| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists at onryou.com (Cael Abal) Subject: Trojan author revealed (was: Re: ProFTPD-1.2.9rc2 remote root exploit) > Hrmm. Ok I'm no Sherlock Holmes but even I could see through this > 'analysis'. This is obviously an elaborate attempt to soil the reputations of the fine people, dare I say heros of information > security, at GOBBLES security. > > Let's examine the case at hand: > > 1) Someone makes the effort of cutting up an existing public GOBBLES > shellcode. An act that requires just as much effort as writing > original opcode. > > 2) This cutup version is used in a 'trojan' even my grandmother > would be able to spot. (Obscure in-exploit overflows are way more > effective folks, ask HD "I pioneered screensavers" Moore). > > 3) Some random hero pops up on the list pointing out that > 'hey, this is GOBBLES shellcode *WINK*' > > Now who, on God's green earth, would recognise shellcode from > an obscure exploit that was published months ago. If they > didn't have it fresh in memory? > > So I think it's rather obvious either zeroboy, or one of his > friends is responsible for this trojan. And he has some sort of > rancune towards GOBBLES. Either that or he > has a serious hardon for memorising hex opcode buffers. Hi, Mitch -- welcome to the Internet! Here's a tool you might find helpful, it's called a 'Search Engine'! ;) A quick google for a few bytes worth of shellcode returned a few pages of jinglebellz.c related discussion. http://www.jikos.cz/jikos/dev/shcode.asm for example. C
Powered by blists - more mailing lists