The dbm and shm session cache code in mod_ssl prior to 2.8.7-1.3.23, and Apache-SSL prior to 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
Recon Usando la herramienta netdiscover, se identificó la dirección IP 1921681138 de la maquina virtual kioptrix root@kali:~#netdiscover -i eth0 -r 19216810/24 Currently scanning: Finished! | Screen View: Unique Hosts 100 Captured ARP Req/Rep packets, from 18 hosts Total size: 6000 ________________________________________________________________
exploits found during several CTFs
Exploits Public exploits modifications CVE-2002-0082 Apache mod_ssl < 287 OpenSSL - OpenFuckV2c Remote Buffer Overflow Fixes compilation errors CVE-2009-3103 Remote Code Execution via "SMBv2 Negotiation Vulnerability" Fixes compilation errors CVE-2017-0143 aka MS17-010 Remote Code Execution vulnerability in Microsoft SMBv1 Fixes compilation errors CVE-2003-