lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <12380.1038962697@www9.gmx.net>
From: poofie at gmx.net (poofie@....net)
Subject: 0day remote root BNC exploit

This is in response to: 
  http://www.fatelabs.com/advisories/shoutcast-advisory.txt

_____________________________________________________________________
                 FaKe Research Laboratories
                     Security Advisory


 Package:		BNC 
 Vendor Web Site:	http://gotbnc.com/
 Versions:		< = Latest (v2.8.4)
 Platforms:		Lots of them
 Advisory Title:	Plaintext BNC Authentication Passwords
 Advisory ID:		F8K20020918:BNC
 Issue Date:		Wed Sep 18 12:34:56 PST 2002
 File(s):		bnc.conf
 Local:			Yes
 Remote:		No
 Fix Available:		Yes
 Vendor Contacted:	No 
 Researcher:		poofie <poofie@...elabs.com>
 FaKe Web Site:		http://www.fakelabs.com ( NOT ORG! )
 _____________________________________________________________________



 1. Overview

 The password is stored in plaintext in the configuration allowing 
 hackers to use the BNC for their illegal activities. This could 
 mean the end of IRC as we know it. Please do not use this exploit for
 fun or profit.  



 2. Exploit

 Here is the 0day exploit from FaKelabs because we have the best exploit
 collection ever. 

 
 #!/bin/sh
 # 
 # PRIVATE FAKELABS EXPLOIT 0DAY HACKER EXPLOIT
 # BNC password stealing exploit by poofie@...elabs.com
 # 
 printf "Where do you want to steal the password from? "
 READ file
 echo "Stealing the password hahahahahaha"
 grep 'S:' $file



 3. Impact

 IRC will cease to exist.



 4. Greetz

               Loki - Supreme magistrate CEO flash hacker master
              ph33r - Previous research on plaintext password methods
 PhantomOfTheRouter - Blacker than Jesse Jackson crack smoking MSN hack3r
         hack3r.com - I learned everything from you guys, THANKS
            |SaMaN| -
http://online.securityfocus.com/archive/1/290114/2002-09-01/2002-09-07/0
                      Contributing useful information. Coder of the 
                      http://blackcode.tr.cx hacker team.
               ushi - Lesbian hacker slut


 (c) Copyright 1981-2002 FaKe Research Labs. All Copyrights Reserved.
 Web: http://www.fakelabs.com


-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr f?r 1 ct/ Min. surfen!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