Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[argv] PHC hacklog part deux (No way, fool...)
From: "ARGV" <argv () hushmail com>
Date: Sun, 9 Mar 2003 02:39:29 -0800


-----BEGIN PGP SIGNED MESSAGE-----


1. Topic:

        PHC hacklog part deux (No way, fool...)


2. Relevant versions:

        Vulnerable: ALL!
        You don't hear nothin but your pea brain rollin' around in your head!

        Not Vulnerable: NONE!
        Don't stay up late, eat all your greens.  Remember I love you.
        I'll see you soon

        http://phrack.efnet.ru/missions/2003/mission1.tar.gz


3. Problem description:

        Hi, we're back with round two of PHC hacklog bugs, 'dis time
        with an exploitable bug!! oh joy!!


MR. T says:
        You lied to me!!
        He's gonna be a package of cream cheese in a minute!

        Let's analyze this, shall we?


MR. T says:
        Got no time for the jibba jabba.

        /* hacklog v1.0! */

        ^ notice the cool comment, all elite h4x0r apps must have one

        char buf[8192];

        ^ nice big buffer....Mr. T think even sockz could fit shellcode in
          'dis

         if (fgets ((char *) buf, sizeof (buf), f) == NULL)
                        break;

                if ((a = strchr (buf, '.')) == NULL)
                {
                        perror ("strchr");
                        exit (EXIT_FAILURE);
                }

                *a++ = 0;

                if ((b = strchr (a, ' ')) == NULL)
                {
                        perror ("strchr");
                        exit (EXIT_FAILURE);
                }

                ^ oh no..they didn't...

                nchars = atoi (b);

                ^ say it isn't so little johnny

                if (!nchars)
                {
                        fprintf (stderr, "Error parsing timing file!\n");
                        exit (EXIT_FAILURE);
                }

                ^ this won't save you

               if (read (fd, buf, nchars) != nchars)


                ^ ouch....so just send > 8192 and you win!
                  You've done it! you won!!


4. Workaround:

        PHC has evaded being embarrassed by fixing thems on their machine,
        but still keep the vulnerable code online, so that others
        may be hacked!! how nice!


MR. T says:
        Now get the first-aid kit before you have to use it on yourself!

        Just say "NO" to blackhat code. Fool!


5. References:

        greetz to (censored by the DMCA foo), for being so tall, blonde, and
        handsome...crazy foo!


6. Contact:

        argv () hushmail com


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlkEARECABkFAj5rF50SHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9Bkp7KEAniUz
+Dm26i/DuBRzvhE7L/+bPUKmAJ4pfRr+WS385zZFOqsxyzZS2dfE9g==
=3Sgp
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [argv] PHC hacklog part deux (No way, fool...) ARGV (Mar 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault