actually the closer i look at c4 i think it might just be sd's bindtty.c
which is part of suckit.
char sig[]="\x31\xdb\x31\xc0\x31\xd2\xb2\x08\x68\x67\x6d\x6c\x0a\x89\xe1\xb0\x04\xcd\x80\xb0\x01\xcd\x80";
Dan wrote:
Hi,
Our Snort picked up an interesting attempt to download, compile and execu
http://phrick.net/~gml/public/projects/bb.c
enjoy.
--
char
sig[]="\x31\xdb\x31\xc0\x31\xd2\xb2\x08\x68\x67\x6d\x6c\x0a\x89\xe1\xb0\x04\xcd\x80\xb0\x01\xcd\x80";
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-
He'll more likely go to prison for 10-20.
That's if he's lucky. I'm certain he will "be made an example of".
Poor dumb bastard. He wanted attention, now he's got it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard M.
Smith
Sent: Friday, August 29
if ( !MyStartService(szServiceTftpd) ){
does appear so. Seems like there is more code that's not here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jerry Heidtke
Sent: Friday, August 29, 2003 6:59 PM
To: Shanphen Dawa; [EMAIL PROTECTED]
Subject: RE:
But seriously, sex with minors isn't exactly a parking ticket.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kurt Seifried
Sent: Monday, August 25, 2003 6:29 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] CERT Employee Gets Ow
Except the US, we have jurisdiction over the world apparently.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Drew Copley
Sent: Thursday, August 21, 2003 3:50 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] JAP back doored
> -Original Messa
I can't image that anything really important would be connected to the
internet. Then again who knows right.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 3:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
C
No better yet, the Canadians are really terrorists and they are using the
movie "Canadian Bacon" as a blue print for terror. I think that's it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KF
Sent: Thursday, August 14, 2003 6:54 PM
To: [EMAIL PROTECTED
Are you saying that Open Source software can save us from power grid
"cascading failure"? Heh, I sure hope they weren't running any GNU software
On anything important. Actually I heard that it was a lightning strike in
Canada that hit a transformer and overloaded the grid causing the others to
Br
In fact, you could probably take that kaht2 source and modify it to drop a
patch payload instead of a Trojan. Please whatever you do, don't write a
worm, we already have enough traffic for the moment ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of And
I've been doing this:
1. patch the machine
2. remove registry entries containing "msblast.exe"
3. reboot
4. remove msblast.exe
It's worked out so far. Yes I agree I wish people would listen when you
tell them to patch. I have it on good authority that firewalls can't stop
stupidity, I guess we'
I think the problem is, that someone was rushing to be the first one out
with a worm. Anyone can take an exploit and wrap up the main() and write
A worm, it's not that hard. I think the problem with these worm writers
Is they didn't have the requisite knowledge to actually write a proper worm.
Th
Hah, if it was a Windows box you should have just rooted it. Hahhaha.
Sorry I couldn't resist.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of del
Sent: Tuesday, August 12, 2003 7:44 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] PHRACK 61 IS OUT !
Why build in a backdoor when you can just write crappy code?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kerry Steele
Sent: Wednesday, August 13, 2003 3:20 PM
To: Eichert, Diana; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] recent RPC/DCOM worm tho
_data:004047EC aWindowsupdate_com db 'windowsupdate.com',0
that's what I have.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of northern
snowfall
Sent: Wednesday, August 13, 2003 10:10 PM
To: Jason Witty
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure
I agree with Justin. You would think that by now someone would write a
random address generator that would solve the obvious timing problems that
Most worms seem to suffer from. I was thinking more along the lines of
Generating a random IP but on the first 3 octets and going through the
Entire cl
s and such rather then doing a
DDOS...
just my $0.02
Ed
- Original Message -
From: "gml" <[EMAIL PROTECTED]>
To: "'Justin Shin'" <[EMAIL PROTECTED]>;
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Sent: Wednesday, August 13,
You all focus on a worms potential for destruction too much.
What about threats that affect the real world. For instance
Theft of data on a massive scale. We've already seen worms
That do this. Or worse DDOS networks that can be uses as weapons
Against foreign governments or even our own to disrup
I think you are probably missing the obvious privacy issues.
However if this were something that stopped at your edge, then I would
Refer to it more as an automated patch agent, rather than a worm.
It's less threatening. Something like this would be trivial to write,
especially if it were to be use
Does anyone know if it somehow disables
the ability to use Windows Update features?
For some reason I can no longer run
windows update, I’m going to look into it.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of harq deman
Sent: Monday, Augu
Are you basically saying that MS deserves no sympathy and should stand up
and take responsibility for the silliness inherent in their OS source code?
If that's what you're saying, then I have to agree. The word debacle comes
to mind here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Because that movie sucked.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Berend-Jan
Wever
Sent: Thursday, August 07, 2003 12:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Red Bull Worm
Why not call it SkyNet, after T3 ?
SkyLined
- Orig
I would think it would try to copy itself to %systemroot%\system32 find that
it doesn't have access to overwrite msblast.exe and then just keep
executing, but then again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick FitzGerald
Sent: Tuesday, August
Today will go down in history as the day the whole damned world got owned.
