lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f87d771805041805395e1c8a7b@mail.gmail.com>
Date: Mon Apr 18 14:07:34 2005
From: diego.casati at gmail.com (Diego Casati)
Subject: TCP/IP Stack Vulnerability

Fellows, 

Try this:

Linux (Slackware 10):

root@...fix:/# gcc -D LINUX storm.c -lpcap -o storm

BSD systems:

root@...fix:/# gcc storm.c -lpcap -o storm

It should work, anyway Im sending a FreeBSD precompiled version of
this exploit and a the C source code as an attachment.

bash-2.05b$ uname -a
FreeBSD darksun.undernet 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Fri Dec
10 15:56:18 BRST 2004    
root@...ksun.undernet:/usr/obj/usr/src/sys/GENERIC  i386

Best reguards, 

Diego Casati


On 4/18/05, Israel Lopez <israel@...osting.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> Call me crazy, but when I copied the text out from Mr. Casati's email, I
> had to edit all of the line wraps that (I believed) Thunderbird injected
> into the email.  Takes a bit but you'll find them.
> 
> If anything I got 'farther' into compiling myself, needed to reflect
> some changes to a new location of a pcap-bpf.h header.
> 
> [~/sandbox]# gcc -DLINUX -lpcap storm.c -o storm
> storm.c: In function `PCapHandler':
> storm.c:450: warning: initialization from incompatible pointer type
> /tmp/ccvPmT8m.o(.text+0x3e8): In function `TCPCheckSum':
> : undefined reference to `sizephdr'
> collect2: ld returned 1 exit status
> [~/sandbox]#
> 
> Anyone have sucess in testing this out in a sandbox environment?
> 
> 
> Diego Casati wrote:
> > Try this
> >  root@...fix:~/vortex# gcc -DLINUX storm.c -lpcap -o storm
> >
> >
> >
> > On 4/17/05, H. S. <security@...olutionsp.com> wrote:
> >
> >>Hey,
> >>
> >>I am having two errors compiling this code. I want to test it on my LAN,
> >>as I have a windows box and several linux ones.
> >>
> >
> >
> >>gcc -lpcap tcp-ack.c -o storm
> >>tcp-ack.c: In function `DeletePacket':
> >>tcp-ack.c:350: error: syntax error before "CurrentPacket"
> >>tcp-ack.c: In function `FindPacket':
> >>tcp-ack.c:366: error: invalid lvalue in assignment
> >>tcp-ack.c: In function `PCapHandler':
> >>tcp-ack.c:453: warning: initialization from incompatible pointer type
> >>
> >>I'm trying to compile on a FreeBSD 5.2.1-RELEASE system.
> >>
> >>line 350 reads:
> >>                       CurrentPacket->NextPacket
> >>CurrentPacket->NextPacket->NextPacket;
> >>
> >>line 366 reads:
> >>           if (Source == Packet->Source && Destination
> >>=Packet->Destination && SourcePort == Packet->SourcePort &&
> >>DestinationPort == Packet->DestinationPort)
> >>
> >>What could be the problem?
> >>
> >>Kind Regards
> >>
> >>
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> 
> - --
> =========================
> Israel Lopez
> Lead Network Administrator
> OCHosting Inc.
> Office: (949) 388-8637 x.106
> E-Mail: israel@...osting.com
> PGPKey: 0xFE8F03DD
> Keyserver: pgp.mit.edu
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> 
> iD8DBQFCYywQhrlQD/6PA90RAhbNAKCvtt2cM7siWN17q0mbl+bL4rCeKgCfe0en
> TtecqDyAZNs4C1V8ldtsLoA=
> =u1sU
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: storm
Type: application/octet-stream
Size: 10957 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050418/9c520efe/storm.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: storm.c
Type: application/octet-stream
Size: 19317 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050418/9c520efe/storm-0001.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