Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[argv] PHC hacklog part deux (No way, fool...)
From: "ARGV" <argv () hushmail com>
Date: Sun, 9 Mar 2003 02:39:29 -0800


1. Topic:

        PHC hacklog part deux (No way, fool...)

2. Relevant versions:

        Vulnerable: ALL!
        You don't hear nothin but your pea brain rollin' around in your head!

        Not Vulnerable: NONE!
        Don't stay up late, eat all your greens.  Remember I love you.
        I'll see you soon


3. Problem description:

        Hi, we're back with round two of PHC hacklog bugs, 'dis time
        with an exploitable bug!! oh joy!!

MR. T says:
        You lied to me!!
        He's gonna be a package of cream cheese in a minute!

        Let's analyze this, shall we?

MR. T says:
        Got no time for the jibba jabba.

        /* hacklog v1.0! */

        ^ notice the cool comment, all elite h4x0r apps must have one

        char buf[8192];

        ^ nice big buffer....Mr. T think even sockz could fit shellcode in

         if (fgets ((char *) buf, sizeof (buf), f) == NULL)

                if ((a = strchr (buf, '.')) == NULL)
                        perror ("strchr");
                        exit (EXIT_FAILURE);

                *a++ = 0;

                if ((b = strchr (a, ' ')) == NULL)
                        perror ("strchr");
                        exit (EXIT_FAILURE);

                ^ oh no..they didn't...

                nchars = atoi (b);

                ^ say it isn't so little johnny

                if (!nchars)
                        fprintf (stderr, "Error parsing timing file!\n");
                        exit (EXIT_FAILURE);

                ^ this won't save you

               if (read (fd, buf, nchars) != nchars)

                ^ ouch....so just send > 8192 and you win!
                  You've done it! you won!!

4. Workaround:

        PHC has evaded being embarrassed by fixing thems on their machine,
        but still keep the vulnerable code online, so that others
        may be hacked!! how nice!

MR. T says:
        Now get the first-aid kit before you have to use it on yourself!

        Just say "NO" to blackhat code. Fool!

5. References:

        greetz to (censored by the DMCA foo), for being so tall, blonde, and
        handsome...crazy foo!

6. Contact:

        argv () hushmail com

Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [argv] PHC hacklog part deux (No way, fool...) ARGV (Mar 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]