From ozzy@polarhome.com Thu Sep 20 02:28:14 2001 From: ozzy@polarhome.com (Ventsislav Nikolov) Date: Thu, 20 Sep 2001 03:28:14 +0200 (CEST) Subject: [Security] B - achieving root permisions from normal user account Message-ID: ozzy@gate~/hack$ ./epcs2 bug exploited successfully. enjoy! sh-2.04$ exit ozzy@gate~/hack$ ./epcs2 ptrace: PTRACE_ATTACH: Operation not permitted d0h! error! ozzy@gate~/hack$ date Thu Sep 20 03:20:32 CEST 2001 The source of the local exploit is /home/o/ozzy/hack/epcs2.c Works the first time only after system reboot. Actually it is for slackware but obviously works on RedHat 7.1. ^_^ Best wishes! Ventsislav Nikolov From arpadffy@polarhome.com Wed Sep 19 17:36:17 2001 From: arpadffy@polarhome.com (Zoltan Arpadffy) Date: Wed, 19 Sep 2001 18:36:17 +0200 Subject: [Security] Re: IRC link Message-ID: <000201c14197$a6069180$090aa8c0@polarhome.com> This is a multi-part message in MIME format. ------=_NextPart_000_0050_01C14139.F83D6900 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Gentlemen, some information just to move forward the negotiation process... 1. polarhome.com can not and will not change host or domainname...=20 explanation: polarhome.com is well established domain, and anyway it is = running with DNS forwarder (thanks dante) that is quite complicate and = responsible to maintain... 2. irc.polarhome.com will continue to use ircd server reason: it is a quite nice and configurable server (and I know it on = code level), from another hand 3 of you want to change to 3 different = servers the current installation. My opinion is: 1. for sure it is possible to connect different irc servers. 2. if it will be as complicate as some of you suggested (new server, new = names, new domains etc) then I would vote to keep as it is. Please, consider these statements as well. Regards,=20 Z ----- Original Message -----=20 From: Zoltan Arpadffy=20 To: Gareth Haynes ; cristi@confiance.deltanet.ro ; madalin@nimeni.org = ; Norman Roa ; Maykel Constantin ; Wulf ; Csaba Korponai ; = security@polarhome.com=20 Sent: Wednesday, September 19, 2001 12:00 AM Subject: IRC link hi, as you could see, users voted to connect to some BIG IRC network, but = as everybody knows, we don't have a good reputation because of free bots = etc... then let do "the small networks big connection" instead. Gentlemen, if you are interested, please send me your C/N records (regarding = irc.polarhome.com), including suggested passwords, with connection class = explanations etc, ASAP. Please note, that irc.polarhome.com is CNAME for gate.polarhome.com = that runs with DHCP IP address: it means that it is very likely to change sometimes as well as identd = response. Kind regards,=20 Z ------=_NextPart_000_0050_01C14139.F83D6900 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Gentlemen,
 
some information just to move = forward the=20 negotiation process...
 
1. polarhome.com can not and will not = change host=20 or domainname...
explanation: polarhome.com is well = established=20 domain, and anyway it is running with DNS forwarder (thanks dante) that = is quite=20 complicate and responsible to maintain...
2. irc.polarhome.com will continue to = use ircd=20 server
reason: it is a quite nice and = configurable server=20 (and I know it on code level), from another hand 3 of you want to change = to 3=20 different servers the current installation.
 
My opinion is:
1. for sure it is possible to connect = different irc=20 servers.
2. if it will be as complicate as some = of you=20 suggested (new server, new names, new domains etc) then I would vote to = keep as=20 it is.
 
Please, consider these statements as=20 well.
 
Regards,
Z
----- Original Message -----
From:=20 Zoltan=20 Arpadffy
To: Gareth Haynes ; cristi@confiance.deltanet.ro= ;=20 madalin@nimeni.org ; Norman=20 Roa ; Maykel Constantin ; Wulf ; Csaba=20 Korponai ; security@polarhome.com =
Sent: Wednesday, September 19, = 2001 12:00=20 AM
Subject: IRC link

hi,
 
as you could see, users voted to = connect to some=20 BIG IRC network, but as everybody knows, we don't have a good = reputation=20 because of free bots etc... then let do "the small networks = big=20 connection" instead.
 
Gentlemen,
if you are interested, please send me = your C/N=20 records (regarding irc.polarhome.com), including suggested=20 passwords, with connection class explanations etc,=20 ASAP.
 
Please note, that irc.polarhome.com = is CNAME for=20 gate.polarhome.com that runs with DHCP IP address:
it means that it is very likely to = change=20 sometimes as well as identd response.
 
