Full Disclosure mailing list archives
Re: Apache 1.3.27 Remote Root 0-Day
From: "William D. Colburn (aka Schlake)" <wcolburn () nmt edu>
Date: Fri, 20 Jun 2003 12:07:04 -0600
On Fri, Jun 20, 2003 at 05:29:18PM +0100, James Greenhalgh wrote:
Well it gave me a good laugh on a Friday afternoon anyway :) Read the code, it doesn't send that "shellcode" to a remote server at all, it executes it.
Dump of assembler code for function shellcode: 0x08049a20 <shellcode+0>: xor %ebx,%ebx 0x08049a22 <shellcode+2>: xor %eax,%eax 0x08049a24 <shellcode+4>: xor %edx,%edx 0x08049a26 <shellcode+6>: mov $0x18,%dl 0x08049a28 <shellcode+8>: push $0xa213f20 0x08049a2d <shellcode+13>: push $0x58315254 0x08049a32 <shellcode+18>: push $0x344d2065 0x08049a37 <shellcode+23>: push $0x68542073 0x08049a3c <shellcode+28>: push $0x69207461 0x08049a41 <shellcode+33>: push $0x68572d2d 0x08049a46 <shellcode+38>: mov %esp,%ecx 0x08049a48 <shellcode+40>: mov $0x4,%al 0x08049a4a <shellcode+42>: int $0x80 Um, I think you can rent it at Blockbuster, or buy it from Amazon.com. -- William Colburn, "Sysprog" <wcolburn () nmt edu> Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apache 1.3.27 Remote Root 0-Day koec (Jun 19)
- Re: Apache 1.3.27 Remote Root 0-Day Michael (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day KF (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Joe Stewart (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day James Greenhalgh (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day William D. Colburn (aka Schlake) (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day nikoteen (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Matt (Jun 20)
- <Possible follow-ups>
- Re: Apache 1.3.27 Remote Root 0-Day Andreas Gietl (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day xbud (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Michael (Jun 20)