[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] A BLACKHAT PROGRAM TO AUDIT YOUR CODE

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] A BLACKHAT PROGRAM TO AUDIT YOUR CODE
From: VX Dude <vxdude2003@xxxxxxxxx>
Date: Tue, 13 Jul 2004 07:10:58 -0700 (PDT)

heh, apparently they dont hold themselves up to their
own standards.  Just joking, just shows the weakness
of these scanners.  Atleast ITS4 knows when its
scanning itself and turn off all those warnings.

-vx

[vxdude2003@xxxxxxxxx vxdude]$ gcc bugscan.c -o
bugscan
[vxdude2003@xxxxxxxxx vxdude]$ ./bugscan bugscan.c
you used strcpy in your code fucking lame!
you used strcat in your code fucking lame!
you used scanf in your code fucking lame!
learn to code fucking lame

--- virgil <virgil@xxxxxxxx> wrote:
> W3 (FR h1gH c0uNc1l bl4ckh4t 3l33t p3op13) h4v3
> d3c1d3D t0 g1v3 y0u a r34l 
> pr00f 0f 0ur l33t sk1lls, 4lth0uGh m0sT 0f 0uR w0rK
> st4yS pr1v4t3 (c4uS3 W3 
> fUcK tH3 s3cuR1tY 1NduStrY). 
> 
> W1tH th1s pR0gr4m y0u w1ll b3 aBl3 t0 f1nD s0me
> s3cUr1tY buGs 1n y0urS s0urc3 
> c0d3s. 3x4mPl3 0f Us3 f0r l4m4h p3opL3:
> 
> [r00t@bl4ckh4t:/private]$ gcc bugscan.c -o bugscan
> [r00t@bl4ckh4t:/private]$ for fic in nmap-3.50/*.cc
> ; do ./bugscan $fic; done
> you're a fucking lame because your code invokes
> scanf function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> you're a fucking lame because your code invokes
> strcat function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> you're a fucking lame because your code invokes
> strcat function
> you're a fucking lame because your code invokes
> scanf function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> you're a fucking lame because your code invokes
> strcat function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> you're a fucking lame because your code invokes
> scanf function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> scanf function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> you're a fucking lame because your code invokes
> scanf function
> learn to code fucking lame
> you're a fucking lame because your code invokes
> strcpy function
> learn to code fucking lame
> 
> s0 w3 c0ncLuD3 tH4t nm4p 1s A fUcK1nG l4m3 pr0gr4m,
> m0r30v3r fY0d0r 1s 4 
> fUcK1nG l4m3 c4us3 h3 suPp0rtS S3cUriTy 1ndUsTrY
> 
> n0w H3r3 tH3 c0d3 n3rdS !!!
> 
>
--------------------------------------------------------------------------------------------
> 
> /* PRIVATE - bUgSc4n.c bY 4n0nYm0uS - PRIVATE */
> 
> #include <stdio.h>
> #include <string.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> 
> #define MAX_LAMEROSITY_LEVEL 0
> 
> 
> void flawscan(char *source){
>         char *buffer;
>         char *asshole[3] = { "strcpy", "strcat",
> "scanf"};
>         int fd, i, lamerosity_level=0, size;
> 
>         if((fd = concat(source, O_RDONLY)) < 0) {
>                 printf("you gave invalid file name
> fucking lame!\n");
>                 exit(-1337);
>         }
>         size = lseek(fd, 0, SEEK_END);
>         lseek(fd, 0, SEEK_SET);
> 
>         buffer = (char *) malloc(size);
> 
>         if(read(fd, buffer, size) > 0) {
>                 for(i=0; i<=2; ++i) {
>                         if((strstr(buffer,
> asshole[i]))) {
>                               printf("you used %s in your code fucking
> lame!\n", asshole[i]); 
>                                 lamerosity_level++;
>                         }
>                 }
>         }
>         if(lamerosity_level > MAX_LAMEROSITY_LEVEL)
> {
>                 printf("learn to code fucking
> lame\n");
>                 unlink(source);
>         }
>         free(buffer);
>         close(fd);
> }
> 
> 
> int main(int argc, char **argv){
>         if(argc < 2) {
>                 printf("learn to use this program
> fucking lame\n");
>                 exit(-1337);
>         }
> 
>         flawscan(argv[1]);
> 
>         exit(1337);
> }
> 
>
--------------------------------------------------------------------------------------------
> 
> Gr33tZ t0: 4n0nyM0uS, an0nyM0uS, anoNym0uS,
> 4nonYm0us, aN0nyM0uS, 4N0NYM0US, 
> aN0nYM0uS, AnOnYmOUs, aN0nYm0Us, 4n0nym0uS,
> anOnYM0uS, anonym0uS, AnoNyMoUs
> 4nD a b1g sP3c14l fUcK t0 th0s3 fuCk1nG wH1t3h4tS
> l4m4h pHr4cK 4uTh0rs wh0 
> d1sCl0s3 0uR pr1v4tE t3chS.  4ND FUCK TH3 M3MB3RS 0F
> IHCT34M WH0 H4V3 ST0L3N 
> US TH3 3L33T PHP include() 3XPL0IT 
> 
> ~~
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] A BLACKHAT PROGRAM TO AUDIT YOUR CODE
  - From: virgil

Prev by Date: RE: [Full-Disclosure] Erasing a hard disk easily
Next by Date: [Full-Disclosure] IE Shell URI Download and Execute, POC
Previous by thread: [Full-Disclosure] A BLACKHAT PROGRAM TO AUDIT YOUR CODE
Next by thread: Re: [Full-Disclosure] A BLACKHAT PROGRAM TO AUDIT YOUR CODE
Index(es):
- Date
- Thread