: Fyodor [mailto:fyodorat_private] >Sent: Monday, November 04, 2002 6:08 PM >To: Frank Knobbe >Cc: Michael Katz; vuln-devat_private; d_fenceat_private >Subject: Re: Firewall bypassing tool > > >On Sun, Nov 03, 2002 at 05:02:49PM -0600, Frank Knobbe wrote: >> On Fri, 2002-11-01 at 13:38, Michael Katz wrote: >> > At 11/1/2002 03:28 AM, d_fence wrote: >> > >> > One of the options for scanning is -sF, which will send SYN-FIN >> > packets. You can also use -sA, which will send SYN-ACK packets. >> >> I was about to post the same, but thought I validate first. To me it >> seemed that nmap sends a packet with the FIN flag set. I did not see >> the SYN flag set in addition to FIN, so nmap is not an answer to his >> question. > >Nmap has an undocumented --scanflags option which allows you to specify >arbitrary flags using the flag names or a number. Thus a SYN-FIN scan >can be done as follows: > >felix~#nmap -sS --scanflags SYNFIN -O db > >Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting ports >on db.yuma.net (192.168.0.4): (The 1601 ports scanned but not shown >below are in state: closed) >Port State Service >22/tcp open ssh >111/tcp open sunrpc >1024/tcp open kdm >Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 58.471 >days (since Fri Sep 6 23:45:12 2002) > >Nmap run completed -- 1 IP address (1 host up) scanned in 10.651 seconds > >Note that "-sS" causes this scan to use "SYN Scan" semantics (eg >treating SYN|ACK responses as open ports). For FIN scan semantics >(dropped packets signify open ports, RST for closed ones) just specify >"-sF" instead. > >Cheers, >Fyodor > > > ------------------------------------------ Use o melhor sistema de busca da Internet Radar UOL - http://www.radaruol.com.br
This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 16:18:34 PST