Starting logfile IrcLog | ||
Topic (#openbsd): http://www.OpenBSD.org | ||
Topic (#openbsd): set by john at Sat Nov 4 19:06:39 2000 | ||
[Users(#openbsd:63)] | ||
[ ~el8 ] [ opcode ] [ influx_ ] [ carica ] [ Intrinsic ] | ||
[ niekze ] [ slipdisc ] [ kahl ] [@obecian ] [ pdo ] | ||
[ sizaym ] [ GoatBoy ] [ cell ] [@toor ] [@jeremie ] | ||
[ binfalse ] [@Ambrose ] [ [rew] ] [ desti ] [ mollusk ] | ||
[@dhartmei ] [ motorola- ] [ bn- ] [ loxariz ] [ _preD ] | ||
[ StJohn ] [ gk ] [@Figz ] [ nj ] [ marc ] | ||
[@hydro__ ] [@ActivatE ] [ joe- ] [ danp ] [@fx ] | ||
[ ~el8 ] [ phidias ] [ Setzer ] [ bugoid ] [@uux- ] | ||
[ tibim ] [ J0hnBlaze ] [ Slower ] [ sariel ] [@john ] | ||
[ genecyst ] [ mogambo ] [ rwxr--r-- ] [ majidf ] [ jwit ] | ||
[ GreyFoxx ] [ TAiNiUM ] [@SmooveB ] [ [frank] ] [ jethro ] | ||
[ ratcorpse ] [ cazz ] [ kajar ] [ malte__ ] [ ar ] | ||
[ Creamore ] [ _mojo ] [@spuug ] [ rys ] | ||
[Users(#openbsd:0)] | ||
~el8 [~el8@~el8.com] has joined #openbsd | ||
rys:#openbsd | m3th: no clue.. running current? | |
---|---|---|
m3th:#openbsd | 2.7 yes | |
rys:#openbsd | 2.7 stable or openbsd-current? | |
SignOff m3th: #OpenBSD (Read error 73: Connection reset by peer) | ||
m3th [meth@bofh.bestweb.net] has joined #openbsd | ||
m3th:#openbsd | let me find a similar system, see if i can find the file | |
^BBitchX^B: You are now talking to channel #Openbsd | ||
~el8 [~el8@~el8.net] has joined #openbsd | ||
~el8 | Hello, I was wondering if there is a patch for the local root exploit for OpenBSD (the one on packetstorm) ? And is it remote ? | |
laggn [operand@1Cust5.tnt2.roanoke.va.da.uu.net] has joined #openbsd | ||
~el8 | It says 'Vendor notified' | |
~el8 | And I don't see any vendor patches.. | |
laggn | when i go to the ftp mirrors and cd 2.8 there are no install files..is there an ftp that i can go to that has the 2.8 install files? | |
[cell_X(blah@38.195.196.53)] just strip off the suid bit | ||
rys | ~el8: hold on | |
| rys (rys@supernal.godsey.net) (Internic Network) | ||
| ircname : Joe | ||
| channels : #openbsd #Icons_of_Vanity | ||
| server : irc.west.gblx.net (Global Crossing West Client Server) | ||
| away : rys - gone | ||
| idle : 0 hours 0 mins 10 secs (signon: Sun Nov 5 11:54:14 2000) | ||
DesertFox | hi all | |
dhartmei | ~el8: which one? libutil was fixed long ago. | |
DesertFox | rys: there aren't any. | |
cell_X | ~el8 are you talking about the /usr/bin/chpass issue..do chmod u-s /usr/bin/chpass | |
DesertFox | rys: i'm running 2.8 and i got it out of the snapshots dir | |
~el8 | Nope | |
~el82 | i see an advisory on the front page of packetstorm | |
laggn | rys : yes, i see it there :) | |
~el8 | ~el82, yes, that is what I speak of | |
~el8 | I don't quite understand it, to tell you the truth | |
cell_X | grr..wrong answer.. | |
cell_X | =) | |
dhartmei | ~el82: url? | |
~el82 | packetstorm.securify.com | |
~el83 | theo is gay | |
~el83 | theo is gay | |
~el83 | theo is gay | |
rys | yes he is but this channel is about openbsd not theo | |
rys | just kidding | |
~el83 [~el83@~el83.net] has left #openbsd [] | ||
~el82 | i dunnno | |
SignOff Brandon`: #Phrack () | ||
mode/#openbsd [+b *!*@*.eurocompton.net] by dhartmei | ||
rys | uh | |
dhartmei | ~el82: where do you see obsd mentioned there? link to the specific article? | |
DesertFox | from what i hear, theo's somewhat crabby. | |
rys | http://packetstorm.securify.com/0011-exploits/hp2.adv | |
spuug | theo is not gay. | |
rys | theo is somewhat crabby | |
rys | bit my head off like 1 1/2 years ago | |
~el82 | dhart: rys pasted | |
| dhartmei (~dhartmei@cable-ggar48-183.intergga.ch) (Switzerland) | ||
| ircname : Daniel Hartmeier <daniel@benzedrine.cx> | ||
| channels : @#openbsd #compsci @#unixhelp #atheism @#C++ @#c/c++ @#cryptonomicon @#informatik | ||
| server : irc.light.se (It's alive, it's AAALIIIIVEEE) | ||
*** OBSDCMNT : ke4p n0te of th1z guy hez supr l4me *** | ||
laggn | DesertFox : exploit using ddb | |
rys | regarding that sploit on packetstorm, obviously the author doesn't know what a "local root exploit" is | |
DesertFox | hmm...the advisory insults openbsd, and says NT and Linux are better. | |
rys | a local root exploit is not the ability to "crash the kernel" | |
SignOff m3th: #OpenBSD (Read error 73: Connection reset by peer) | ||
rys | christ i could do that with a fork bomb | |
*** OBSDCMNT : u k0uld r00t obsd w/ a f0rkb0mb ? *** | ||
dew_freak [~dewfreak@ws037.bt.reshall.wwu.edu] has joined #openbsd | ||
laggn | ...rloxley..is that supposed to be robin loxley as in robin hood? | |
DesertFox | rys: perhaps the advsory is fake? | |
SignOff binfalse: #OpenBSD (Ping timeout: 180 seconds) | ||
DesertFox | rys: otherwise the author likes to bs everything. | |
rys | the author says that after crashing you can use ddb to debug and gain access | |
laggn | DesertFox : im having a hard time finding it on the athor's site..do you have a url? | |
SignOff [rew]: #OpenBSD (irc^BN^B 7.24 + 7.0 for mIRC (2000/03/17 22.00)) | ||
rys | which is dumb because the system won't drop to ddb unless you have it setup to do so | |
rys | plus, if you have physical access to the box you can boot -s | |
rys | and then change the root password.. | |
DesertFox | laggn: didn't see a url... | |
rys | so.. | |
laggn | DesertFox : they list themselves as coming from hackphreak.org but there is nothing on that site | |
DesertFox | rys: you have to HAVE physical access to use ddb right? | |
DesertFox | laggn: perhaps the advisory is a hoax? | |
rys | DesertFox: after a kernel crash, i do believe so, unless we're talking about the sparc version and you have a remote console via a console server | |
DesertFox | rys: never seen a sparc, never used a spark... | |
DesertFox | oops, "sparc" | |
nikhouri [nikhouri@hyrule.student.syr.edu] has joined #openbsd | ||
rys | sparcs have the ability to use a com port as console instead of a monitor/keyboard | |
laggn | DesertFox : i don't know..i mean, they don't have anything on their site (it reads like a corp. brochure), and whats the difference between this and booting -s? | |
DesertFox | laggn: um...it requires crashing the kernel? | |
SignOff dhartmei: #OpenBSD (Read error: 54 (Connection reset by peer)) | ||
rys | laggn: probably nothing.. the advisory mentions that you'll need to have physical access..which is quite lame. | |
DesertFox | therefore, this advisory is... | |
dhartmei [~dhartmei@cable-ggar48-183.intergga.ch] has joined #openbsd | ||
DesertFox | pretty much harmless | |
~el81 | Doesn't seem harmless if any user can crash my OpenBSD though, damnit | |
laggn | DesertFox : i guess the code needs to be tested and we'll find out its validity (regardless of how convoluted it is) | |
dhartmei | well, it crashes 2.7 release :) | |
rys | ~el81: any user can crash your openbsd.. fork bomb baby | |
mode/#openbsd [+o dhartmei] by Ambrose | ||
the_gh0st | rys: true, but setting proccess limits could prevent that. a user can crash any os that way anyhow heh | |
~el81 | What about fork bomb protection? | |
opcode | spuug: kdb? | |
DesertFox | dhartmei: what about 2.8? | |
dhartmei | don't have a -current system ready to test | |
~el82 | it crashed my 2.6 box.... | |
rys | ~el81: try setting a ulimit | |
