...=- B R E A K I N G  N E W S =-...
               [PHC] Eric "Loki" Hines Exposed -- Round 2 [PHC]
                           #PHRACK PENETRATION TEAM
                              -phc@hushmail.com-


When the PHC penetration team pentested fatelabs.com, we were amazed at what
we found.  Eric "Loki" Hines -- a self-labled non-coder -- had a stash of 7350
exploits in his home directory.  He also had one called f8-wuftpd.

The #phrack penetration team had never heard of this exploit before (Fatelabs
is a whitehat group and thus everything they disclose everything), and a visit
to http://localhost (www.fatelabs.com) revealed there was no such exploit.

Weird, huh?  That was what we thought, too.  So, we decided to check it out.
What we discovered is attached below.  Loki declined to be interviewed.

-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-

# script lokisux
Script started, output file is lokisux
# ./f8-wuftpd



==========================================================================

Fate Research Labs WU_FTPD <=2.6 BIG BAD VOODOO DUCKY BACK-HAND SMACK!

Loki <loki@fatelabs.com
A Loki 'bad cow' production!



==========================================================================


usage: ./f8-wuftpd [options] [commands]

options
   -t target       choose target, -t 0 for a list (default: 1)
   -h hostname     set target host/ip (default: "localhost")
   -s sleeptime    sleep between reconnects (default: 134536618 seconds)
   -r              refind the buffer distance on each connection
   -v              verbose mode (two times -> insane verbosity)

# fetch http://www.team-teso.net/releases/7350wu-v5.tar.gz
Receiving 7350wu-v5.tar.gz (16229 bytes): 100%
16229 bytes transferred in 0.5 seconds (32.45 kBps)
# tar xvfz 7350wu-v5.tar.gz
7350wu/
7350wu/7350wu.c
7350wu/common.c
7350wu/network.c
7350wu/common.h
7350wu/network.h
7350wu/Makefile
# mkdir f8-wuftpd
mkdir: f8-wuftpd: File exists
# cp -p f8-wuftpd f8-wuftpd.bin
# rm -f f8-wuftpd
# mkdir f8-wuftpd && tar xvfz f8-wuftpd.tar.gz -C f8-wuftpd/
common.c
common.h
f8-wuftpd.c
Makefile
network.c
network.h
# cd ..
# mv f8-wuftpd/f8-wuftpd.c f8-wuftpd/7350wu.c
# diff -urN 7350wu/ f8-wuftpd/
diff -urN 7350wu/7350wu.c f8-wuftpd/7350wu.c
--- 7350wu/7350wu.c	Fri Jul  7 05:31:02 2000
+++ f8-wuftpd/7350wu.c	Thu Jul 26 14:06:06 2001
@@ -318,12 +318,7 @@
 	printf ("usage: %s [options] [commands]\n\n"
 		"options\n"
 		"   -t target       choose target, -t 0 for a list (default: 1)\n"
-		"   -c              enable mass mode, [commands] are required then\n"
-		"                   don't use parameters in commands, or use the\n"
-		"                   option end sign, as in: ... -c -- /bin/sh -c \"id\"\n"
 		"   -h hostname     set target host/ip (default: \"%s\")\n"
-		"   -u username     set username to use for login (default: \"%s\")\n"
-		"   -p password     set password to use (default: \"%s\"\n"
 		"   -s sleeptime    sleep between reconnects (default: %d seconds)\n"
 		"   -r              refind the buffer distance on each connection\n"
 		"   -v              verbose mode (two times -> insane verbosity)\n"
@@ -342,8 +337,11 @@
 	char		c;
 
 
-	printf ("7350wu - wuftpd <= 2.6.0 x86/linux remote root (mass enabled)\n"
-		"by team teso\n\n");
+	printf ("\n\n\n==========================================================================\n"
+	       "\nFate Research Labs WU_FTPD <=2.6 BIG BAD VOODOO DUCKY BACK-HAND SMACK!"
+	       "\n\nLoki <loki@fatelabs.com"
+	       "\nA Loki 'bad cow' production!\n\n\n"
+	       "\n==========================================================================\n\n\n");
 
 	if (argc == 1)
 		usage (argv[0]);
diff -urN 7350wu/Makefile f8-wuftpd/Makefile
--- 7350wu/Makefile	Sun Jul  2 20:18:00 2000
+++ f8-wuftpd/Makefile	Thu Jul 26 14:00:31 2001
@@ -2,11 +2,11 @@
 CC=cc
 OBJS=common.o network.o
 
-all:	7350wu
+all:	f8-wuftpd
 
 clean:
-	rm -f *.o 7350wu
+	rm -f *.o f8-wuftpd
 
-7350wu:	7350wu.c $(OBJS)
-	$(CC) $(CFLAGS) -o 7350wu 7350wu.c $(OBJS) $(LIBS)
+f8-wuftpd:	f8-wuftpd.c $(OBJS)
+	$(CC) $(CFLAGS) -o f8-wuftpd f8-wuftpd.c $(OBJS) $(LIBS)
# rm -rf 7350wu* f8-wuftpd
# cp -p f8-wuftpd.bin f8-wuftpd
# rm -f f8-wuftpd.bin
# omfg this guy is a loser
bash: omfg: command not found
# exit

Script done, output file is lokisux