pzc> 16. REAL authentic information regarding iDEFENSE contractor pzc> purchases.
Hi would just like to touch on this. Most of the info they have on there about me is unture Yes i did get $300 from idefense and yes that is my name. My name can be found by searching google (good google skills boys). The date they have is completly wrong and i am not a member of dtors security and have never been. Any member from dtors would confirm that i didn't 'steal' nuthin from them to sell to idefense. For guessing my palpal account wouldn't be to hard since i always use this email address. I also have a good idea where they got the $300 price tag from. While i write this i must also congrat them in finding a hole in suexec. <snip from phrack 62> whereis suexec suexec: /usr/sbin/suexec /usr/share/man/man8/suexec.8.gz ls -al /usr/sbin/suexec -r-s--x--- 1 root apache 11732 May 15 06:09 /usr/sbin/suexec cat << EOF >> suexp.c /* REMOVED - sorry kids * Phrack supports Non-disclosure */ EOF make suexp cc suexp.c -o suexp ./suexp -t6 id uid=0(root) gid=0(apache) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) #h3h3h3 </snip from phrack 62> Ain't it great that there exploit gives gid=0(apache). I hope this clears this up and guys for phrack 63 anything you want to know about me just ask atleast you will get it right that way ;) Regards b0f ===== www.b0f.net __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