~el81 | Yeah I tested on all of my OpenBSD & one NetBSD, crashed them | |
SignOff pent: #OpenBSD (ircII EPIC4-0.9.1 -- Accept no limitations) | ||
rys | i'm looking at the code right now.. | |
rys | it's small enough to figure out | |
*** OBSDCMNT : th1s guy k4nt figure it 0ut h4h4 watch u'll s33 *** | ||
laggn | man, how could they even mention NT? and are they mentioning linux to cover their bases? | |
dhartmei | they call it a remote exploit: "log in to the remote host, download exploit, run it", lol | |
SignOff nikhouri: #OpenBSD (^BBitchX^B: the choice of a GNU genertion) | ||
DesertFox | this advisory is just really, really funny. | |
rys | uhm | |
rys | it's a fork bomb | |
nikhouri [nikhouri@hyrule.student.syr.edu] has joined #openbsd | ||
rys | fd = open(argv[0], O_RDONLY) | |
~el82 | how is a security hole "funny" | |
rys | fstat(fd) | |
rys | (get the file name) | |
rys | write it to a file | |
dhartmei | and a reference to obecian :) | |
rys | then execute that file | |
rys | well write it's own name to a file | |
rys | then execute it | |
rys | so it's just a bloat program | |
rys | see the execlp at the end? | |
*** OBSDCMNT : execlp() fork() bomb? h4m! *** | ||
~el81 | It's just a fork bomb? Doesn't say so in the adv, and doesn't seem to be | |
rys | read the code | |
~el81 | I did, I don't see fork() in there | |
rys | all it does is stat itself for it's own name | |
rys | well okay it doesn't fork | |
spuug | I'd like to see a pipe(2)bomb. | |
rys | but imagine a program execing itself over and over again | |
*** OBSDCMNT : eye'm im4g1n1ng 1t, d0eznt se4m 2 b s0 b4d *** | ||
laggn | hrm, its dinner time, and i am glad that the advisory is just an advertisement for themselves | |
dhartmei | yes, the comments are just utter BS :) | |
laggn | nite all and thanks for pointing me in te right direction rys | |
rys | laggn: np | |
DesertFox | ~el82: no, the way it's written, i'm not say the exploit is funny. | |
SignOff laggn: #OpenBSD (take care :)) | ||
~el81 | My boxes all have dropped into ddb | |
rys | ~el81: but to access ddb you need to have physical access to the boxes | |
~el81 | Yes I know | |
~el81 | But it's still crashing my damn box | |
rys | in which case you could boot -s anyways | |
rys | set a process and memory limit per user | |
rwxr--r-- | resource killer = forkbomb == lame | |
*** OBSDCMNT : SIL FROM ANTIOFFLINE == L4M3! BW4H4H *** | ||
~el81 | This is synonomous to that old arp cache DoS | |
rwxr--r-- | you could cat file >> file and do the same | |
*** OBSDCMNT : sure u k0uld p4l *** | ||
~el81 | Hm, damn, I guess I'll just set limits then | |
~el82 | this still crashes all my openbsd boxes... when can i see a fix? | |
rwxr--r-- | just will waste the machine's resources and eventually cause a crash ;\ | |
rys | 744: would probably take longer though | |
*** OBSDCMNT : h4kr b0nd1ng at 1tz b3st .. "744" *** | ||
~el81 | and run that forkbomb protector lkm | |
SignOff hydro__: #OpenBSD (Idle time limit exceeded) | ||
rwxr--r-- | rys true ;) i didnt see the original beginning of this thread | |
rys | ~el82: set process and memory limits per user | |
rys | 744: http://packetstorm.securify.com/0011-exploits/hp2.adv | |
rys | fake advisory | |
*** OBSDCMNT : F$KE?! *** | ||
rwxr--r-- | but from what i do see this is a forkbomb junky script kiddiot rootard script | |
*** OBSDCMNT : ur a m0r0n, *PAL* *** | ||
| rys (rys@supernal.godsey.net) (Internic Network) | ||
| ircname : Joe | ||
| channels : #openbsd #Icons_of_Vanity | ||
| server : irc.west.gblx.net (Global Crossing West Client Server) | ||
| idle : 0 hours 0 mins 12 secs (signon: Sun Nov 5 11:54:14 2000) | ||
*** OBSDCMNT : m4ybe he sh0uld b in #ic0nz_of_stup1dity *** | ||
rwxr--r-- | bbias will check it now | |
tequiare [condor@feather.net] has joined #openbsd | ||
rwxr--r-- | rys^B:^B its a stupid lame 0-day forkbomb | |
*** OBSDCMNT : 0d4y f0rkb0mb ? wh4t sc3n3 do u bel0ng 2 br0?! *** | ||
rys | 744: well it doesn't really fork but yeah your right | |
rwxr--r-- | and i still see what this has to do with openbsd | |
rwxr--r-- | rys^B:^B resrouce killer | |
rys | 744: seems to be a n advertisment for them | |
dhartmei | the only original thing about it is the description | |
DesertFox | yes... | |
rwxr--r-- | i should download it to my openbox and tinker with it but it was written really lame | |
*** OBSDCMNT : du0d ur a fukn idi0t *** | ||
rys | yeah hehe | |
DesertFox | too much bs? | |
rwxr--r-- | and i dont have time ... besides they put down obecian in it and he's cool as shit so fsck them | |
DesertFox | well, yes, that too. | |
DesertFox | :_ | |
DesertFox | oops, :) | |
DesertFox | heh | |
rwxr--r-- | theres little intellect in doing that code since you could code a perl script to open up a shitload of resources and do the same | |
*** OBSDCMNT : u #openbsd k0q sukrz r quik to the dr4w, det4ilz bub *** | ||
rwxr--r-- | without writting all kinds of funky shit in a so calle dadvisory | |
~el82 | why doesnt obsd have these ulimits by default? | |
rwxr--r-- | i should go pimpslap rloxley | |
*** OBSDCMNT : rl0xley w0uld kiq ur fukn a$$ bytch *** | ||
rwxr--r-- | ~el82^B:^B i didnt write open so i dont know | |
~el81 | Holdon guys, something is bothering me | |
DesertFox | where do you edit the settings? | |
~el81 | How could re execve()'n over and over crash your box in 1 microsecond? | |
opcode | haha he tells obecian "to hell with you" specifically.. | |
rwxr--r-- | but that advisory was half assed as shit... and to quote from the author MY GRANDMOTHER couldve done better | |
~el81 | And it doesn't even use fork | |
rys | why would you set ulimits | |
rys | i don't want my x session ending every time i run netscape | |
~el83 [~el83@~el83.net] has joined #openbsd | ||
rwxr--r-- | anyways... for those sysadmins/sec engineers/fw people I threw up a quickie primer for hardware on stopping/slowing down dos attacks | |
dhartmei | the only interesting line is "ehdr->a_data += 3;", what's that for? | |
*** OBSDCMNT : w1ll he succeed?!?!!? *** | ||
rys | see struct exec | |
rwxr--r-- | if anyone is interested its at www.antioffline.com/stoppingdos.php3 along with all my other crap | |
bugoid | where did you get those beeyootiful pictures? | |
ratcorpse | rys> 744: http://packetstorm.securify.com/0011-exploits/hp2.adv | |
ratcorpse | <rys> fake advisory | |
ratcorpse | <rwxr--r--> but from what i do see this is a forkbomb junky script kiddiot | |
ratcorpse | rootard script | |
~el81 | Hey, you're that antioffline guy? good work :) | |
ratcorpse | dude | |
ratcorpse | 1-rloxley is a retard | |
ratcorpse | 2-he cant even fucking spell | |
rys | hehe | |
ratcorpse | and its so disgusting that he mentions SSG | |
rwxr--r-- | if ( (fd = open("/dev/zero", O_RWDR)) == -0) | |
ratcorpse | Credits : www.hackphreak.org, zsh.interniq.org, www.subterrain.net | | |
ratcorpse | oh my god man | |
ratcorpse | he even mentioned US | |
rwxr--r-- | print "\nHi 3y3 4m rl0xl3y f34r my scr1pt\n"; | |
*** OBSDCMNT : y0u d0nteven kn0w C k1d *** | ||
ratcorpse | this is hilarious | |
ratcorpse | ;] | |
ratcorpse | man i feel like puking now | |
dhartmei | exec.a_data /* initialized data size */, why increase it? | |
