lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <010303071819020.12625-100000@www.nmrc.org>
From: hellnbak at nmrc.org (hellNbak)
Subject: [argv] PHC Threatcon Monitor & Hacklog Vulnerable

heh

On Fri, 7 Mar 2003, Day Jay wrote:

> Date: Fri, 7 Mar 2003 13:43:02 -0800 (PST)
> From: Day Jay <d4yj4y@...oo.com>
> To: ARGV <argv@...hmail.com>
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] [argv] PHC Threatcon Monitor & Hacklog
>     Vulnerable
>
> LMFAO!
>
> LOLZ!
>
>
>
> --- ARGV <argv@...hmail.com> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > 1. Topic:
> > 	Threatcon monitor
> > 	Hacklog
> >
> > 	OMG WTF LOL -- OHDAY PHC EXPLOIT -- OMG WTF LOL
> >
> > 2. Relevant versions:
> >         Vulnerable: 1.0
> >
> >         Not Vulnerable:  NONE!
> >
> > 3. Problem description:
> > 	OMG WTF LOL!
> >
> > 	http://phrack.efnet.ru/threatbar.c
> >
> > 	if ((ffd = open(filename, O_WRONLY | O_CREAT)) < 0)
> >
> > 	OMG WTF LOL -- RACE CONDITION -- OMG WTF LOL!!!!!!
> >
> > 	TMP RACE 101:
> > 		MAKE SYMLINK TO /etc/shadow IN /tmp MATCHING
> > FILENAME
> > 		WAIT FOR 31337 H4X0R TO RUN THREATBAR
> > 		...
> > 		PROFIT!
> >
> > 	http://phrack.efnet.ru/hacklog.c
> >
> > 	OMG WTF LOL -- ANOTHER BUG -- OMG WTF LOL!!!!
> >
> >  	if (argc != 3)
> >         {
> > 	fprintf (stderr, "Usage: %s <typescript>
> > <timing-file>\n",
> >                  argv[0]);
> >
> > 	WHOA MAN, WHAT IF ARGV IS NULL? WHOA MAN! OMG WTF
> > LOL!!!
> >
> > 4. Workaround:
> > 	BOW DOWN TO ME, THE GREAT TSAO
> > 	ME SO SMART OMG WTF LOL!!!
> >
> > 5. References:
> > 	THANKS TO SHIFTEE FOR THE EXPLOITZZZ OMG LOL!!!
> >
> > 6. Contact:
> >         argv@...hmail.com
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: Hush 2.2 (Java)
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify
> >
> >
> wlkEARECABkFAj5owsUSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkpw/MAoKSB
> >
> 0Ault9S+OEhzfn3HcGo1YnpnAKCbVkFThlAMs4GeOcWAcJbavXNR5g==
> > =83gT
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Follow this link to
> > get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate
> > Program:
> >
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