We've been very surprised by the last message with subject "WU-ftp worm",
which the author claims to be hit by a ftpd worm.
As the authors of the code attached in that message, we would like to
say that we have no connections with this worm and we've never seen such
code before. That means we do NOT have the code.
Sekure SDI is not a cracker group. Our exploit code has been made only for
testing purpose and it was NOT suppose to be released.
Also, we would like to make a little comment about the wu-ftpd exploit:
- The SDI-wu code needs some fixes to work in Red Hat and other linux
distribution. Script kiddies -> don't even try to run it!
- The first exploit released (made by duke - I think ADMwuftpd) will not
work. WU-ftpd will discard nulls characters so the return address
(bf ff f3 c0) will not be passed to the stack, which means we cannot
execute the instructions inserted in the buffer. It also will bring you to
the reason we've not coded the exploit in the ordinary way.
- Unlike the WU-ftp, the PROFTP will not accept some of the characters of
the standard shellcode and exploit code, so it's much more difficult to
exploit. I would say it's nearly impossible.
I've received a lot of message asking about how to use the exploit, bla
bla. We will NOT help kiddies with this tool.
At last, I would like to make clear that Sekure SDI has nothing to do with
this worm. Our goal is only to seek and provide security information.
* PLEASE, updated your wu-ftpd to the newest version! *
Thank you,
-condor
www.sekure.org
s e k u r e
pgp key available at: http://condor.sekure.org/condor.asc
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:40 PDT