lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200211291714.gATHEUiu052234@mailserver3.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Offset Bruteforcing

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

For centuries, skilled blackhats have written their exploits in such
a fashion that they are not usuable by normal scriptkids, where offsets
are not automatically calculated, and must be bruteforced.  When we
were given some code written by plaguez[0dd], antiNSA[0dd], and from
Solar_Designer[0dd], we came across the problem of not being able to
get root on any machines.

We devised the following technique for automating exploitation with
code in this style, hope it helps you out.

# cat  ESobf.c
/* (C) vux [ElectronicSouls]
 *
 * PROPERTY OF THE ELECTRONICSOULS CREW !
 * DO NOT DISTRIBUTE !
 *
 * simple offset brute forcer - easy guessing the offset needed to run any
   exploit succefully.
 * it's not tested but it should work! if you find any error in the code,
   please let me know!
 *
 */

#include <stdio.h>
#define PATH "/path/to/exploit -o [ofst]" // change it to the exploits's
                                          // path with the offsets's param

int main() {
 int var;
 for (var = -2000;var < 2000;var = var +1); {
 printf("\tbrute forcing : \n");
 printf("trying offset : %d\n", var);
 system("ulimit -c 0; %s "PATH"", var);
 return 0;
}
}

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"Do you want some wine with your cheese?"

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3noIgMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltOZgAnRhwI3pToNKC
M4GyyiFDUm2lNX/cAJwOLyUuc2xfHQO4z9lMNEvAVyqvIw==
=bZWq
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