*** OBSDCMNT : he w0nt get it, sory to sp0il the fun *** | ||
ratcorpse | the last thing i want to see is my group written in the same line with hackphreak losers | |
ratcorpse | god damnit | |
dhartmei | to consume more resources? | |
rys | possibly, proably just code bloat | |
opcode | www.sneakerz.org/~rat ? | |
rwxr--r-- | ratcorpse... sinnerz? | |
rwxr--r-- | as in coda hale's sinnerz? | |
ratcorpse | nah | |
ratcorpse | zsh | |
ratcorpse | opcode: yes | |
rwxr--r-- | ahh thought it was frmo the old sinnerz.com crew | |
ratcorpse | sinnerz is a non-technical channel tho | |
opcode | ZSH (soon) ? hah | |
ratcorpse | nah | |
rwxr--r-- | damn my typos suck | |
ratcorpse | zsh is ded | |
ratcorpse | its now lowlevel.interniq.org | |
ratcorpse | dead | |
ratcorpse | man rloxley is soo gay | |
kajar | kicks sil | |
ratcorpse | i cant believ he wrote crap like this and used ppls names to rant | |
rwxr--r-- | sup raj :) | |
kajar | just woke up ;) crazy night last night | |
SignOff marc-: #OpenBSD (Read error 73: Connection reset by peer) | ||
marc- [marc@h24-65-26-78.gv.shawcable.net] has joined #openbsd | ||
rwxr--r-- | hehe shit i didnt go to sleep till it was 7am EST | |
rwxr--r-- | and woke up at 9am EST =[ hehehe | |
hydro__ [hydro@9mm.com] has joined #openbsd | ||
ratcorpse | AHHAHAH | |
rwxr--r-- is now known as n1nor_ | ||
ratcorpse | man | |
ratcorpse | thsi shits hilarious | |
mode/#openbsd [+o hydro__] by dhartmei | ||
ratcorpse | man oh man | |
n1nor_ is now known as slutpuppy | ||
rys | haha | |
rys | it only took em a few moments to notice there was an execlp at the bottom | |
*** OBSDCMNT : y4h du0d m0st people m1ss th4t *** | ||
ratcorpse | dude | |
rys | and the funny part is at the top..#define CRASH_FILE "./f0rKb0mB" | |
*** OBSDCMNT : d1d we fo0l u fatboy? *** | ||
ratcorpse | that guy is a fucking moron | |
rys | hahah | |
ratcorpse | i cant believe he even put caddis and obecian | |
slutpuppy | pfffttt what a fucknut | |
ratcorpse | no shit | |
ratcorpse | ZSH soon | |
ratcorpse | HAHAHHAH | |
ratcorpse | yah shuuure we need some 50 year old 800 lbs morons to code warez with us ;] | |
mbhochha [~mbhochha@worm.student.syr.edu] has joined #openbsd | ||
dhartmei | i like the explanation of why this is a _remote_ exploit best | |
DesertFox | should we chagne the topic to this? | |
*** OBSDCMNT : eye w1sh u w0uld *** | ||
opcode | dhartmei: yes me too.. it all makes so much sense after his 3 point explanation.. | |
ratcorpse | Theo de Raadt and the OpenBSD Team | |
ratcorpse | Paedophiles | |
ratcorpse | Rascists | |
ratcorpse | dude | |
ratcorpse | see what a fuckign moron he is ,, he cant even spell 'racist' correct | |
DesertFox | maybe it's because he can't hack OpenBSD! | |
ratcorpse | dude | |
ratcorpse | he cant even root his own box | |
DesertFox | haha | |
ratcorpse | he knows 0 | |
rys | hehe i bet he can | |
rys | boot -s | |
DesertFox | i'm still learning... | |
ratcorpse | hes a 50 somehting year old 800 lbs guy | |
ratcorpse | i saw him at defcon | |
~el81 | Haha, yeh topic'n this dumb adv would be funny, like dissing the morons who wrote the adv | |
rys | ratcorpse: are you serious? | |
DesertFox | that's very scary... | |
DesertFox | especially the fact that a 50 year old wrote this... | |
opcode | Assume the location of the box which crashed (@ the colo) ? | |
opcode | is he suggesting you break & enter? | |
ratcorpse | rys: i swear to god man | |
dhartmei | if you look at the typos in the comments, it looks like the author is german, and there were peoples that complained here and on the mailinglists that they were not 'properly informed' about the patches. | |
*** OBSDCMNT : d4mn, wh0 fukn c4rez? *** | ||
ratcorpse | he even has some pics public | |
ratcorpse | i can understand why he talks shit to zsh but i have no idea why he talks shit to obecian | |
DesertFox | move off the advisory for a second, i'm wondering if you have denied access to finger, how do you make it show another filek, instead of "Connection Refused" | |
ratcorpse | like | |
ratcorpse | hes old enuff to be obecians grandfather and obecians left nut has more skill than 100 ppl like him | |
DesertFox | obecian seems like a very nice person. | |
DesertFox | i've talked with him a few times. | |
pent [dschwarz@house.beats.org] has joined #openbsd | ||
spuug | It must be the fog in Ocean Beach. | |
datawar [~dw@esefin1.essex.ac.uk] has joined #openbsd | ||
SignOff gaurdian: #OpenBSD (Ping timeout: no data for 246 seconds) | ||
ratcorpse | packetstorm is gay for letting him submit this shit | |
*** OBSDCMNT : y0u are g4y *** | ||
slutpuppy | or echo "i am leet" > /tmp/file | |
DesertFox | wait, how do you make it dislpay a text file? | |
ratcorpse | ;] | |
slutpuppy | finger stream tcp nowait root cat /tmp/file | |
DesertFox | okay. | |
DesertFox | thanks | |
nikhouri [nikhouri@hyrule.student.syr.edu] has left #OpenBSD [] | ||
~el81 | Damn, I set limits etc, and it still crashs my OpenBSD's | |
~el81 | bbl | |
ratcorpse | <jimjones> how can you greet SSG and say fuck you to obecian | |
ratcorpse | HAHAHH | |
slutpuppy | hahahahahahahahahahahahahaha | |
slutpuppy | http://www.attrition.org/mirror/attrition/2000/04/16/www.i-need-help.com/ <--- rloxley the hacker | |
slutpuppy | pfft script kiddiot | |
john | sigh. | |
rys | john you been watching? | |
rys | hehe | |
john | No. | |
mode/#openbsd [+m] by john | ||
john | woo. | |
mode/#openbsd [+o kahl] by john | ||
toor | john | |
toor | bend over dude | |
mbhochha [~mbhochha@worm.student.syr.edu] has joined #openbsd | ||
john | ;9 | |
toor | i have a hard something to shove up in your gaping orifice | |
mode/#openbsd [-m] by john | ||
john | n0 thx! | |
toor | plz :( | |
toor | its not like 90% of #OpenBSD hasn't been there :P | |
toor | brb ;) | |
rys | john you seen the fake advisory on packetstorm? | |
*** OBSDCMNT : F4KE?! *** | ||
john | No. | |
john | URL? | |
rys | http://packetstorm.securify.com | |
rys | top right column (hp2.adv) | |
rys | it's a resource eater | |
*** OBSDCMNT : UR N0T 2 SM4RT *** | ||
john | That mouseover shit is lame. | |
ratcorpse | ddue its so gay | |
ratcorpse | packetstorm releases anythig u send | |
ratcorpse | w/o checking | |
rys | hehe i released something on the original packetstorm and the guy posted it | |
rys | lame perl script.. he even thanked me.. | |
rys | then antionline killed it | |
ratcorpse | the funniest part his where he greets ssg and says fuck you to obecian | |
rys | heh | |
ratcorpse | hahahh | |
ratcorpse | rloxgay is tryint to rant on our name | |
ratcorpse | and slander us | |
ratcorpse | ;thanks for zsh for the scripts' heh | |
*** OBSDCMNT : AREN'T Y0U ALRE4DY SL4ND3RD?! *** | ||
slutpuppy | welp... mickeysoft was owned again it seems | |
slutpuppy | hehehe http://www.infoworld.com/articles/hn/xml/00/11/03/001103hnhacker.xml | |
john | What the hell is the deal? | |
nosaj [jason@codemonkey.net] has joined #openbsd | ||
john | haha. | |
john | 4: NO ADVERTISING IN THE CHANNEL OR IT'S TITLE BAR. | |
john/#OpenBSD sends grammar.clue -> hackphreak.org | ||
slutpuppy | sorry john | |
slutpuppy | doh i thought you mant me for posting that url | |
john | Well. | |
john | You fuckers can't put a sentence together either. | |
rys | haha | |
mogambo | heh | |
SignOff xdm: #Phrack (Ping timeout: 180 seconds) | ||
