[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030617050940.71593.qmail@web11408.mail.yahoo.com>
From: xillwillx at yahoo.com (w g)
Subject: ExploitLabs - URGENT 0day Alert!!
wow youre so cool, can i fuck your mom in the ass raw dog with no lube?
Donnie Weiner <s2_pi_di_ty@...mail.com> wrote:------------------------------------------------------------------
EXPL-NOTHCKR-A1-31337-2003-00010 exploitlabs.com Advisory 00000010
------------------------------------------------------------------
-= How To Make A mIRC Bot =-
morning_wood
June 16, 2003
exploitlabs.com
Vunerability(s):
----------------
1. Backdoor/Remote Shell/Default Password
Product:
--------
How To Make A mIRC Bot
http://www.mishscript.de/help/mircbot.htm
Description of product:
-----------------------
How To Make A mIRC Bot - Freeware
"There is so much you can write into a bot, and you can only learn how
through asking people, reading FAQ's like this one and doing it for you
rself. So anyway, this FAQ will try to take you through the basics of making
your own bot."
Download:
http://exploitlabs.com/fylez/Wood-bot_tut.txt <-- dont work
http://www.howtomakeabircbot.com <-- also dont work, domain doesnt exist
http://www.mishscript.de/help/404.htm <-- dont work, says not found
http://www.mishscript.de/help/mircbot.htm
VUNERABILITY / EXPLOIT
======================
Remote:
-------
yup!
exploit code ( basicly shows what an attacker types to do a 0day attack )
----0day----- snippy ----0day---------
To add and remove user levels, we use the /auser and /ruser commands. There
are others such as /guser, but they make use of mIRC's Internal Ad
dress List, which we'll come to later. To cut a long story short, /auser and
/ruser are the simplest.
/auser will give a nick a certain userlevel. The one you want
to use is:
/auser 100 Merlin (please, put YOUR OWN nick instead of "Merlin". You want
your usual nick to be in there, NOT the nick of the bot. That would
be pointless. If YOU want to access the commands, YOU must have a high user
level in the eyes of the bot.
----------- end snippy ---------------
here we see that 0day is possible because since this is basicly a tutorial
and when we read tutorials we do it because we cant find code to co
py and paste (isnt that right illwill [aka "w g" aka xillwillx@...oo.com
aka o0oillwillo0o @ aim aka xXxXxXx_iLLWiLL_420_31337_SuPA_MaSTA_HaC
KSTA_2005_xXxXxXx @ dalnet #teens4fun] lol me and illwill are buds he cant
code and its well known he basicly rips from planetsourcecode etc b
ut its all good) newayz if we cant find anything to copy and paste then we
need to look for tutorials and im not very good with english so i d
ont really read what it says i just do it and probly everyone does that
basicly since it says
"/auser 100 Merlin (please, put YOUR OWN nick instead of "Merlin"."
we do a 0day attack by using the exploit (provided below) which allows us to
gain privileges at level 100. from there we can tell the bot to d
cc file transfer us a copy of cmd.exe (hense - remote shell)
exploitlabs 0day exploit team (currently just me, coinsidently im the only
one on all the exploitlabs teams actually, since im the only employ
ee) has written some 0day to exploit this 0day
-------0day alert------
# EXPL-0DY-000000000000001-2003-31337
# this is a 0day to exploit aforementioned 0day
# this is to be pasted directly into the mirc chat window
# you may hilite the 0day portion of this exploit to prepare for copy
# then press ctrl-c to copy, move the cursor to the mirc window
# then press ctrl-v to paste
# this exploit currently only has targets to work on windows OS
# exploitlabs 0day team ( again, just me ) is researching how to port
# these instructions to multiple platforms (for some reason my irc program
# closes when i keep trying to copy, i press ctrl-c like 6 times and still
# wont work, irc program crashes...future 0day advisory by exploit labs
# to dislcose this strange 0day crash is being made) so it will soon be
# portable. exploit follows
/NICK Merlin
-end---0day alert------
after using this 0day exploit create in the labs of exploitlabs, wait for
the
reader of the tutorial to type the /auser 100 Merlin portion of the default
implementation of this tutorial
after using this 0day exploit create in the labs of exploitlabs, wait for
the
reader of the tutorial to type the /auser 100 Merlin portion of the default
implementation of this tutorial
Vendor Fix:
-----------
No fix on 0day
I disclosed the 0day to my friends on irc (irc.euyulio.org #subseven /
#euyulio)approx 4 weeks ago, has been on our website since last week, a
nd i told the vendor - so really this wouldnt be '0day' more like '28day'
but i dont really know what 0day means (as you can see from all my a
dvisories) and i think it sounds cool so i say 0day whenever i can.
Vendor Contact:
---------------
merlin@...hscript.de - Concurrent with this 0day
Credits:
--------
morning_wood ( surprise, seeing as im the only one here at exploitlabs! )
http://exploitlabs.com "where thinking up lame advisories is one job, and
writing them is half the fun"
morning_wood@...me4.com - get tested
----------------------------------------
be a good vendor... test your tutorials first, it is your problem, fix
it. users shouldnt be expected to configure your products or read any
documentation.
http://nothackers.org - it's t0day
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030616/8fb51614/attachment.html
Powered by blists - more mailing lists