.

Basic Exploit Helo

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Jul 27, 2009 11:08 am

Basic Exploit Helo

I know this is a basic question and I tried to find the answer in remote-exploit.org forum.

I am trying to exploit a CUPS1.1 port (printer service) and I found this site with this exploit:

http://www.securiteam.com/exploits/5ZP031F8VA.html

I really do not know what to do with this, I downloaded it and save it cups.pl and I try to run in with different way but do not work. Any suggestion please.

Thanks.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jul 27, 2009 1:35 pm

Re: Basic Exploit Helo

That's not perl code.  That's C code.  You have to compile the code in order for you to execute.  You do have permission to exploit the device, right?  I would recommend that you understand what you are doing and fully understand the exploit code before you execute it.
~~~~~~~~~~~~~~
Ketchup
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Jul 27, 2009 1:42 pm

Re: Basic Exploit Cups

I am doing the Heorot.net's training disk in a isolated network with backtrack 4 pre-final.

I have to exploit to run one for cups and one for apache 2.2.4 but they are not in Metasploit
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jul 27, 2009 3:03 pm

Re: Basic Exploit Helo

Ah, I see.  Here is how you would compile the exploit on a Linux box:

1.  Save the file from the web as cups_exploit.c
2.  gcc -o cups_exploit cups_exploit.c

Then just execute the ./cups_exploit program.

Note, I have not looked at the code, so I cannot tell you if this is a legit exploit or if it will simply frag your hard drive.
~~~~~~~~~~~~~~
Ketchup
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Jul 27, 2009 3:15 pm

Re: Basic Exploit Helo

I did:

gcc -o cups cups.c

./cups 192.168.1.101 631

and

./cups 192.168.1.101 80

And did not work, I did not get shell

I tried a DoS that I found in milw0rm.com to crash the service in port 631 and try to run cups exploit in port 80 and viceverse and did not work,

I am sure that I will get the shell in someway in the port 631.

I am trying to check also Apache 2.2.4 exploits but I only found DoS.

Do you crash some services to get access through another service, is that commond? I do not know if that works but I am trying
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jul 27, 2009 4:53 pm

Re: Basic Exploit Helo

Well, you don't appear to running the exploit correctly.   Here is the usage section from the exploit:

  Code:
void usage(char *p) {
  printf(
    "Remote CUPS exploit for 1.1.17 and earlier versions\n"
    "by sigdoom [at] bigbox.mine.nu\n"
    "Usage: %s [-t <target>, -p <port>, -o <offset>, -r <retaddr>]\n"
    "\t-t <target> - IP of target\n"
    "\t-p <port> - port where cupsd runs\n"
    "\t-o <offset> - offset for retaddr ($retaddr + $offset)\n"
    "\t-r <retaddr> - give exact retaddr\n", p);
  exit(0);


Also, are you certain the version of cups on your target box is vulnerable? 
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jul 28, 2009 12:31 am

Re: Basic Exploit Helo

As a side note I would like to recommend, to never run/ compile an third-party exploit without understanding what it actually does (even in a virtual machine this could cause damage to your host system).

If someone don't understand how to compile some piece of code and run it properly she should maybe go one step back and begin with something easier (e.g. learning programming in general).

This is not ment offensive.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Jul 28, 2009 10:12 am

Re: Basic Exploit Helo

I have the version CUPS 1.1 so has to work.

Awesec: it is true to learn moething easy but sometimes you get something that you want to try and you wonder how you can do it and this happend today, I am not worry to kill my lab I can build it back again. Fox ex. Ketchup told me that the file that I tried to work is a C code, so after that I went to my google friend and found out how to compile in C and works and also I tried others C exploits in my target.

I am learning a lot trying to brake this host and also I already added other skill to my list to learn that is C and pearl.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jul 29, 2009 12:42 am

Re: Basic Exploit Helo

As I said it was not ment offensive and not addressed directly to you but should be an advice in general. ;)

Do you get any (error) messages when launching the exploit? You could implement e.g. messageboxes to see how far the exploit gets.

impelse wrote:[...]
Do you crash some services to get access through another service, is that commond? I do not know if that works but I am trying


Depending on the circumstances it could be possible to get access through one service when crashing another one. But often the goal is not to crash anything as this would raise noise and suspicion.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software