shinobi [shinobi@naughty.monkey.org] has joined #openbsd | ||
ratcorpse | john did you seee the fake advisory | |
ratcorpse | man i dont know what this retard is trying to do | |
john | What's fake about it? | |
rys | it claims to be a remote exploit | |
ratcorpse | look at the code man | |
rys | it's just a resource eater | |
ratcorpse | if you look at the crap he wrote in the beginning ull see its fake | |
ratcorpse | before you even see the code | |
dhartmei | read the explanation of why it's supposed to be a remote exploit :) | |
ratcorpse | SG helped during the researching of the bug (bind, aempire, cripto) | |
ratcorpse | I would like to thank RootShellHackers and Team ZSH for rigorously testing on many freenets :] (ratcorpse and her great mass testing | |
ratcorpse | scripts, great for analysis: www.sneakerz.org/~rat < great site :) | |
ratcorpse | lies | |
ratcorpse | he put us and gay deface kids together in the same sentence | |
ratcorpse | he even put solar designer | |
ratcorpse | and i never coded a mass resolution script | |
ratcorpse | its jim's script | |
ratcorpse | haaahah | |
*** OBSDCMNT : at th1s point im gonna st0p doing commentz *** | ||
SignOff mbhochha: #OpenBSD (Ping timeout: 180 seconds) | ||
ratcorpse | that idiot is just senile | |
dhartmei | so, packetstorm publishes any submission without checking it at all? so much for that. | |
ratcorpse | Basically, if the (sz & (PAGE_SIZE-1)) is true, the kernel | |
mmap` | I was wondering | |
ratcorpse | panic()'s. Not so cool Mr. Theo, my grandmother wouldn't even have | |
ratcorpse | done something so stupid and all she has is an A+ and CCNA! | |
mmap` | how come bind9 coredumps in a chroot | |
ratcorpse | thsis is hilarious man | |
mmap` | like chroot /home/dns /bin/named -u -g, it runs, 4 secs after, it cored umps. | |
mmap` | heh | |
john | du0d. | |
rys | mmap: opcode is looking at the same thing | |
~el81 | i looked into the technicalities of the bug and rloxley is DEAD on | |
~el81 | When can I expect a patch? | |
mmap` | I think the problem is the new thread implementation | |
rys | ~el81: christ, for the 10th time, set ulimits | |
mmap` | if i run the chroot as root user, it doesnt break | |
~el81 | I mean, my servers will go down in a heartbeat. | |
~el81 | How can I fucking set limits on a kernel bug? Jesus | |
mmap` | uh? | |
mmap` | the fuck is wrong? | |
rys | ~el81: it's not a kernel bug, set process limits per user and it'll log your user out before the program can fork bomb | |
rys | unless, that is, if you're root. | |
~el81 | For god sakes man, it's not a fork bomb, I've looked at the code. I see no fork() | |
mmap` | it could be a loop | |
rys | are you fucking retarded.. read the code. it executes itself until it users up all availible memory | |
rys | mmap: packetstorm.securify.com openbsd "advisory" on the top | |
rys | it's fake | |
~el81 | If you had an ounce of clue, I would continue talking to you | |
mmap` | uh | |
~el81 | Where is John, he himself even said it is not fake | |
mmap` | ~el81, g0 tr4d3 w4r3z, wh3r3z y3r c0ur13r | |
mmap` | ?! | |
rys | ~el81: i do have a clue. do you even know c/c++ | |
~el81 | I'm being serious, sorry I'm being angry | |
mmap` | rys, where it is? | |
~el81 | rys, sorry just calm down | |
mmap` | give me link | |
[4mat] [k5@dialin-12-212.montreal.primus.ca] has joined #openbsd | ||
john | * Log into the remote host | |
[4mat] | can anyone help me install OpenBSD, man this is getting on my nerves . | |
john | haha. | |
john | * Log into the remote host | |
mmap` | 4mat, read docs | |
tashie [~natasha@nic-25-c112-244.mn.mediaone.net] has joined #openbsd | ||
dhartmei | nice, eh? | |
john | * Grab our exploit | |
john | ... | |
tashie | Evenin all. | |
rys | http://packetstorm.securify.com/0011-exploits/hp2.adv | |
[4mat] | mmap` from ? | |
john | Three years without a remote hole? Strike that. | |
mmap` | www.openbsd.org/faq | |
[4mat] | shit | |
dhartmei | wonder what a local hole is, compared to that ;> | |
[4mat] | i switched to open bsd cause no exploit | |
[4mat] | that's mad ghey | |
mmap` | we are not msnhelp, read it, if you got a non documented question, we will help. | |
[4mat] | just got rooted yesterday | |
rys | it's not an exploit | |
rys | i wish someone would explain the code, it's just a resource eater | |
slutpuppy | rys i dont know why your bothering with these rootards | |
rys | slutpuppy: i wonder myself. | |
tashie | I was lookin for someone named cakespoon or something like that | |
tashie | he invited me to kinda join | |
tashie | is he still here? | |
slutpuppy | int ptr* /* er3et codinh */ | |
tashie | w/a different nick? | |
tashie | sorry to bother ya'll | |
slutpuppy | if (Fork() == 0) { | |
slutpuppy | ... | |
slutpuppy | } | |
slutpuppy | ... | |
dhartmei | rys: i now understand it pretty well, it's pretty much the same as a "execlp(argv[0], 0);" | |
slutpuppy | printf "\n 3y3 y4m rl0xl3y\n"; | |
rys | dhartmei: yeah that's about it | |
SignOff ar: #OpenBSD (Hmmm. EPIC4-0.9.10-SSL has another bug. Go figure...) | ||
rys | he just bloated it | |
tashie | Ok I tried... if u know him... thanks | |
tashie [~natasha@nic-25-c112-244.mn.mediaone.net] has left #openbsd [] | ||
dhartmei | which i would call a fork bomp even though it's not using fork(), even the author used the term 'f0rk' | |
ratcorpse | i think its not rloxgay who wrote this shit | |
rys | hmmm my front door is wedged open | |
ratcorpse | its someone else who tried to fuck with us, ssg, teso and rloxgay | |
ratcorpse | ;] | |
rys | (apartment complex).. guess i don't have to log out after all | |
mmap` | rys, lol that code is mad newbie | |
rys | mmap`: no shit.. it's just funny that it got posted to packetstorm | |
~el83 [~el83@~el83.net] has left #openbsd [] | ||
rys | it's even funnier that there are still clubies in here that are asking when we're going to have a patch | |
mmap` | ya | |
mmap` | lol | |
dhartmei | i'm beginning to think their trolls | |
mortay [rifug@rifug.org] has joined #openbsd | ||
dhartmei | they're, even | |
mortay | anyone play red alert 2 online here? | |
mmap` | forkbomb doesnt mean the fork() function is being used, it means something is taking up resources | |
mmap` | send me red alert and ill be glad to play. | |
mortay | mmap`^B:^B hmm, its two cd's | |
ratcorpse | rys: packetstorm is retarded and they dot check codes. they just look at the name | |
mmap` | mortay, ic. | |
ratcorpse | u can defeat fork bombs in solaris | |
ratcorpse | i dont know know about obsd | |
mortay | can i | |
ratcorpse | u can limit stuff in /etc/system | |
mmap` | another thing that makes me laff | |
mmap` | is the lame faqs on security focus | |
ratcorpse | yah no shit | |
mmap` | they have like part I, then part II is the same as part I | |
mode/#openbsd [+m] by john | ||
john | Anyone mind? | |
mode/#openbsd [+oo shinobi nosaj] by john | ||
mortay [rifug@rifug.org] has left #openbsd [] | ||
mode/#openbsd [+o jethro] by john | ||
SignOff dew_freak: #OpenBSD (Dead socket) | ||
fatal [~gem@193.10.185.3] has joined #openbsd | ||
SignOff batz_: #Phrack (Idle time limit exceeded) | ||
john | Wendy's is looking good. | |
john | Be right back. :) | |
