Full Disclosure mailing list archives
[argv] PHC hacklog part deux (No way, fool...)
From: "ARGV" <argv () hushmail com>
Date: Sun, 9 Mar 2003 02:39:29 -0800
-----BEGIN PGP SIGNED MESSAGE----- 1. Topic: PHC hacklog part deux (No way, fool...) 2. Relevant versions: Vulnerable: ALL! You don't hear nothin but your pea brain rollin' around in your head! Not Vulnerable: NONE! Don't stay up late, eat all your greens. Remember I love you. I'll see you soon http://phrack.efnet.ru/missions/2003/mission1.tar.gz 3. Problem description: Hi, we're back with round two of PHC hacklog bugs, 'dis time with an exploitable bug!! oh joy!! MR. T says: You lied to me!! He's gonna be a package of cream cheese in a minute! Let's analyze this, shall we? MR. T says: Got no time for the jibba jabba. /* hacklog v1.0! */ ^ notice the cool comment, all elite h4x0r apps must have one char buf[8192]; ^ nice big buffer....Mr. T think even sockz could fit shellcode in 'dis if (fgets ((char *) buf, sizeof (buf), f) == NULL) break; if ((a = strchr (buf, '.')) == NULL) { perror ("strchr"); exit (EXIT_FAILURE); } *a++ = 0; if ((b = strchr (a, ' ')) == NULL) { perror ("strchr"); exit (EXIT_FAILURE); } ^ oh no..they didn't... nchars = atoi (b); ^ say it isn't so little johnny if (!nchars) { fprintf (stderr, "Error parsing timing file!\n"); exit (EXIT_FAILURE); } ^ this won't save you if (read (fd, buf, nchars) != nchars) ^ ouch....so just send > 8192 and you win! You've done it! you won!! 4. Workaround: PHC has evaded being embarrassed by fixing thems on their machine, but still keep the vulnerable code online, so that others may be hacked!! how nice! MR. T says: Now get the first-aid kit before you have to use it on yourself! Just say "NO" to blackhat code. Fool! 5. References: greetz to (censored by the DMCA foo), for being so tall, blonde, and handsome...crazy foo! 6. Contact: argv () hushmail com -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlkEARECABkFAj5rF50SHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkp7KEAniUz +Dm26i/DuBRzvhE7L/+bPUKmAJ4pfRr+WS385zZFOqsxyzZS2dfE9g== =3Sgp -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [argv] PHC hacklog part deux (No way, fool...) ARGV (Mar 09)