Attached is a remote root, chroot-breaking brute-force exploit for the \n
processing bug in ProFTPd 1.2.7 - 1.2.9rc2. It has been tested successfully
on SuSE 8.0/8.1 & RedHat 7.2 and 8.0.
Note: it is noisy and leaves a lot of mess (ie, bad uploaded text files) on
the target server. It is left as an excercise for the reader to remove these
or rework the exploit to do the deletion.
Attached is a remote root, chroot-breaking brute-force exploit for the \n
processing bug in ProFTPd 1.2.7 - 1.2.9rc2. It has been tested successfully
on SuSE 8.0/8.1 & RedHat 7.2 and 8.0.
Note: it is noisy and leaves a lot of mess (ie, bad uploaded text files) on
the target server. It is left as an excercise for the reader to remove these
or rework the exploit to do the deletion.
Cheers,
Haggis
[ reply ]