-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------| capzlock | - ---------------------------------------------| security advisory no. 1 | - ----------------------------------------------------------------------- CONFIDENTIAL INFORMATION - PLEASE DISTRIBUTE - CONFIDENTIAL INFORMATION - ----------------------------------------------------------------------- |---------------------------------------------------------------------| | "I am become Death, the destroyer of worlds." | | - J. Robert Oppenheimer | |---------------------------------------------------------------------| #ifdef __ELITE_HACKER [antiNSAat_private ~/.private]# ls -al - -rw-r----- 1 antiNSA 0day 21023911 May 9 01:22 why_capzlock_ownz_me.txt - -rw-r----- 1 antiNSA 0day 119511 May 2 22:09 12yroldboy.jpg - -rw-r----- 1 antiNSA 0day 16506 Apr 1 22:04 fatherandson.jpg - -rw-r----- 1 antiNSA 0day 4399 May 7 22:04 backdoor.com.passwordz.txt - -rw-r----- 1 antiNSA 0day 5619 Jan 4 22:09 codered.c #endif /* __ELITE_HACKER */ This advisory is dedicated to the many hard-working penetrators in the security industry. And, to the underground hackers that seek fame and profit, their undying thirst for knowledge is a true inspiration to us all. This advisory is being leaked to the security mailing lists in TESO fashion. Hi security freinds! - ----------------------------------------------------------------------- [PRODUCT]: BannerWheel v1.0 BannerWheel is a free script for displaying banner ads in a random fashion. Users can set the probability of displaying each banner. This script also keeps track of the number of times each banner is displayed. The script is intended for UNIX-based systems. - ----------------------------------------------------------------------- [PROBLEM]: There are bufferoverflow vulneribilities in tha C source code of the CGI package. Particularly, in badmin.c porshion. [snip]----------------------------------------------------------------- [capzlock@signal-11 ~/hack/the/planet]$ gcc badmin.c -o badmin.cgi -lcrypt [capzlock@signal-11 ~/hack/the/planet]$ ./badmin bwe(input): "command" ? kill.the.turkey bwe(input): "rcmd" ? AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA bwe(input): "flag" ? kill.the.turkey Segmentation fault [capzlock@signal-11 ~/hack/the/planet]$ [snap]----------------------------------------------------------------- This am very serious whole that could jeperdize the security of a digital computer system. - ----------------------------------------------------------------------- TOODLES!@#$%! capzlock - ------------------------- http://www.signal-11.com capzlockat_private Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wl0EARECAB0FAjzpCFEWHGNhcHpsb2NrQGh1c2htYWlsLmNvbQAKCRBePYmP9gNNOGSq AKCc+mxqQUvSAJdBzletqsh6bPLBWgCgg16ans4tht9mw+u2jChcjjktjQY= =q4Fz -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 16:29:04 PDT