Kind regards,
Z
 
 
 
 
 
------=_NextPart_000_0050_01C14139.F83D6900-- From arpadffy@polarfox.com Wed Sep 19 17:55:09 2001 From: arpadffy@polarfox.com (Zoltan Arpadffy) Date: Wed, 19 Sep 2001 18:55:09 +0200 Subject: [Security] Fw: IRC link Message-ID: <008901c1412b$d8855360$090aa8c0@polarhome.com> This is a multi-part message in MIME format. ------=_NextPart_000_0086_01C1413C.9AD6DBE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ----- Original Message -----=20 From: Zoltan Arpadffy=20 To: Gareth Haynes ; cristi@confiance.deltanet.ro ; madalin@nimeni.org ; = Norman Roa ; Maykel Constantin ; Wulf ; Csaba Korponai ; = security@polarhome.com=20 Sent: Wednesday, September 19, 2001 12:00 AM Subject: IRC link hi, as you could see, users voted to connect to some BIG IRC network, but as = everybody knows, we don't have a good reputation because of free bots = etc... then let do "the small networks big connection" instead. Gentlemen, if you are interested, please send me your C/N records (regarding = irc.polarhome.com), including suggested passwords, with connection class = explanations etc, ASAP. Please note, that irc.polarhome.com is CNAME for gate.polarhome.com that = runs with DHCP IP address: it means that it is very likely to change sometimes as well as identd = response. Kind regards,=20 Z ------=_NextPart_000_0086_01C1413C.9AD6DBE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
----- Original Message -----=20
From: Zoltan=20 Arpadffy
To: Gareth Haynes ; cristi@confiance.deltanet.ro= ; madalin@nimeni.org=20 ; Norman=20 Roa ; Maykel Constantin ; Wulf ; Csaba=20 Korponai ; security@polarhome.com
Sent: Wednesday, September 19, 2001 12:00 AM
Subject: IRC link

hi,
 
as you could see, users voted to = connect to some=20 BIG IRC network, but as everybody knows, we don't have a good reputation = because=20 of free bots etc... then let do "the small networks big = connection"=20 instead.
 
Gentlemen,
if you are interested, please send me = your C/N=20 records (regarding irc.polarhome.com), including suggested = passwords, with=20 connection class explanations etc, ASAP.
 
Please note, that irc.polarhome.com is = CNAME for=20 gate.polarhome.com that runs with DHCP IP address:
it means that it is very likely to = change sometimes=20 as well as identd response.
 
Kind regards,
Z
 
 
 
 
 
------=_NextPart_000_0086_01C1413C.9AD6DBE0-- From zoli@polarhome.com Thu Sep 20 15:08:52 2001 From: zoli@polarhome.com (zoli@polarhome.com) Date: Thu, 20 Sep 2001 16:08:52 +0200 Subject: [Security] B - achieving root permisions from normal user account Message-ID: <200109201408.f8KE8q511371@gate.polarhome.com> hi, I checked it and it does not like to work... BUT if you read carefuly the instrucyions tr sais: * This exploit does not work on 2.4.x because kernel won't set suid * privileges if user ptraces a binary. and if you check: root@gate~# uname -nrs Linux gate.polarhome.com 2.4.3-12 It will eexplain... This kernel is not bug free at all, but that one is not the right exploit. Regards, Z >ozzy@gate~/hack$ ./epcs2 >bug exploited successfully. >enjoy! >sh-2.04$ exit >ozzy@gate~/hack$ ./epcs2 >ptrace: PTRACE_ATTACH: Operation not permitted >d0h! error! >ozzy@gate~/hack$ date >Thu Sep 20 03:20:32 CEST 2001 >The source of the local exploit is /home/o/ozzy/hack/epcs2.c >Works the first time only after system reboot. >Actually it is for slackware but obviously works on RedHat 7.1. >^_^ >Best wishes! > Ventsislav Nikolov >_______________________________________________ >Security mailing list >Security@polarhome.com >http://www.polarhome.com/mailman/listinfo/security From cool trader" Dear Polarhome ! I`ve got some questions! It really nice that you provide such servives for free! If i have domains can make them as vhosts on bnc using your shell ? Thanx and best wishes Anar! From arpadffy@polarhome.com Mon Sep 24 00:26:33 2001 From: arpadffy@polarhome.com (Zoltan Arpadffy) Date: Mon, 24 Sep 2001 01:26:33 +0200 Subject: [Security] (no subject) References: Message-ID: <001901c14487$2e849880$090aa8c0@polarhome.com> hi, thanks a lot, but we have just one IP (with DHCP) that we can not use for vhosts... regards, Z Give us leased line with few IP addresses, the you will get vhosts. Regards, Z ----- Original Message ----- From: "cool trader" To: Sent: Sunday, September 23, 2001 5:19 PM Subject: [Security] (no subject) > Dear Polarhome ! > I`ve got some questions! > It really nice that you provide such servives for free! > If i have domains can make them as vhosts on bnc using your shell ? > Thanx and best wishes Anar! > _______________________________________________ > Security mailing list > Security@polarhome.com > http://www.polarhome.com/mailman/listinfo/security From arpadffy@polarfox.com Sun Sep 23 22:12:23 2001 From: arpadffy@polarfox.com (Zoltan Arpadffy) Date: Sun, 23 Sep 2001 23:12:23 +0200 Subject: [Security] exploit #3 Message-ID: <012001c14474$72ff17a0$090aa8c0@polarhome.com> gate.polarhome.com fall first time. To: arpadffy@polarfox.com From: root@hackermuda.org Subject: Re: I've been hacked ... i am using script called phpshell.php that i modified into my language you can read about the script explanation at http://www.gimpster.com/php/phpshell/index.php i put it at my home directory /home/d/dookie/public_html with named test.php then ill open it from browser http://www.polarhome.com/~dookie/test.php the script works thats all ... God bless, rahul-x