[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trojan author revealed (was: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit)
- To: mitch_hurrison@ziplip.com
- Subject: Re: Trojan author revealed (was: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit)
- From: Jirka Kosina <jikos@jikos.cz>
- Date: Sun, 26 Oct 2003 19:17:50 +0100 (CET)
On Fri, 24 Oct 2003 mitch_hurrison@ziplip.com wrote:
> > Hi, Mitch -- welcome to the Internet! Here's a tool you might find
> > helpful, it's called a 'Search Engine'! ;)
> > A quick google for a few bytes worth of shellcode returned a few
> > pages of jinglebellz.c related discussion.
> > http://www.jikos.cz/jikos/dev/shcode.asm for example.
> They're obviously in on it too.
May I have a question: what do you mean by that? I am in no way connected
to GOBBLES, I've just taken the shellcode from their mpg123 exploit,
disassembled it and made notes to what it is doing. If you are unsure, you
can take the exploit shellcode yourself, and put it in your own gdb to see
that the disassemble output is same. I've also rewritten the comments to
english, to make you happy :)
Anyway, you really don't have to remember shellcodes for a year, or
anything like that. You just have to check the exploit written by someone
unknown, to see what it is doing, before you try to run it on your
production machine (unless you are either a hero or like adreanaline
sports), so I have really no idea what are you crying here about.
Which is exactly what this long thread is about.
--
JiKos.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html