lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.10.10306131849280.6860-100000@alpha.bernztech.org>
From: bernz at alpha.bernztech.org (David Bernick)
Subject: Re: -1 day exploit - Warning

> Wow, I'd never run something that had a printf statement in it with
> 
>  print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that ran a fake
>  0day exp loit. v2\nPRIVMSG $chan :to run commands on me, type: ".$nick.":
> command\n";
> 
> if you run this you deserve to get owned.  this guy could have at least
> xor'd the strings and base64 encoded them or SOMETHING.

the printf statement is in the shellcode. if you don't know C and/or hex
very well it looks semi-legit. The attached perl code is the decoded shell
code, it's not in the actual "exploit". This is the perfect kind of
program to trojan little hacker wannabes on IRC.

and no one deserves to be owned. They just need to pay for highly paid
security consultants instead (shhh..kidding). 

d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