I have so many machines infected with so many things it's insane.
I'll be reverse engineering until 2004.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dennis Opacki
Sent: Monday
Title: Message
It’s about damned time, I guess I can
stop writing mine now.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ViLLaN
Sent: Monday, August 11, 2003
11:06 PM
To: '[EMAIL PROTECTED]'
Subject: [Full-Disclosure]
Symantec has released a
What if it just kept an internal list of return addresses and simply cycled
through them each in a separate thread until it was able to gain access to
the machine?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Wesley
McGrew
Sent: Monday, July 28,
This exploit works exceptionally well. Frighteningly well.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of christopher
neitzert
Sent: Saturday, July 26, 2003 3:38 PM
To: Justin Shin
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] DCOM RPC exploit (dc
Anyone interested in a list called "indecent-disclosure"?
-Original Message-
From: micah mcnelly [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 7:31 PM
To: gml; 'Jeremiah Cornelius'
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] RE:
Len Rose is a muppet.
I can't help it. I'm going to have to comment to a comment about my own
comments about commenting about the list, seriously it just HAS to be done.
Who has a comment? Any takers?
Thanks,
"The Professional"
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I was never under the impression that this was more than a social experiment
setup for Len's amusement.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anthony Aykut
Sent: Friday, July 18, 2003 5:16 PM
To: Donnie Weiner
Cc: [EMAIL PROTECTED]
Subject:
Ho
: gml; 'northern snowfall'; 'Nick Jacobsen'
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Credit card numbers
i used to card during high school all the time.
/m
- Original Message -
From: "gml" <[EMAIL PROTECTED]>
To: "'northern s
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gml
Sent: Thursday, July 17, 2003 6:18 PM
To: 'northern snowfall'; 'Nick Jacobsen'
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Credit card numbers
Carding is for "hackers" who enjoy prison. If you ar
Does Mac OS X count?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of northern
snowfall
Sent: Thursday, July 17, 2003 8:25 PM
To: Dortmunder Lethman
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Invaded by morons..
>
>
>I won't respond to anyone who
MAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gml
Sent: Thursday, July 17, 2003 6:18 PM
To: 'northern snowfall'; 'Nick Jacobsen'
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Credit card numbers
Carding is for "hackers" who enjoy prison. If you are cons
Carding is for "hackers" who enjoy prison. If you are considering illegal
activity that involves theft or the possibly involvement of the secret
service, I suggest you first ask yourself whether or not you enjoyed high
school cafeteria food and then imagine eating that for the next 20-30 years.
-
Excuse me if I don't get excited over another mass mailing worm. :(
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ATD
Sent: Wednesday, June 25, 2003 6:53 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] A worm...
.pif being .zip, is this new?
cute
What does that do?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Chien
Sent: Friday, June 20, 2003 1:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Apache 1.3.27 Remote Root 0-Day Exploit
(OFFICIAL POST)
At 08:39 AM 6/20/2003 -0700, you
ok who volunteers to test this stuff out on their box?
- Original Message -
From: "Gary E. Miller" <[EMAIL PROTECTED]>
To: "André Luís Quintaes Guimarães" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 18, 2003 6:15 PM
Subject: Re: [Full-Disclosure] Destroying PCs remote
On Friday 13 June 2003 06:51 pm, David Bernick wrote:
Well anyway, I got inspired:
// Fake Exploit Generator
// [EMAIL PROTECTED]
//
#include
#include
#include
#include
#define badchar(c,p) (!(p = memchr(b64string, c, 64)))
#define BEAUTIFY "indent"
char b64string[] =
"ABCDEFGHIJK
On Friday 13 June 2003 03:57 pm, Brian Houk wrote:
Wow, I'd never run something that had a printf statement in it with
print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that ran a fake
0day exp loit. v2\nPRIVMSG $chan :to run commands on me, type: ".$nick.":
command\n";
if you run this yo
On Thursday 12 June 2003 12:49 pm, madsaxon wrote:
for the record, i've been saying we need to change the
nomenclature for awhile, suddenly everyone cares.
i am truly amused. i'm going to go off now and be ahead
of the curve some more.
> [Since nothing appears to be "off topic" for this list, I
BWAHHAHHAHHAHHAHAAHAHHAHAHA
sorry but that's phricken funny.
On Thu, 2002-09-19 at 18:02, [EMAIL PROTECTED] wrote:
>
> EMPIRICAL SECURITY ADVISORY 0x02
>
> Product: Otis Elevator 12 Passenger, 2000lbs Model
>
> Summary
> A denial of service is possible against users of this model elevator.
>
I'll take 100 gobbles ramblings over another crewcut jock asshole from
ISS for $500 alex.
On Wed, 2002-09-11 at 20:00, s n u r f l e wrote:
> were you too stupid to check the reply-to like the last ISSer to post here, or
> did you mean to do your schoolyard chanting in public?
>
> i'll take 100
43 matches
Mail list logo
