Nginx 1.3.9/1.4.0 x86 Remote Exploit

Leave a Comment


Nginx 1.3.9/1.4.0 x86 Remote Exploit – this exploit is unlikely to succeed when used against remote internet hosts. the reason is that nginx uses a non-blocking read() at the remote connection, this makes exploitation of targets on the internet highly unreliable.
(it has been tested against a testbed on the internet but I couldn’t exploit any other box with it. required was the above ifconfig setting on the client. maybe enabling large tcp frame support on a gigabit connection is more useful so use it inside intranets only (duh!), this remains a PoC for now :D The exploit does not break stack cookies but makes use of a reliable method to retrieve all needed offsets for Linux x86 and pop a shell.


PoC :


downloadz

Perl Exploit Script ( ngxunlock.pl ) :


downloadz

Credits Goes to Kingcope

0 comments:

Post a Comment