john | http://www.makintosh.com/~john/Misc/rloxley.txt | |
dhartmei | john: grammer? lol | |
john | I know. | |
john | "it's" | |
john | heh. | |
~el82 | theo, anyone: when can i expect a patch for the attack described in the 'hackphreak advisory' | |
dhartmei | re packetstorm: "Thanks for the mail! I really should have read it much more carefully, it was added in a hurry. -Alan", and gone it is :) | |
rys | obecian: hey you seen the advisory? | |
rys | heh mmap`.. packetstorm removed the advisory | |
mmap` | haha | |
mmap` | lol | |
mmap` | about time.. | |
rys | i had it bokmarked.. it's gone | |
rys | mmap: hey http://www.hackphreak.org/admin/ if you ever want to hack theirchannel | |
rys | ratcorpse: heh trying to get a copy of the "advisory" from undernet | |
rys | haha | |
ratcorpse | they rm'ed it from packetstorm | |
mmap` | haha | |
ratcorpse | cauzsei i found ho wrote it | |
ratcorpse | he denied it | |
ratcorpse | and it was gone with jet speed | |
mmap` | who wrote it. | |
ratcorpse | http://sneakerz.org/~rat/hp2.adv | |
ratcorpse | rash akd m1x of security.is | |
ratcorpse | security.is guys are very upset about it | |
john | ratcorpse, quit. | |
john | I've heard enough of that shit. | |
mmap` | lol | |
ratcorpse | we suspect some other ppl but hat guy is the one who wrote it most likely since the article is 'gonew' right afteer everyone yelled at him ;] | |
rys | ratcorpse: haha | |
ratcorpse | john: ok | |
mmap` | echo penis > penis ; while (true) ; do cat penis >> penis ; done is also forkbomb | |
mmap` | its lame. | |
john | From: rloxley <rloxley@HACKPHREAK.ORG> | |
john | Subject: OpenBSD Exploit | |
john | toor^B:^B BUGTRAQ@SECURITYFOCUS.COM | |
john | moron. | |
no_pants | john: what's happening? bogus bug ? | |
john | hahaahah. | |
john | A very smart attacker will: | |
<john> | ||
john | * Crash the kernel | |
john | * Assume the location of the box which crashed (@ the colo) | |
john | * Use DDB to gain god status | |
mmap` | john, HAHAHA | |
zothorn | john: yeah, i read that. But a real smart hacker will somehow remove log entries so he doesn't get arrested | |
aKt0r | HEH | |
aKt0r | new openbsd hole released | |
whoops | "hole" | |
aKt0r | potential remote exploit | |
whoops | more like local DoS. | |
aKt0r | by the looks of it yeh | |
aKt0r | a very sarcastic advisory towards the openbsd guys | |
whoops | indeed. | |
whoops | all it does is provoke a panic, though. | |
niles [milford@snow.cs.siue.edu] has joined #openbsd | ||
no_pants | so | |
no_pants | they wanted a panic | |
no_pants | now they got it | |
aKt0r | have u tested it ? | |
whoops | Yeah. The box panic'ed and booted. | |
whoops | as expected. | |
freite | 'Once the system has crashed, a local user (with access to the terminal) may in fact hack the system.' <--- ummm | |
no_pants | hahahah | |
no_pants | console access | |
no_pants | can't you mark console as insecure ? | |
rewben [~rewben@d141214.dtk.chello.nl] has joined #openbsd | ||
ratcorpse | aKt0r: its gone | |
freite | well..you have access to the kernel debuger | |
whoops | that is, _if_ the kernel is compiled to drop into DDB on panic. | |
no_pants | what's DDB ? | |
kkenn [kris@citusc17.usc.edu] has joined #openbsd | ||
whoops | debugger | |
ratcorpse | its some idiot kid who was pissed at zsh, ssg , teso and obsd alltogether | |
ratcorpse | hmm | |
ratcorpse | btw | |
freite | i have ddb.panic=0 | |
kkenn | NEWSFLASH! You can root an openbsd box if you have access to the serial console and it's got DDB in the kernel! :-) | |
ratcorpse | is there anything like solaris /etc/system in obsd that u can tune stuff with? | |
zb^3 | i'm on thier channel | |
zb^3 | we're trying to find out how you telnet into DDB on OpenBSD | |
zb^3 | :) | |
genecyst | wow, #hackphreak is amazingly lame | |
whoops | http://www.realweasel.com/ | |
whoops | (nice cards :) | |
kkenn | genecyst: :-) | |
SignOff newsham: #Phrack (zzz) | ||
defile | I can see why, it's got like seven people in the channel | |
defile | 6 now ;-) | |
kkenn | <vac_> tomorrow attrition is going to be filled with defaced openbsd sites | |
whoops | lol | |
`Athlon | So what there is a big fucking bug in it? | |
Feanor_ | unfortunately realweasel cards are 250$/pop | |
nosaj | vac_ must be portraying some sarcasm.. he knows better | |
aKt0r | is openbsd2.7 vuln to it ? | |
whoops | aKt0r: yes. | |
genecyst | the funny thing is rloxely used Outlook to mail the advisory | |
genecyst | talk about security holes... | |
whoops | this is what I got, btw, after rebooting | |
whoops | Nov 6 07:48:02 wintermute savecore: reboot after panic: AMAP_B2SLOT: invalid by | |
whoops | te count | |
no_pants | uhm | |
no_pants | get this | |
no_pants | you don't need realweasel cards | |
no_pants | some of the new intel 2u rack mount chassis | |
no_pants | you can set up in the bios to use the serial port instead | |
Feanor_ | no_pants: but that shit is even more expensive | |
zb^3 | yupp | |
zb^3 | we do that | |
SignOff vac_: #Phrack (I'm too lame to make a quit message) | ||
Feanor_ | oh that ya...but you can't use a serial port to reboot a misbehaving box | |
no_pants | feanor: not really | |
zb^3 | i hope we don't get rooted through this 'DDB' thing | |
no_pants | the intel 2u shit | |
`Athlon | At lest they cant do that if they dont have acess to the box | |
zb^3 | T ALEPH1 PLZ BE ALLOWING POSTS FROM NORMAL USERZ AND NOT JUST SKRIPT KIDDIEZ K PLZ THNX | |
Feanor_ | aleph's getting lazy ;P) | |
zb^3 | heh | |
zb^3 | #openbsd jerkcity'd aleph a couple of weeks ago | |
lumpy_ | rloxely seems to think all exploits are remote exploits | |
SignOff kyoorius: #Phrack (Leaving) | ||
ratcorpse | dude | |
ratcorpse | its not rlox who wrote it | |
ratcorpse | its some gay kid | |
ratcorpse | he knows what hes doing, he wrote it to bash ppl but it backfired anyway | |
no_pants | rloxely is gonna get dos'ed | |
ratcorpse | it is NOT rloxlyt | |
ratcorpse | damn | |
no_pants | i hope someone roots his ass and reports to bugtraq howmuch of a moron it is | |
genecyst | hah, that would just be lame | |
ratcorpse | the kid who made it is a .lifeless dork | |
ratcorpse | i mean | |
ratcorpse | whatever john will kb me if i keep talking about this shit | |
ratcorpse | no comment | |
lumpy_ | well, that all makes sense now | |
SignOff rewben: #OpenBSD (gotta go) | ||
mindsport [mind@talon.darkshadow.org] has joined #openbsd | ||
zb^3 | i'm making a yahoo club for rloxley fans | |
lumpy_ | because the last time ive seen people talking to rloxley | |
lumpy_ | he didnt seem to know very much | |
aKt0r | somebody might have ripped him off | |
genecyst | haha | |
zb^3 | #openbsd forges a post from alpeh1 to bugtraq about the evil ctrl+alt+esc break to DDB sploit on freebsd! | |
zb^3 | fear | |
aKt0r | lol | |
aKt0r | did someone dos everyone with the new sploit | |
aKt0r | ? | |
SignOff cpt: #Phrack (moff moff) | ||
defile | not that I know of | |
sizaym | indeed | |
aKt0r | probably coded a quick script | |
bind [bind@subterrain.net] has joined #openbsd | ||
aKt0r | bind heh | |
seifried | splork time | |
bind | god. | |
bind | how rediculous | |
aKt0r | the new sploit worked fine in a shell script against all the bots :P | |
bind | dude, you dont know what the fuck you are talking about. | |
bind | you have been misinformed. | |
aKt0r | hah | |
SignOff drkspyrit: #Phrack (Read error: 54 (Connection reset by peer)) | ||
SignOff Lionel_: #Phrack (Ping timeout: 240 seconds) | ||
seifried | fresh pooh | |
ratcorpse | * zb^3 forges a post from alpeh1 to bugtraq about the evil ctrl+alt+esc | |
ratcorpse | break to DDB sploit on freebsd! | |
Figz | BAHA, everyone read this: | |
Figz | From: rloxley <rloxley@HACKPHREAK.ORG> | |
Figz | Subject: OpenBSD Exploit | |
Figz | To: BUGTRAQ@SECURITYFOCUS.COM | |
Figz | Man, that group gives OpenBSD-haters a bad name. | |
zb^3 | hehe | |
zb^3 | T FIGZ KAN U SHOW ME HOW TO COMPILE DDB INTO MY KERNEL K PLZ THNX?? | |
Figz | heh | |
zb^3 | T FIGZ WHAT PORT IS 'DDB' ON IN OPENBSD | |
zb^3 | ???? | |
Figz | I especially like the bit about it being a "remote hole".. | |
Figz | You see, just log in remotely, crash the kernel, drive out to the colo, repair all the vm damage from ddb, set euid to 0 in some shell, set the system running again. | |
Figz | Hmm, oh yea, "remote hole"! | |
Ober_ | ok made it | |
Ober_ | is there a security mailing list for obsd? | |
Ober_ | I would prefer to remove myself from bugtraq for obvious reasons | |
code9 | today openbsd local dos released from bugtraq | |
Ober_ | heh | |
Ober_ | did not see one | |
Ober_ | :) | |
freite | is there a patch for the DOS? | |
Ober_ | which dos? | |
Ober_ | I did not see a reference to obsd this morning. | |
code9 | http://www.securityfocus.com/templates/archive.pike?list=1 | |
code9 | openbsd exploit article | |
Ober_ | so what is the exploit. | |
Ober_ | I can not click on the adv file without it wanting to d/l it. :( | |
SignOff renz: #Phrack (Ping timeout: no data for 250 seconds) | ||
Tal_ is now known as Kaki | ||
StJohn | What? The panic-thing? | |
rewben [rewben@d131204.dtk.chello.nl] has joined #openbsd | ||
dhartmei [~dhartmei@cable-ggar48-183.intergga.ch] has joined #openbsd | ||
SignOff rewben: #OpenBSD (Client Quit) | ||
Ober_ | #openbsd does not see the exploit | |
Ober_ | http://just.rtfm.net/things_that_kill_bsd/ | |
Ober_ | time to add this new one | |
Ober_ | so how the hell is this a "remote" exploit? | |
Ober_ | #hackphreak has too much of an agenda. | |
dhartmei | still arguing about the fake exploit? :) | |
Ober_ | is it fake? | |
Ober_ | I have not tried it yet | |
dhartmei | the one that was remove from packetstorm? yes, for exactly that reason. | |
code9 | Ober,me too | |
code9 | #hackphreak article - Section 5 [TO HELL WITH YOU'S]: | |
code9 | Theo de Raadt and the OpenBSD Team | |
Ober_ | yeap | |
Ober_ | "get root remotely" | |
Ober_ | haha | |
code9 | what's mean? | |
code9 | "get root remotely"? | |
Ober_ | yes | |
torqumada [anonymous@paladincorp.com.au] has joined #openbsd | ||
Ober_ | it means that they say you can get root on openbsd with this exploit remotely | |
Ober_ | dropping a box to ddb from a ssh login does not count as root | |
Ober_ | :) | |
seiki [seiki@chaotic.darkmind.org] has joined #openbsd | ||
Ober_ | if it does actually crash it, then its still a local dos | |
seiki | morning | |
Figz | I haven't been able to make it work. | |
Ober_ | morning | |
dhartmei | it's a simple execlp() bomb, aka forkbomb | |
Ober_ | hey figz | |
Ober_ | figz the bomb? | |
dhartmei | Figz: remove the user limits :) | |
Ober_ | so its not a real uvm bug? | |
Figz | There may well be something to it, but that exploit isn't even close to doing anything weird or dangerous. | |
Ober_ | hell I got some of those | |
dhartmei | no, it's completely fake | |
Figz | Read the exploit, it does nothing. | |
Ober_ | http://just.rtfm.net/things_that_kill_Bsd | |
Ober_ | http://just.rtfm.net/things_that_kill_bsd | |
code9 | dhartmei,Figz, hi | |
code9 | fake? | |
Figz | ober, is that the one on bugtraq last night? | |
Ober_ | figz the ones I have no. | |
Ober_ | but some of them do the same thing | |
Figz | what? | |
Figz | same thing as the one on bugtraq? | |
Ober_ | I have a sh script that | |
Ober_ | will | |
Figz | wtf are you talking about, the one on bugtraq doesn't do anything at all | |
Ober_ | well same sort of resource exhaustion | |
Ober_ | mine are mbufs | |
Ober_ | figz ahh.. | |
seiki | #openbsd tested it.. did nothing | |
Figz | "yours" are mbufs? what does this have to do with the one on bugtraq? | |
Ober_ | http://just.rtfm.net/things_that_kill_bsd | |
code9 | dhartmei, this article is only fork bomb? | |
Ober_ | you said that what they had was just a forkbomb. | |
Figz | ober, I saw the url, you haven't answered my question | |
Figz | I said no such thing. | |
Ober_ | ok. | |
Figz | show me where I said this | |
Figz | and answer my question | |
dhartmei | code9: i'm not sure we're talking about the same one. but yesterday there was much chattering about one one packetstorm that was completely fake, well, just a forkbomb with exaggerated comments (not remote) | |
SignOff tequiare: #OpenBSD (Ping timeout: no data for 247 seconds) | ||
Ober_ | sorry it was dhartmei that said it | |
code9 | dhartmei, aha | |
Ober_ | <dhartmei> it's a simple execlp() bomb, aka forkbomb | |
Figz | dhartmei, the "exploit" on bugtraq last night doesn't even work as a for kbomb | |
Vik_ [~co@213.237.17.39] has joined #openbsd | ||
Ober_ | and I was just commenting that I had a collection of simular scripts | |
Figz | it would need to write its image back out to a file first | |
Figz | it doesn't do that | |
Ober_ | ok. I stand corrected. | |
Figz | instead it casts the data to a struct exec, and then does nothing with that pointer | |
Figz | ie, it's totally useless, does nothing | |
Figz | is not obvious how it COULD do anything | |
dhartmei | oh, there are several, then. a DoS on this channel, at most :) | |
code9 | dhartmei, openbsd able forkbomb attack | |
Vik_ | is 2.8 out ? | |
code9 | use ping | |
dhartmei | they sound related, they posted to bugtraq first, then extended it and posted it to packetstorm, it seems. the one on packetstorm did execlp() a copy endlessly. | |
seiki | 2.8 is due out dec 1st. | |
Vik_ | it says on the web page under errata that it is 2.8 | |
Vik_ | yeah | |
Ober_ | they say it was a prank | |
Ober_ | <p0lar> freebased he listen, you shouldnt take that bugtraq thing too serious, its some prank thing against rloxley heh | |
dhartmei | code9: of course you can forkbomb on obsd, if you don't set user limits. i crashed myself running the thing as non-limited user :) | |
dhartmei | code9: the same code works on nearly any unix, including Linux for instance. it's a prank. | |
StJohn | freite: Oh. | |
code9 | dhartmei,yep | |
Vik_ | there is no major change in 2.8 except new drivers , bug fixes ? | |
gaius [info@plan9.hert.org] has joined #phrack | ||
gaius:#phrack | hey! | |
SignOff Pie: #OpenBSD (^B[^BBX^B]^B The birds kept calling his name, thought Caw) | ||
krapht [~krapht@ikarus.hardboiledegg.com] has joined #openbsd | ||
gaius:#phrack | jakarta rules | |
Ober_ | figz it works? | |
gaius:#phrack | if you are interested in remote work or coming here fucking some indonesian pussies.. send bio resume to acz@hert.org | |
gaius:#phrack | ^G | |
*** OBSDCMNT : shutup fukko *** | ||
noppa | openbsd: (clueless admin required to add holes) | |
