[Wolves] whats this?

Steve Parkes sparkes at westmids.biz
Wed Oct 19 07:56:21 BST 2005


roundyz wrote:

>  
>  Attempts to use 1 known hacks were logged 8 time(s)
>    \\x90\\x90\\x90\\x90   by 
>            82.37.228.35 2 time(s) 
>            82.37.79.29 2 time(s) 
>            82.37.226.46 2 time(s) 
>            82.37.193.73 2 time(s) 
>  

I didn't notice this bit first time.

it's a buffer overflow attempt.  The x90 instruction is noop (no 
operation) in x86 and it's a slide it keeps nooping through the 
instructions until it hits paydirt at the end the shell code exploit.

Read 'smashing the stack for fun and profit' for a quick run down on how 
these work.

This is probably a naughty bot looking for servers to exploit.  If you 
are up to date it's nothing to worry about.

I have (to the best of my knowledge) ever been caught out by one of 
these exploits on a web server as most of them exploit eons old code.

sparkes



More information about the Wolves mailing list