lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...

Isn't there a tool that will create the jpeg for it..and you can input
the URL you want the JPEG to download.

The JPEG will grab dropper script or whatever you want it too. No need
to revisit. Am I correct in thinking this? 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
Castigliola, Angelo
Sent: Monday, September 27, 2004 3:30 PM
To: morning_wood; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and
Bind shell ...

Eh, It would not be that hard to write up something that could revisit
all of the computers that hit the web server to infect them with
something after the initial jpg exploit was ran. It would truly be a one
of a kind worm. Reason enough in itself to motivate someone to write it.

As far as Media hype. I'm all for it. It keeps the IT job market strong.

Angelo Castigliola III
Operations Technical Analyst I
UnumProvident IT Services
207.575.3820
 
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
morning_wood
Sent: Saturday, September 25, 2004 2:06 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and
Bind shell ...


umm, no
all this has thats different is correct headers for bind or remote shell
option. and ability to set ports and return ip in the code, instead of
needing to use your own shellcode ( or metasploits ) note: there is no
new exploit code or vector

------------------- / snip /----------------- new.
char header1[] =
"\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64"
"\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00"
"\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65"
"\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19"
"\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26"
"\x2E\x3E\x35\x35\x35\x35\x35\x3E";
------------------- / snip /----------------- old.
------------------- / snip /----------------- char header1[]=
"\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64"
"\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00"
"\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65"
"\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19"
"\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26"
"\x2E\x3E\x35\x35\x35\x35\x35\x3E";
------------------- / snip /-----------------

take your media hype and die kthnx,
m.wood


> the last step before the worm
>
> http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists