|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Exploit for DNS Cache Poisoning - RELEASED
> > On Thu, Jul 24, 2008 at 10:32 AM, Tuc at T-B-O-H.NET <[email protected]> wrote: > > > > - -- "Robert D. Scott" <[email protected]> wrote: > > > > > > >Now, there is an exploit for it. > > > > > > > >http://www.caughq.org/exploits/CAU-EX-2008-0002.txt > > > > > > Now also (mirrored) here: > > > > > > http://www.milw0rm.com/exploits/6122 > > > > > > ...and probably a slew of other places, too. ;-) > > > > > The changes the put into metasploit for this don't seem > > to work if running from FreeBSD 5.5, possibly other BSD's and > > versions from talking to the author. > > > > Tuc/TBOH > > > > > True. On FreeBSD 7.0-STABLE (updated on Fri May 23) it fails to create raw > socket: > ... > [-] This module is configured to use a raw IP socket. On Unix systems, only > the root user is allowed to create raw sockets.Please run the framework as > root to use this module. > > [*] Attempting to inject poison records for example.com.'s nameservers into > 202.72.241.4:55088... > [-] Auxiliary failed: undefined method `sendto' for nil:NilClass > Sorry, I just checked it on 7.0 earlier today. If you happen to know any FreeBSD Ruby programmers with heavy socket experience, it would really be helpful. :-D I haven't tried the Python one yet. Probably later today. Tuc/TBOH
|