is- | (if you have read through this you have now more reason to switch to Linux). | |
is- | hahahahahahahhhhh | |
Figz | We don't get ctcp floods here.. when this channel gets attacked it's usually DDoS... | |
Ober_ | figz did you ever find how to "fix" the bugtrack "sploit" so that it did anything at all? | |
Figz | ober, the "fix" is "include <sys/stat.h>" | |
Ober_ | ahh | |
Figz | I just pasted when I was trying it out. | |
Figz | pastoed even | |
Ober_ | that would just prevent it from compiling thought right? | |
Figz | that is all | |
Ober_ | so it was just fud then. heh | |
Figz | no, the exploit works | |
Ober_ | hmm | |
Figz | not enough sanity checking on the a.out header values | |
is- | I hope this advisory brings you closer to NT / Linux, rather than | |
is- | OpenBSD. Linux & NT are way better anyway. | |
coax | heh. the app guesses where a structure's data is. | |
is- | LMAO | |
seiki | what poor lost soul wrote that | |
typo [typo@ingsoc.org] has joined #openbsd | ||
Figz | it's a pretty silly post alright.. | |
Riedel [riedel@oper.irc.emory.edu] has left #openbsd [] | ||
coax | Naw. OpenBSD's the better choice. obviously. heh. | |
dhartmei | i can part when i see it split | |
Figz | #2 0xe0127465 in panic (fmt=0xe01e0170 "AMAP_B2SLOT: invalid byte count") at ../../../../kern/subr_prf.c:214 | |
Figz | #3 0xe01e062e in amap_alloc (sz=4099, padsz=0, waitf=1) at ../../../../uvm/uvm_amap.c:230 | |
Figz | #4 0xe01e0cf6 in amap_copy (map=0xe277d25c, entry=0xe277ea30, waitf=1, canchunk=1, startva=8192, endva=8193) at ../../../../uvm/uvm_amap.c:603 | |
Figz | Anyone know any irc.colorado.edu opers? That'd do for getting the channel back.. | |
wkz [wackie@freebsd.org.il] has joined #openbsd | ||
wkz [wackie@freebsd.org.il] has left #openbsd [] | ||
slutpuppy | for (i = 0; i > f0rbomb; i++) { Sem_wait(&ptr->mUtEx); printf("my n4m3 is rl0xl3y 4nd 3y3 4m a h4x0r3r %d\n") } exit(0); } | |
bugoid [bug@gecko.roadtoad.net] has joined #openbsd | ||
slutpuppy | :) hello yall | |
Soal_Reap | what ever -q does.. | |
mmap` | pthread_join() | |
dhartmei | it does what man dhcpd says | |
Soal_Reap | heheh | |
mmap` | #define NTHREADS 500 | |
mmap` | ulimit -n 600 | |
mmap` | ./fokbmb | |
f0rkbomb is now known as sil | ||
sil | www.antioffline.com/er3et.c <--- new OpenBSD advisory (shhhh) | |
fx | it was fake? i thought it was too stupid to be true | |
Pie | live | |
fx | the bug was already fixed though. | |
bind | yea, it wasnt by rloxley, ssg or anyone | |
bind | some dude named lore wrote it | |
bind | to attempt to embarrass some people | |
fx | oh, lore. | |
bind | stupid fuck | |
bind | im pretty pissed off | |
fx | lore of.. b4b0? | |
freite | Pie: www.opensound.com | |
bind | i guess so | |
bind | some stupid fuck | |
Wangster | "a smart attacker will.......... walk up to the console...." ROTFL | |
Wangster | I think if you have an attacker walking up to the console you have much larger problems... haha | |
rwxr--r-- | finished... completely done... www.antioffline.com/er3et.c | |
Soal_Reap | thnks all fer yer help | |
rwxr--r-- | someone send me a million $US now | |
rwxr--r-- | or i'll post it to bugtraq | |
| rys (rys@supernal.godsey.net) (Internic Network) | ||
| ircname : Joe | ||
| channels : #openbsd #Icons_Of_Vanity | ||
| server : irc.east.gblx.net (Global Crossing East Client Server) | ||
| away : rys - gone | ||
| idle : 1 hours 3 mins 18 secs (signon: Sun Nov 5 22:15:00 2000) | ||
~el81 | rys, What happened to all that talk of the bug being only a 'fork() bomb' and calling everyone cluebies, its valid, now give me patches | |
dhartmei | #openbsd makes fire to roast the troll | |
toor | fork bombs can be stopped by limiting resources before the shell is executed | |
~el81 | The bug on bugtraq, I first heard about it on packetstorm | |
~el81 | This really sucks people have crashed two of my machines | |
~el81 | troll? dhartmei, if I recall correctly, you also thought it was a fork() bomb | |
Figz | 0h H0, 1tz ob3ci4n.. | |
dhartmei | i still think it is. or does someone _serious_ confirm that the "ehdr->a_data += 3;" is the relevant part of the code. apart from that, it _is_ just a forkbomb, that much i can tell. | |
~el81 | Uh, earlier I saw figz confirm the a_data+=3 is the actual bug. | |
~el81 | He pasted backtrace from what I saw. | |
obecian | figz: ssg is so pissed about being mentioned in that bogus hp2.adv | |
Figz | ssg? | |
obecian | yeah the original advisory that got pulled off packetstorm within a few hours | |
obecian | subterrain | |
~el81 | You should go crash yourself again. | |
samurii [samuri@shell2.shore.net] has joined #openbsd | ||
Figz | the "advisory" showing up on bugtraq when it did probably got it fixed in 2.8 | |
john | haha. | |
Figz | so it's probably just as well. | |
obecian | figz: yup | |
~el81 | Good, it is patched in 2.8 already? | |
Figz | yea, 2.8 will be patched | |
Figz | but it was close | |
~el81 | oh, will be | |
kajar | er good god, there was actually a bug in that mess? | |
~el81 | Good they released before 2.8 at least | |
shinobi | that bugtraq post was goofy as shit | |
shinobi | ppl like to embarrass themselves there | |
kajar | that adv was totally silly, i still have trouble believing it is real | |
obecian | shinobi: yeah i wish my name wasn't on there sheesh | |
fx | Why was your name on there? | |
obecian | shinobi: the "real" advisory has me on the "fuck-you's" list for reporting the uvm bug too early to theo | |
fx | Oh. | |
~el81 | Well, all I'm saying is I need patches for 2.7, because these guys are crashing my kernel, anyone have an estimate? | |
fx | Well, it was all bull. | |
obecian | yup | |
fx | "Private release date: Nov 5, 1998". Uh, uvm wasn't even in the tree in 1998. | |
SignOff Ghostwhee: #Phrack (SendQ exceeded) | ||
toor | ~el81 - get out of the shell bizz | |
obecian | right ;) | |
~el81 | shell bizz? | |
~el81 | oh :) | |
obecian | and i never mailed theo about a uvm bug, and ssg never helped out with the advisory or code to the advisory | |
SignOff saw: #OpenBSD (night) | ||
obecian | as far as i know hackphreak didn't have anything to do with it... it's someone that is pissed cuz of xlock from a while back | |
obecian | that could only be adm in my mind | |
obecian | well whatever, as long as we got something out of it | |
xav [xavier@02-095.063.popsite.net] has joined #openbsd | ||
~el81 | Yeah toor, I had to remove three people, for crashing me every minute | |
ratcorpse | http://www.antioffline.com/er3et.c | |
ratcorpse | holy fucking cow | |
toor | eh | |
seifried | that is so incredibly ugly | |
john | ratcorpse, don't you have something better to do? | |
john | printf(*size = d%\nwOrD tO bIgBiRd 3y3 0wN ev3rYtHinG\n); | |
obecian | too much leet speak for one day =/ | |
majidf | hehe | |
SignOff obecian: #OpenBSD (end of line) | ||
Topic (#OpenBSD): http://www.openbsd.org/errata27.html#execsubr | ||
obecian | did you see the second piece of code off of www.antioffline.com | |
jZZzZZz | #openbsd sticks his long hard fat FLAG POLE into the CUNT of #hackphreak | |
obecian | shit that's horrid | |
obecian | http://www.antioffline.com/er3et.c | |
jZZzZZz | As a joke, I'm going to post a letter to Bugtraq about a new vulnerability in OpenBSD..... The one where you can walk up to the console, and take it. | |
