lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: wcolburn at nmt.edu (William D. Colburn (aka Schlake))
Subject: Apache 1.3.27 Remote Root 0-Day

On Fri, Jun 20, 2003 at 05:29:18PM +0100, James Greenhalgh wrote:
>Well it gave me a good laugh on a Friday afternoon anyway :)  Read the
>code, it doesn't send that "shellcode" to a remote server at all, it
>executes it.

Dump of assembler code for function shellcode:
0x08049a20 <shellcode+0>:       xor    %ebx,%ebx
0x08049a22 <shellcode+2>:       xor    %eax,%eax
0x08049a24 <shellcode+4>:       xor    %edx,%edx
0x08049a26 <shellcode+6>:       mov    $0x18,%dl
0x08049a28 <shellcode+8>:       push   $0xa213f20
0x08049a2d <shellcode+13>:      push   $0x58315254
0x08049a32 <shellcode+18>:      push   $0x344d2065
0x08049a37 <shellcode+23>:      push   $0x68542073
0x08049a3c <shellcode+28>:      push   $0x69207461
0x08049a41 <shellcode+33>:      push   $0x68572d2d
0x08049a46 <shellcode+38>:      mov    %esp,%ecx
0x08049a48 <shellcode+40>:      mov    $0x4,%al
0x08049a4a <shellcode+42>:      int    $0x80

Um, I think you can rent it at Blockbuster, or buy it from Amazon.com.


--
William Colburn, "Sysprog" <wcolburn@....edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