Full Disclosure mailing list archives
Re: I know its old, but what the heck does this do... (exposing a tool...)
From: xD 0x41 <secn3t () gmail com>
Date: Wed, 26 Oct 2011 13:14:14 +1100
Hrm, exactly what im wondering about, is that packet just 'junk' in effect ,.... or just hiding more :s I will investiagte it. It is strange tho, as nothing of the *normal* has detected anything malign yet to me, but, i just started the OS i use for this stuff 20seconds ago, and it has only read a few setors of the code sofar... yes, it is a home lab, it is just IBM x3 3U racks, put together in a DIYs kinda rack,but works for me :) It is also a 'darknet' , so many of this kinda network shit seems to dribble in from many places, atm it seems, this is the .c file theyre trying to hide, apparently it can send a negotiation wich just trashes the SMB client, according to this, wich i am going to see what does exactly in about 5minutes :P i will keepyou informed as yes, usually most ddos wich uses *trash* code to send as broadcasting packet, would encapsulate exactly this, BS, wich, this is not. It is some code in there, but, it is also not str8 forward yet for me, until i have results but, it does spawn some strange sockets :s I will see where it leads. thx for that info about the SMB bugs, i do know of them but, just have seen this done once properly on linux, wich is a really hardass attacking tool, and clobbers smb server, but, this one seemingly does it diferently. there is a winssmb-nuke tool already, i know that DOES work 100% now i did alittle google b4 ending this post, and, this is the apprent descendant, wich was sold. I will look now and wait for my os to read thru it abit... and darknet to see where it connects. interesting one tho. i have also found similar code, for something else called ipv6killer.c ,no not ipv6fuck.c wich is also, actually real, but, ipv6killer.c, wich is almost exactly this same code, but, actually seems setup for ipv6, so makes me think about this one harder :s i am stumped until i have a malware analysis from my box, as i dont run things at first glance, specially ddos crap, that will certainly lead to mem corruption :P ok, cheers sofar, ill keep looking! xd On 26 October 2011 13:03, Flavio do Carmo Junior <carmo.flavio () gmail com>wrote:
'system(h3llcode)' ?? Should be fun... On 10/26/11, xD 0x41 <secn3t () gmail com> wrote:Hello List, Id like people to also, like this thread asks, to pls give some opinion, other than mine.. wich, i am yet to make; http://www.hackerthreads.org/Topic-5973 Please look at this .c code on here, if you wish, and tell me, why A. It is still in circulation, seeminlgly, on MANY MANY boxes.... B. people still seem to try keep it private :s This morning, a friend from webhostingtalk.com ,asked me to take a look. I have and, i can only sofar say, once i decrypt the shellcode, ill know abit more.. altho , i rmember this thing, and, somany people were after it, peoplewerepaying for it, this is first time i have seen it actually disclosed tho, admittedly only looked today. If skiddies are using it to ddos things, I want to makesure i can exposeit,and kill the threats. thankyou. xd .// exposing bullshit as i ride!-- Sent from my mobile device -- Best regards, Flávio do Carmo Júnior Sydney/NSW http://au.linkedin.com/in/carmoflavio/en http://0xcd80.wordpress.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: I know its old, but what the heck does this do... (exposing a tool...), (continued)
- Re: I know its old, but what the heck does this do... (exposing a tool...) Antony widmal (Oct 25)
- Re: I know its old, but what the heck does this do... (exposing a tool...) xD 0x41 (Oct 25)
- Re: I know its old, but what the heck does this do... (exposing a tool...) Flavio do Carmo Junior (Oct 26)
- Re: I know its old, but what the heck does this do... (exposing a tool...) GloW - XD (Oct 26)
- Re: I know its old, but what the heck does this do... (exposing a tool...) doc mombasa (Oct 28)
- Re: I know its old, but what the heck does this do... (exposing a tool...) Antony widmal (Oct 26)
- Message not available
- Re: I know its old, but what the heck does this do... (exposing a tool...) xD 0x41 (Oct 25)
- Re: I know its old, but what the heck does this do... (exposing a tool...) xD 0x41 (Oct 25)