Re: Trojan author revealed (was: Re: ProFTPD-1.2.9rc2 remote root exploit)

[Jirka Kosina <jikos () jikos cz>]

On Fri, 24 Oct 2003 mitch_hurrison () ziplip com wrote:

> > Hi, Mitch -- welcome to the Internet!  Here's a tool you might find
> > helpful, it's called a 'Search Engine'!  ;)
> > A quick google for a few bytes worth of shellcode returned a few
> > pages of jinglebellz.c related discussion.
> > http://www.jikos.cz/jikos/dev/shcode.asm for example.
> They're obviously in on it too.

May I have a question: what do you mean by that? I am in no way connected
to GOBBLES, I've just taken the shellcode from their mpg123 exploit,
disassembled it and made notes to what it is doing. If you are unsure, you
can take the exploit shellcode yourself, and put it in your own gdb to see
that the disassemble output is same. I've also rewritten the comments to
english, to make you happy :)

Anyway, you really don't have to remember shellcodes for a year, or 
anything like that. You just have to check the exploit written by someone 
unknown, to see what it is doing, before you try to run it on your 
production machine (unless you are either a hero or like adreanaline 
sports), so I have really no idea what are you crying here about.

Which is exactly what this long thread is about.

-- 
JiKos.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html