"BSD - 'TelnetD' Remote Command Execution (2)"

Author

Exploit author

kingcope

Platform

Exploit platform

bsd

Release date

Exploit published date

2012-07-01

                
                    
                         Download file
                    
                
            
This exploit was leaked on the Full Disclosure mailing list:

http://seclists.org/fulldisclosure/2012/Jun/404


Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19520.zip


BSD telnetd Remote Root Exploit *ZERODAY*
By Kingcope
Year 2011

usage: telnet [-4] [-6] [-8] [-E] [-K] [-L] [-N] [-S tos] [-X atype] [-c] [-d]
        [-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-s
src_addr] [-u] [-P policy] [-y] <-t TARGET_NUMBER> [host-name
[port]]
TARGETS:
0 FreeBSD 8.2 i386
1 FreeBSD 8.0/8.1/8.2 i386
2 FreeBSD 7.3/7.4 i386
3 FreeBSD 6.2/6.3/6.4 i386
4 FreeBSD 5.3/5.5 i386
5 FreeBSD 4.9/4.11 i386
6 NetBSD 5.0/5.1 i386
7 NetBSD 4.0 i386
8 FreeBSD 8.2 amd64
9 FreeBSD 8.0/8.1 amd64
10 FreeBSD 7.1/7.3/7.4 amd64
11 FreeBSD 7.1 amd64
12 FreeBSD 7.0 amd64
13 FreeBSD 6.4 amd64
14 FreeBSD 6.3 amd64
15 FreeBSD 6.2 amd64
16 FreeBSD 6.1 amd64
17 TESTING i386
18 TESTING amd64
Trying 192.168.2.8...
Connected to 192.168.2.8.
Escape character is '^]'.
Trying SRA secure login:
*** EXPLOITING REMOTE TELNETD
*** by Kingcope
*** Year 2011
USING TARGET -- FreeBSD 8.2 amd64
SC LEN: 30
ALEX-ALEX
 6:36PM  up 5 mins, 1 user, load averages: 0.01, 0.15, 0.09
USER             TTY      FROM              LOGIN@  IDLE WHAT
kcope            pts/0    192.168.2.3       6:32PM     4 _su (csh)
FreeBSD h4x.Belkin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17
02:41:51 UTC 2011
root () mason cse buffalo edu:/usr/obj/usr/src/sys/GENERIC  amd64
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

Release Date	Title	Type	Platform	Author
2020-12-02	"Under Construction Page with CPanel 1.0 - SQL injection"	webapps	multiple	"Mayur Parmar"
2020-12-02	"Expense Management System - 'description' Stored Cross Site Scripting"	webapps	multiple	"Nikhil Kumar"
2020-12-02	"Student Result Management System 1.0 - Authentication Bypass SQL Injection"	webapps	multiple	"Ritesh Gohil"
2020-12-02	"EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting"	webapps	multiple	"Soushikta Chowdhury"
2020-12-02	"WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution"	webapps	php	zetc0de
2020-12-02	"EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF"	webapps	multiple	"Hardik Solanki"
2020-12-02	"WonderCMS 3.1.3 - Authenticated Remote Code Execution"	webapps	php	zetc0de
2020-12-02	"WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass"	webapps	multiple	"Aakash Madaan"
2020-12-02	"PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS"	webapps	windows	"Amin Rawah"
2020-12-02	"Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting"	webapps	multiple	"Sagar Banwa"

Release Date	Title	Type	Platform	Author
2018-11-06	"Morris Worm - fingerd Stack Buffer Overflow (Metasploit)"	remote	bsd	Metasploit
2016-07-21	"NetBSD - 'mail.local(8)' Local Privilege Escalation"	local	bsd	akat1
2015-09-28	"Watchguard XCS - Remote Command Execution (Metasploit)"	remote	bsd	Metasploit
2015-09-28	"Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)"	local	bsd	Metasploit
2015-04-21	"OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)"	dos	bsd	nitr0us
2014-12-02	"tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side"	remote	bsd	dash
2014-11-06	"Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)"	remote	bsd	Metasploit
2014-10-25	"OpenBSD 5.5 - Local Kernel Panic (Denial of Service)"	dos	bsd	nitr0us
2012-11-22	"OpenBSD 4.x - Portmap Remote Denial of Service"	dos	bsd	auto236751
2012-07-01	"BSD - 'TelnetD' Remote Command Execution (2)"	remote	bsd	kingcope

Release Date	Title	Type	Platform	Author
2013-10-29	"Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution"	remote	php	kingcope
2013-09-03	"MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption"	remote	hardware	kingcope
2013-08-07	"Apache suEXEC - Information Disclosure / Privilege Escalation"	remote	linux	kingcope
2013-07-16	"Squid 3.3.5 - Denial of Service (PoC)"	dos	linux	kingcope
2013-07-11	"Nginx 1.3.9/1.4.0 (x86) - Brute Force"	remote	linux_x86	kingcope
2013-06-05	"Plesk < 9.5.4 - Remote Command Execution"	remote	php	kingcope
2013-04-12	"ircd-hybrid 8.0.5 - Denial of Service"	dos	linux	kingcope
2012-12-06	"Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass"	remote	linux	kingcope
2012-12-02	"MySQL (Linux) - Database Privilege Escalation"	local	linux	kingcope
2012-12-02	"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution"	remote	windows	kingcope
2012-12-02	"freeFTPd 1.2.6 - Remote Authentication Bypass"	remote	windows	kingcope
2012-12-02	"IBM System Director Agent - Remote System Level"	remote	windows	kingcope
2012-12-02	"freeSSHd 2.1.3 - Remote Authentication Bypass"	remote	windows	kingcope
2012-12-02	"MySQL (Linux) - Heap Overrun (PoC)"	dos	linux	kingcope
2012-12-02	"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass"	remote	linux	kingcope
2012-12-02	"MySQL (Linux) - Stack Buffer Overrun (PoC)"	dos	linux	kingcope
2012-12-02	"MySQL - 'Stuxnet Technique' Windows Remote System"	remote	windows	kingcope
2012-12-02	"MySQL - Remote User Enumeration"	remote	multiple	kingcope
2012-12-02	"MySQL - Denial of Service (PoC)"	dos	linux	kingcope
2012-08-13	"Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)"	dos	linux	kingcope
2012-07-01	"BSD - 'TelnetD' Remote Command Execution (2)"	remote	bsd	kingcope
2012-06-10	"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities"	remote	windows	kingcope
2012-03-19	"Apache Tomcat - Account Scanner / 'PUT' Request Command Execution"	remote	multiple	kingcope
2012-01-17	"Linux Kernel 2.6.36 IGMP - Remote Denial of Service"	dos	linux	kingcope
2011-12-01	"FreeBSD - 'ftpd / ProFTPd' Remote Command Execution"	remote	freebsd	kingcope
2011-12-01	"Serv-U FTP Server - Jail Break"	remote	windows	kingcope
2011-10-11	"JBoss AS 2.0 - Remote Command Execution"	remote	windows	kingcope
2011-08-19	"Apache - Remote Memory Exhaustion (Denial of Service)"	dos	multiple	kingcope
2011-06-30	"FreeBSD OpenSSH 3.5p1 - Remote Command Execution"	remote	freebsd	kingcope
2011-03-04	"JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution"	webapps	jsp	kingcope

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"BSD - 'TelnetD' Remote Command Execution (2)"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.