lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200602040452.k144qfnU092431@mailserver2.hushmail.com>
Date: Sat Feb  4 04:52:49 2006
From: dnvdnv at hushmail.com (dnvdnv@...hmail.com)
Subject: big security bug

ear FULL-DISCLOSURE

I, Leet HaCkEr DNV has found new bug in very MutsJ used software 
for poplar operation
system freebsd mashine. If U use CAT command you can as any user 
see any file from all user. This is a big infomration leek as it 
can show secret info from other users!! i tryed with normal user 
(DNV) and i get secret info from file owned by other user (ROOT)!!! 
i have an eksample: 

<insert passwd here>

Also it is a big hacker error because as normal user (DNV) you can 
put big info in other people( ROOT) files  with this command !! cat 
MY FILE > ROOT FILE! ThiS undermineS UNICS seCURITY! THIS IS ONE OF 
THE BIGGEST BUG IN WORLD NOW!! I CAL A WRANING TO UNICS SYSTEM 
ADMINISTRATORS ALL OVEFR!! ALL OS HAVE THIS BUG ALSO LINUX MADRIVA 
MANDRAGE GENTO GOOGLE HURD MINIX AMOEBA

:+) 

I HAEV WRITTEN SHELLCODE FOR THIS EXPLOIT!! 

#!/bin/sh
file to delete=/bin/sh
path cat =/bin/cat

mov %eac, file to delete
mov %eip, ip adresse of victim
mov %stack, "/bin/sh"
push byte [r0+r1+00001112]
SystemCall("C:\%SYSTEMROOT%\SYSTEM32\CMD.EXE");
cdq
.food
ld a,(hl)
inc a
cmp b
bne .loose
move.l [a0+],d0
push [corn]
pop [corn]
pop [corn]
pop [corn]
pop [corn]
JNE .food
.loose


WHAT WE MUST ASC OURSELFS IS WHY IS THIS HACKERTOOL INCLUEDED IN 
ALL UNICES!! SUCK A DANGERUS TOOL CAN NOT BE ALOWED TO ESIST! I 
HAVE CONTACTED SCO BUT THEY DO NOT CARE AND I DONT UNDERSTAND DOT 
THEY OWN UNICS?

THIS IS POC ( PROFING ORIGINAL CONNECTIONEXPLOIT ) PLZ NOT SHARE. 
THIS WILL CLOSE INTERNET. 

gREEtINGS to My BUDDIES dr303, muslim hackers for respect of 
religion, all men love all like muslim brothers

34d1f91fb2e514b8576fab1a75a89a6b
99754106633f94d350db34d548d6091a
0cc175b9c0f1b6a831c399e269772661
a3468774415b1d86f67b7724a8732580





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