[framework] question on Apple Quicktime RTSP bind/attach process
Jeffs
jeffs at speakeasy.net
Tue Nov 27 08:20:31 CST 2007
Regarding
http://www.securityfocus.com/data/vulnerabilities/exploits/26549-uni.py
which is the Apple QuickTime RTSP Response Header Remote Stack Based
Buffer Overflow Vulnerability -- as a newbie I have a simple question.
I understand the code behind the exploit in theory, but am confused
about how one would successfully attach or bind to the process that is
sitting at port 4444 (assuming you used that value as per the code) to
get the reverse shell? Netcat wouldn't do it because there is no netcat
process being sent to the attacking machine. If you could integrate it
into metasploit then I understand you would have a "session". But this
is a python script. How does one integrate it into metasploit if at
all. If not, how does the attacking machine attach to the bind process
coming in on port 4444?
Thank you from a newbie
More information about the framework
mailing list