Displaying 8 results from an estimated 8 matches for "phf".
Did you mean:
pdf
1996 Dec 06
0
phf & Bash exploit
This is probably fairly well known, I found it by accident while reading
about the 0xFF command sperator in older version of bash shell.
The newer phf cgi that comes with some versions of picasso and rembrant
have been patched for the obvious 0x0A newline escape, but can still be
escaped using 0xFF.
It takes vulnerabilites in both phf and bash for it to work.
I have tested this very successfully on many linux machines. I would
imagine that most...
1997 Sep 28
0
[IPD] Internet Probe Droid
...provides a good summary and clear description. Please
limit the discussion on this topic to new stuff. In general posts like this
will be approved -- alex]
Automating brute force attacks with ''Expect"
balif and desslok
- Abstract -
phf, a very fast and efficient phf scanner, and mf, a brute force login
program. Both utilize scripts written in Expect, a scripting language
that automates interactive programs like telnet and ftp.
- Intro -
Hacking of the past:
''A young boy, with greasy blonde hair, sitting in...
1997 Feb 03
1
Linux rcp bug
...execute rcp, root
privileges can be obtained by anyone.
For example NCSA httpd server forks processes under uid ''nobody'' after it
gets executed by root, so any cgi-script which can execute rcp can be used
to gain root access. In particular, do you remember the old problem in the
phf cgi-bin script ? If a newline character is passed to the phf script,
it can execute arbitrary programs as user ''nobody''. So the problem with
rcp can be exploited remotely, and root access can be gained from outside,
for instance like this:
$ echo "+ +" > /tmp/my.rhos...
2010 Oct 20
4
Recommendation for a new server
Hello list,
What servers would you suggest for:100 concurrent SIP calls, 4xT1 card, and
a not much busy website, i.e. getting 500-1000 hits a day.
Thanks,
Zeeshan A Zakaria
--
www.ilovetovoip.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101020/8ab7ae3e/attachment.htm
2004 Aug 06
0
hello
K2Fb4jFc4`eOyWeV|~]!5P")k:JgiZ
k;tj2X.Hs!Yg`Qo{dDRqqOKEcE
<J:DiMo]9g#"rw;);UY*8GayoN$r?g8Paxn0tb:wL'
~Nl^n7x%^
$`xi_oK?K&-[1vOWe
8xiXiR* i`C9{Xj]W_i^s!'zs(
0G ByNw,pHf&;_kb-`:c
_QRG):P.7qIgan[[M-S
vCXV)C
UdepZlk2Bk(|-DD'}O[^*}
Ru\~-
hraw~**p'4nMnG3[Is1 g3dh!s
t#
Ca $z&)KCb`_:#
ZT QwYBj"aTB/)/g;_zGjd8bsP
u;\;fxMHe#/A"Cg
S~|gY`|OIB"Qj,a'`;b/
E6)S;rDj]lCTh<AcD1n)_OR4M'}pk4\ACnZk5 X9rV:dZ}B{ <-)U_
6%fUMwz/dEe]W!&%^7d{...
1996 Dec 20
0
Other security holes in cgi program ?
Hello
Maybe not the right list...
I know about the phf cgi script is a hole.
So I look thou my errorlog and surely found a couple (4 accesses)
of tries to run the script. =
Now it passed my mind that i should check what other scripts failed
because they didn''t exist.
I have found a two other scripts that some tries to run, I have no
referen...
1998 Jun 19
16
WARNING: Break-in attempts
...om 208.164.139.14 to
getport(mountd): request from unauthorized host
Jun 18 23:50:00 earth portmap[25134]: connect from 208.164.139.14 to
getport(mountd): request from unauthorized host
Web server logs showing attempted breakin:
pmnac1-4.inu.net - - [18/Jun/1998:23:49:57 -0700] "GET /cgi-bin/phf" 302 -
pmnac1-4.inu.net - - [18/Jun/1998:23:49:58 -0700] "GET /cgi-bin/test-cgi"
403 -
pmnac1-4.inu.net - - [18/Jun/1998:23:49:59 -0700] "GET /cgi-bin/handler"
404 -
I have taken measures to block all further access attempts from your
systems, and will be watching my logs...
1998 May 12
25
Checking remote servers
I''d like to hear some suggestions about securely administering a
system remotely. Here''s the application: a project is going to
scatter some server machines around the US. The server machines will
be running Linux, with the only network servers being a custom
application.
Ignoring the separate question of physical security, how can I
remotely check the system''s