New Hacking Zine: p62

[b0f <b0fnet () yahoo com>]

pzc> 16.   REAL  authentic  information  regarding 
iDEFENSE  contractor
pzc> purchases.

Hi would just like to touch on this. 
Most of the info they have on there about me is unture
Yes i did get $300 from idefense and yes that is my
name. My name can be found by searching google (good
google skills boys).

The date they have is completly wrong and i am not a
member of dtors security and have never been. Any
member from dtors would confirm that i didn't 'steal'
nuthin from them to sell to idefense. For guessing my
palpal account wouldn't be to hard since i always use
this email address. I also have a good idea where they
got the $300 price tag from. 

While i write this i must also congrat them in finding
a hole in suexec.

<snip from phrack 62>
whereis suexec
suexec: /usr/sbin/suexec
/usr/share/man/man8/suexec.8.gz
ls -al /usr/sbin/suexec
-r-s--x---    1 root     apache      11732 May 15
06:09 /usr/sbin/suexec
cat << EOF >> suexp.c
/* REMOVED - sorry kids
 * Phrack supports Non-disclosure
 */
EOF
make suexp
cc     suexp.c   -o suexp
./suexp -t6
id
uid=0(root) gid=0(apache)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
#h3h3h3
</snip from phrack 62>

Ain't it great that there exploit gives gid=0(apache).

I hope this clears this up and guys for phrack 63
anything you want to know about me just ask atleast
you will get it right that way ;)

Regards
b0f

=====
www.b0f.net

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html