[Full-disclosure] IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
Rodrigo Rubira Branco (BSDaemon)
rodrigo at kernelhacking.com
Wed Oct 10 12:12:50 BST 2007
Hey Luiz,
The Gaus´s (cisco) point is the videos just showed a shellcode being
executed, not a vulnerability being exploited. If you has a vulnerability,
so you can use the shellcode other than in a debugger or physically
attached to the device.
Anyway, it´s time to ask where is the shellcodes? I want to see that.
cya,
Rodrigo (BSDaemon).
--
http://www.kernelhacking.com/rodrigo
Kernel Hacking: If i really know, i can hack
GPG KeyID: 1FCEDEA1
--------- Mensagem Original --------
De: Luiz Eduardo <le at atelophobia.net>
Para: Rodrigo Rubira Branco BSDaemon <rodrigo at kernelhacking.com>
Cópia: Andy Davis <andy.davis at irmplc.com>, @fjaunet.com.br
<full-disclosure at lists.grok.org.uk>
Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10/10/07 10:42
>
> Oi Rodrigo,
>
> by this statement on Gaus' email I would say it's not possible. But I
will let the smart people comment.
>
> > &gt; - Having physical access to the device
>
> abraço
> le
>
>
>
> On Oct 10, 2007, at 3:36 AM, Rodrigo Rubira Branco (BSDaemon) wrote:
>
> > Hey Andy,
> >
> > For sure the shellcodes can be used in a local attack, but I want
> > to see you
> > using a connect back shellcode locally in an IOS system ;) that´s
> why I said
> > explicitly remote.
> >
> > cya,
> >
> >
> > Rodrigo (BSDaemon).
> >
> > --
> > http://www.kernelhacking.com/rodrigo
> >
> > Kernel Hacking: If i really know, i can hack
> >
> > GPG KeyID: 1FCEDEA1
>
>
>
>
>
>
>
________________________________________________
Message sent using UebiMiau 2.7.2
Full-Disclosure is hosted and sponsored by Secunia.