> Since it's working now, and most of the exploits
> I've heard about are of the nature of someone having to >allready< have an
> account on this system, and I don't allow shells except to >very< trusted
> individuals, I feel pretty safe right now.
Do you have php installed? If you do, point your webbrowse at:
http://owned.lab6.com/~gossi/RaQ-security/exploits/bindshell.phps
I've just mocked that up. Save it to a file with a .php extension, upload
it to your raq as a standard user without telnet access, and point your
web browser at the file. It'll put a shell on port 1542 - just telnet to
your raq on that port. It puts another 'inetd' process in the process
list, and uses that to mount a shell. Quickly tested it on my raq3 and it
works. Runs with permissions of apache on the raq, so you have read/write
access to other users web dirs.
Regards,
Gossi The Xmas Dog.
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security