Full Disclosure mailing list archives
Re: Linux Kernel Exploits / ABFrag
From: enigmatic-arcanum () zero-imagination com
Date: Fri, 18 Oct 2002 18:52:18 +0100 (BST)
Hi, I've been following these threads and others on full-disclosure list concerning this topic, and in my opinion this isn't anything but another rumour or some infamous project like project mayhem, aimed at creating FUD among the linux and bsd community. Besides, I'd like to say that i fully agree with the opinions expressed by Cedric Blancher. I've also heard this so called group 'ac1db1tch3z' had an exploit for snort, guess its safe to assume that this might be just an attempt to alure people to run snort or tcpdump, and because both tcpdump and snort use libpcap this might be some sort of vulnerability, perhaps in the pcap_open_offline() because it is used to save snapshots (dumps) of network packets by both tcpdump and snort, anyway. When i first heard about this rumour, it was spreaded on a *private* irc network by 'halfdead' (the recent scene whore, looking for fame and glory) and shiftee (nice guy, sort of a sheep, he doesn't seem to grasp shit of what he does, but anyway, let along), both of them were affirming that they had been warned for spreading the header of this so called ABFrags, and that halflife has even been owned 2 times on Linux, only running an ssh session to his shell server, and another while he was using FreeBSD. What is more interesting now is the fact that both shiftee and halfdead belong to PHC (#phrack high council @ efnet), if no one knows what this is is, i'd invite you to read el8.3 since there is all that should be known about this guys and related projects / actions. Another thing, I'm not trying to make more rumours - we're all tired of them, aren't we ?, but i don't believe this guy 'Daniel Roberts' was really some guy who had been used as honeypot or had tragicly been owned and luckily found a binary which was ABFrags or whatever, what a luck! just check his email address (i know this is a freely webmail, but if you look at the e-mails used by gobbles, phc, etc, you'll see that they also use hushmail, but this is a minor detail and shouldn't be looked as the weapon of the crime), but why did this mail was sent to bugtraq, linuxsecurity.com and alike maillinglists rather than to incidents or FIRST maillinglists? go figure. This binary spread is afaik crypted with TESO ELF Encryption Engine (formerly known as burneye v1, for more informations see phrack 59 article 5), and if anyone out there is trying to reverse this binary, there's this tool, writen by byterage which will try to unwrap the encryption layers of the binary by means of bruteforce http://www.u-n-f.com/UNFburninhell.html Anyway, this are my views and points about this whole FUD, but, I'm not even going to say that this isn't possible, and yet i firmly believe that this might one day gonna happen, but by looking at all this bragging on IRC and maillinglists adjacent to the fact that PHC is some sort of wannabe-blackhat group trying to make fame and glory in the recent months, I kinda disagree with the existence of such exploit. -- Enigmatic Arcanum -- Personalised email by http://another.com
Current thread:
- Re: Linux Kernel Exploits / ABFrag enigmatic-arcanum (Oct 18)