June 22, 2006
The shellcode is 90 bytes, but would be 84 bytes if it used an ip address without nulls.
revsh1.s is the documented assembly.
To test the reverse shellcode, you absolutely require a
listener. nc -l -p 43690; If the listener is not running, it
will segfault because eax gets all messed up.
You can either run the standalone executable or run
s-proc -e linux_sc5.bin.
Robot Cat 1
Robot Cat 1 0.2 Source
Robot Cat 1 0.3a beta Source
Robot Cat 1 is a project to create a robot cat that acts fairly natural. It has a tamagotchi style interface as well as the possibility of a microcontroller interface. Robot Cat 0.2 has a neural network and a GUI. Currently its weights are 0, so they need to be trained.
Many docs are half written describing the methods to complete Robot Cat 1.
Features currently implemented are:
- Neural Network (random weights)
- Memory System
- GTK interface
- CLI interface
SFTP Trojan
jvoss@altsci.com
jvoss@myuw.net
Feb 28, 2006
SFTP Trojan 0.2.1 Source
[sig]
First off, allow me to calm your worries. This is _not_ a vulnerability in SFTP. Don't go shutting down your servers or chmod 000 sftp-server or chmod 000 sftp or anything crazy like that. This is a tool that can be used to emulate the interface of sftp without using sftp. Compiled it is 12k while sftp is 67k. It has no external libraries except libc and ld (default). If you think about it, 12k is not much space to work in. All I do is password routine, then allow them to input commands.
Read more »Website Signature Verifier
jvoss@altsci.com
jvoss@myuw.net
Nov 13, 2005
Sends an e-mail when your site has a cryptographic error. This is good to detect changes, intrusions, and mistakes. There are three levels of testing:
Level 1: Check that remote page concurs with remote signature.
Level 1 ensures that someone has signed the file with a key that we have in our
public keyring. Level 1 ensures that if your page is changed, it is because of
an intended change and has been signed by the developer. Level 1 is not a
perfect guarantee of security since an attacker who is in your public keyring
could sign it with their key and Level 1 would pass.
