{"id":5973,"date":"2012-11-27T07:00:00","date_gmt":"2012-11-27T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2012\/11\/27\/security-vulnerability-reports-as-a-way-to-establish-your-l33t-kr3z\/"},"modified":"2012-11-27T07:00:00","modified_gmt":"2012-11-27T07:00:00","slug":"security-vulnerability-reports-as-a-way-to-establish-your-l33t-kr3z","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20121127-00\/?p=5973","title":{"rendered":"Security vulnerability reports as a way to establish your l33t kr3&#124;)z"},"content":{"rendered":"<p>\nThere is an entire subculture of l33t l4x0rs who occasionally\npop into our world,\nand as such have to\n<a HREF=\"http:\/\/www.amazon.com\/dp\/0205276199\/?tag=tholneth-20\">\nadapt their\ncommunication style to match their audience<\/a>.\nSometimes the adaptation is incomplete.\n<\/p>\n<blockquote CLASS=\"q\">\n<pre>\nI have appended a file exploit.pl which exploits a vulnerability\nin XYZ version N.M.  The result is a denial of service.\nThe perl script generates a file, which if double-clicked,\nresults in a crash in XYZ.\nS00PrA\\\/\\\/e$Um#!\/usr\/bin\/perl\nsystem('cls');\nsystem('color c');\nsystem('title XYZ DOS Exploit');\nprint('\n----------------------------------------------------\n****************************************************\n*              __                      $           *\n*   --        |  |     __             $$$          *\n*  |     - -  |__|    |  |           $     | |     *\n*   --  | | | |       |__| \\  \/\\  \/   $$$  | |     *\n*     |  - -  |   r   |  |  \\\/  \\\/ e     $  -  m   *\n*   --                |  |            $$$          *\n*                                      $           *\n****************************************************\n----------------------------------------------------\n');\nsleep 2;\nsystem('cls');\nprint('\n----------------------------------------------------\n****************************************************\n*                                      $           *\n*   --                |  |            $$$          *\n*     |  - -  |   L   |__|  \/\\  \/\\ 6     $  -  w   *\n*   --  | | | |__     |  | \/  \\\/  \\   $$$  | |     *\n*  |     - -  |  |    |__|           $     | |     *\n*   --        |__|                    $$$          *\n*                                      $           *\n****************************************************\n----------------------------------------------------\nThe exploit!\n');\nsleep 2;\n$theexploit = \"\\0\";\nopen(file, \"&gt;exploit.xyz\");\nprint(file $theexploit);\nsystem('cls');\nprint('\n----------------------------------------------------\n****************************************************\n*              __                      $           *\n*   --        |  |     __             $$$          *\n*  |     - -  |__|    |  |           $     | |     *\n*   --  | | | |       |__| \\  \/\\  \/   $$$  | |     *\n*     |  - -  |   r   |  |  \\\/  \\\/ e     $  -  m   *\n*   --                |  |            $$$          *\n*                                      $           *\n****************************************************\n----------------------------------------------------\nDONE!\nDouble-click exploit.xyz in XYZ and KABLOOEEYYY!\n');\nsleep 3;\nsystem('cls');\nprint('\n----------------------------------------------------\n****************************************************\n*              __                      $           *\n*   --        |  |     __             $$$          *\n*  |     - -  |__|    |  |           $     | |     *\n*   --  | | | |       |__| \\  \/\\  \/   $$$  | |     *\n*     |  - -  |   r   |  |  \\\/  \\\/ e     $  -  m   *\n*   --                |  |            $$$          *\n*                                      $           *\n****************************************************\n----------------------------------------------------\nCONSTRUCTED BY S00PrA\\\/\\\/e$Um\nSpecial thanks to: XploYtr &amp; T3rM!NaT3R.\n');\n<\/pre>\n<\/blockquote>\n<p>\nYou may have trouble finding the exploit buried in that perl script,\nbecause the perl script consists almost entirely of graffiti\nand posturing and chest-thumping.\n(You may also have noticed a bug.)\nHere is the script with all the fluff removed:\n<\/p>\n<pre>\n$theexploit = \"\\0\";\nopen(file, \"&gt;exploit.xyz\");\nprint(file $theexploit);\n<\/pre>\n<p>\nThis could&#8217;ve been conveyed in a simple sentence:\n&#8220;Create a one-byte file consisting of a single null byte.&#8221;\nBut if you did that, then you wouldn&#8217;t get your chance\nto put your name up in lights on the screen of a Microsoft\nsecurity researcher!\n<\/p>\n<p>\n(For the record, the issue being reported\nwas not only known, a patch for it had already been issued\nat the time the report came in.\nThe crash is simply a self-inflicted denial of service\nwith no security consequences.\nThere isn&#8217;t even any data loss because XYZ can open only\none file at a time, so by the time it crashes, all your\nprevious work must already have been saved.)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is an entire subculture of l33t l4x0rs who occasionally pop into our world, and as such have to adapt their communication style to match their audience. Sometimes the adaptation is incomplete. I have appended a file exploit.pl which exploits a vulnerability in XYZ version N.M. The result is a denial of service. The perl [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-5973","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"<p>There is an entire subculture of l33t l4x0rs who occasionally pop into our world, and as such have to adapt their communication style to match their audience. Sometimes the adaptation is incomplete. I have appended a file exploit.pl which exploits a vulnerability in XYZ version N.M. The result is a denial of service. The perl [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/5973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=5973"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/5973\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=5973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=5973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=5973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}