jZZzZZz | The only solution is to use TCFS. | |
obecian | hahahah | |
SignOff datafirm: #OpenBSD (Read error: 54 (Connection reset by peer)) | ||
jZZzZZz | And of course the OpenBSD developers were hiding this from everyone. | |
obecian | five finger discount vulnerability | |
obecian | version 1.0 | |
obecian | hehe | |
jZZzZZz | I am working on it nowl. | |
jZZzZZz | does anyone have an archive of the original lame vulnerability so i can use it as a template for my lame-O advisory ? | |
SmooveB | do you want that with the 2 blank messages attached (text and html)? | |
jZZzZZz | i want the fucking advisory | |
jZZzZZz | asdasfasjfjasajsjoasojasdfojasfd | |
SmooveB | on its way | |
jZZzZZz | noi | |
jZZzZZz | i am stupid and i dont want to learn mutt | |
jZZzZZz | i am so used to pine that to switch would make my brain leak acids | |
jZZzZZz | OK, i figured it out | |
jZZzZZz | they attached the advisory as a separate tex tfile | |
jZZzZZz | - :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet - | |
jZZzZZz | | | |
jZZzZZz | | www.dqc.org/~chris | |
jZZzZZz | | | |
jZZzZZz | | Version : Leet advisory #2666 of many | |
jZZzZZz | | Author : LarFoxley[lamedork / condemned / ESP / AH / PPTP (soon)] | |
obecian | HAHAHAH | |
obecian | HAHAHAHHA | |
jZZzZZz | | Contributed : All of Team Leet (thanks alot) & UVM | |
jZZzZZz | | Topic : A non-priviledged user may gain physical access to the | |
jZZzZZz | | system, thus exploiting what is known in innner circles as | |
jZZzZZz | | "the five-finger discount" | |
jZZzZZz | | Effected : All Operating Systems which use a computer | |
jZZzZZz | | * OpenBSD, and possibly others | |
obecian | HAHAHA | |
jZZzZZz | | Prvt Release : October 1, 1995 | |
obecian | hahaha i will laugh if aleph1 lets that through | |
dxmd | AHHAHHAHAH | |
dxmd | jZZzZZz: post it to pakcetstorm too since those dorks dont check anything at all | |
dxmd | ok im off to bed | |
dxmd | nite all | |
SmooveB | not enough 0 and 3 and z in there. | |
jZZzZZz | Shut up Dave, I'm trying to keep true to the original Skript | |
jZZzZZz | g0tta Keep 1t R3al!#@())!@#( | |
obecian | yeah noone will believe it's a real advisory with all that proper english | |
obecian | where's that leetspeak lex filter | |
dxmd | blame it on obecian | |
jZZzZZz | I would like to thank bass of BEER. He started the whole OpenBSD | |
jZZzZZz | religion. Keep up the good work. | |
jZZzZZz | Special thanks to obecian and his DoS 3.3 System. It has made my | |
jZZzZZz | job so easy that I think I should not be paid anymore. | |
jZZzZZz | I would also like to thank: NSA, CIA, FBI, Jammu Siltavuori, | |
jZZzZZz | Kettutytt, Somali, Dorkex (h0rze :), ISS, Solar Designer, #blowjob, | |
jZZzZZz | #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, and Jello Biafra. | |
obecian | AHHAHAHAHA | |
dxmd | HAHAHHAHAHAHHAHAH | |
dxmd | man | |
jZZzZZz | how do you spell diahrheah | |
jZZzZZz | how do you spell diahrheah | |
obecian | diarea or diahrea not sure | |
jZZzZZz | I would also like to thank: NSA, CIA, FBI, Jammu Siltavuori, | |
jZZzZZz | Kettutytt, Satan, Dorkex (h0rze :), ISS, Solar Designer, #blowjob, | |
jZZzZZz | #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, communism, the | |
jZZzZZz | US Air Force, OJ Simpson, Ralph Nader and Jello Biafra. | |
jZZzZZz | shooop$ grep diah /usr/share/dict/words | |
jZZzZZz | diaheliotropic | |
jZZzZZz | diaheliotropically | |
jZZzZZz | diaheliotropism | |
jZZzZZz | Obadiah | |
jZZzZZz | shooop$ grep diarh /usr/share/dict/words | |
dxmd | this rocks | |
jZZzZZz | diarhemia | |
jZZzZZz | fuck | |
jZZzZZz | @#$@$# | |
obecian | HAHA | |
obecian | hahahah | |
dxmd | um what about chlamidia? | |
jZZzZZz | whassat? | |
jZZzZZz | What C code should I put into the new openbsd exploit ? | |
jZZzZZz | #include <stdyo.h> | |
jZZzZZz | #include <streengs.h> | |
jZZzZZz | main() | |
jZZzZZz | { | |
jZZzZZz | prentf("hello, world!!!!!\n"); | |
jZZzZZz | } | |
jZZzZZz | PS: The expoit is broke very slightly, so it takes some knowledge ;) | |
jZZzZZz | PUBLIC RELEASE * DO NOT DISTRIBUTE | |
Figz | Don't forget, private release date: Jan 23, 1979 | |
jZZzZZz | what's significant about Jan 23, 1979 | |
Figz | That it's 16 years before openbsd's inception, of course. | |
jZZzZZz | You want to see what I got now ? | |
Figz | Yea, "hello world" tekniq.. | |
jZZzZZz | want me to email you what i got? | |
jZZzZZz | i ned comments | |
jZZzZZz | about to go to sleep | |
jZZzZZz | but i want to fire this off to bugtraq first | |
jZZzZZz | THIS IS A SERIOUS EXPLOIT PEOPLE!!! | |
jZZzZZz | BUGTRAQ READERS MUST KNOW ABOUT IT!!!! | |
jZZzZZz | Fuck this, i'm sending it, gotta go to sleep | |
jZZzZZz | night night | |
sean- | wtf is this bullshit i'm reading on bugtraq | |
mmap` | sean, whats bs? | |
cripto | fake, obviously. | |
sean- | the 'openbsd machine can be stolen' advisory | |
mmap` | rofl | |
cripto | both are fake. | |
sean- | i know | |
sean- | but who the hell would approve that? | |
cripto | i'm dissapointed that elias approved them | |
jeremie | aleph1 | |
jeremie | same guy who approves every other post | |
cripto | but oh well, he's the moderator. | |
jeremie | he'll refund your subscription cost if you're pissed | |
jeremie | i bet | |
cripto | hah ;) | |
sean- | haha | |
sean- | btw cripto sean called me ;) | |
SignOff highvolts: #OpenBSD (return 0;) | ||
mmap` | more like canceling | |
mmap` | and cp'ing your subscript data to /dev/null | |
mmap` | yo sean | |
mmap` | wheres the article | |
shure | Running make depende echo : is a directory *** Error[1] -- Come one.. | |
sean- | dunno, it just came through i believe.. | |
sean- | subject is 'Another OpenBSD vulnerability!!' | |
dxmd | hahaha | |
dxmd | hey | |
dxmd | sean | |
dxmd | can u do me a favor and give me the url | |
mmap` | idont see it | |
dxmd | chris posted that article to prove what a moron aleph1 is | |
sean- | dxmd: it's in my mailbox, i don't have a url :) | |
dxmd | people | |
dxmd | give me the fucking url | |
dxmd | ok then dcc me | |
dxmd | ill put it on my site | |
sean- | ok hang on | |
Intrinsic | why don't you look at the BugTraq archives? | |
jeremie | dxmd whats your email | |
genecyst | dxmd: http://squeamish.org/leet.advisory | |
dxmd | rat@interniq.org | |
dxmd | chris rules | |
zb^3 | that advisory is leet | |
zb^3 | -- leet -- leet -- leet -- | |
zb^3 | does Aleph1 even care anymore? | |
mmap` | HAHAHAHAHA | |
mmap` | #eatshit | |
mmap` | dood this faq is the best, mad funny | |
fx | *** Mode for channel #eatshit is "+tin" | |
mmap` | Three years without a remote hoe? Strike that. | |
toor | Subject: ANOTHER OpenBSD security vulnerability!!!! | |
toor | - :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet - | |
sil | hope that wasnt for me toor | |
sil | ahh yea i read that one but it wasnt me this time | |
sil | i only write *snicker* real advisories | |
no_pants | i've got an advisroy | |
no_pants | i can crack any obsd box | |
no_pants | all i have to do is sit on it | |
no_pants | time to email bugtraq! | |
genecyst | you must be very fat | |
sil | i can hack openbsd with a jigsaw | |
no_pants | my ass has no bounds checking |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!