iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (3)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Need some help in exploiting these vulnerabilities
  • mandi
    Posts: 207
    I have found some vulnerabilities on my target machine

    I Didn't found any outdated Applications or services
    They have a linux server which is poorly configured

    they Allow "ALL" kind of icmp,dns traffic to their server,Also they have ssh enabled with poor configuration which means ,they didn't put any ip restrictions to ssh service,any one can log on as root from any where if we have the root password,..

    I don't know it id possible to gain remote access to a machine by using these "small" vulnerabilities,So decided to ask here to get some clarifications

    Is it possible to gain access on to a remote computers by injecting malicious codes or commands via icmp and dns on to the target system?


    will it work?

    if yes give me some ideas on how to utilize these vulnerabilities to their maximum potential to gain access or shell on the remote machine..


    hope i will get some help...
  • antwashere
    Posts: 3
    You could try to bruteforce the root account on SSH.
  • mandi
    Posts: 207
    no it will take years bro,I am tired of it,
    Got any other ideas?

    still looking for some more ideas...
  • Xin
    Posts: 3,251
    Post me some nmap, hping, xprobe scans so i can see in more detail, and verify with netcat to be sure.

    We need version numbers, Operating system, open ports , the lot
    Xin
  • mandi
    Posts: 207
    @xin---> sent u an pm with some details,please have a look...
  • Xin
    Posts: 3,251
    Yeah i would prefer .xml nmap scans than your own words its easier to understand for me
    Xin
  • mandi
    Posts: 207
    ok bro,i will send u an nmap scan result soon..

    and between whil i am searching on internet about this i have found this thing "arbitrary code execution"

    will this help me in accomplishing my task?
  • McKittrick
    Posts: 194
    you mentioned ICMP---does it allow for redirect? that would be a fun one to try. as far as the SSH server is concerned, if it is version 1---that has already been cracked
  • Orgy
    Posts: 40
    said:


    you mentioned ICMP---does it allow for redirect? that would be a fun one to try. as far as the SSH server is concerned, if it is version 1---that has already been cracked



    Version 1 of what? There are different SSH services out there, OpenSSH being the most popular[hr]
    said:


    @xin---> sent u an pm with some details,please have a look...



    Why PM? You'd get better results by posting them here for everyone to see, so we can all put in our thoughts
  • McKittrick
    Posts: 194
    by "which one" i am referring to VERSIOJN 1 as opposed to 2. the first used a weak pre-shared key algorithm. it was cracked a while back. that is why every security book tells you not to use version1. openSSH is just a brand of SSH, just like openSSL
  • Sh3llc0d3
    Posts: 1,910
    said:


    by "which one" i am referring to VERSIOJN 1 as opposed to 2. the first used a weak pre-shared key algorithm. it was cracked a while back. that is why every security book tells you not to use version1. openSSH is just a brand of SSH, just like openSSL



    It's v2, unfortunately.
  • McKittrick
    Posts: 194
    not sure if V2 has been cracked yet, but i swear i remember reading not that long ago that it had been. you can always hope the server has in it's configuration "force v1". i read how in the inetd config one can specify an ssh server to be forced to negotiate with VERSION 1 only
Add a Comment