And it just so kindly tells you were everything is located, just in case
you wanted to know
Ex:
http://demo.fatfreecrm.com/passwords/
I half expected to find password hashes but oh well that's life. It is a
great hack me application when you can find random vulns simply by
dicking around on
Since when was full disk encryption standard in windows 7 let alone windows
environments in general? Sure there are probably some but nonetheless
On Jul 13, 2013 6:47 PM, Alex f...@daloo.de wrote:
You didn't tell us how you cracked the full disc encryption. (There are
ways around controls, but
.
It was improved in Windows 7 and apparently even more for Windows 8.
Not all hardware supported it originally. Recent Windows desktops and
especially laptops should.
- Dennis
From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk]
On Behalf Of Gage Bystrom
Sent: Saturday, July
except the level of
integrity...
- Original Message -
*From:* Gage Bystrom themadichi...@gmail.com
*To:* full-disclosure@lists.grok.org.uk
*Sent:* Friday, March 29, 2013 10:51 AM
*Subject:* Re: [Full-disclosure] Fw: Fw: Fw: Justice for Molly
(copskillingcivillians)
If you don't tell
If you don't tell people what to post or not postwhy are you telling
them to not post how they disagree with you on if this story should be
posted to FD?
Hum dee dum dum
On Mar 29, 2013 5:28 AM, Jerry dePriest jerr...@mc.net wrote:
**
90% of the posts on here are illegal in some form or
Keep in mind the largest part about the backlash against you is your
constant over the top, borderline comical reaction to people criticising
you. You keep freaking out more and more and yelling at random people its
quite amusing.
On Mar 29, 2013 8:20 AM, Jerry dePriest jerr...@mc.net wrote:
**
of
integrity...
- Original Message -
*From:* Gage Bystrom themadichi...@gmail.com
*To:* full-disclosure@lists.grok.org.uk
*Sent:* Friday, March 29, 2013 10:51 AM
*Subject:* Re: [Full-disclosure] Fw: Fw: Fw: Justice for Molly
(copskillingcivillians)
If you don't tell people what to post
I think its simply a case of everyone more or less knew this was possible
and quite easy to pull off, just no one publicly bothered to get around to
doing it till now. Afterall its just a large mass of low hanging fruit
compromised to gather data. I'm more impressed by how they aggragated said
I agree. I'll admit that its pretty interesting but I highly doubt that it
even remotely compares with FBI databases and similar organizations. After
all its little secret that they keep their eyes on certain communities and
ergo it makes sense that they will take the time to build up information
Intern:Why is there an ethernet jack for that power strip?
Mentoring Admin: Why I have no clue I didn't put it there, replace it
and check it out
Intern: Google says it's from some demyo company for pen testers
Admin: Hardly covert, the consulting pen test team we hired this year
must suck dick
That's because no one particularly cares that it is malware. Botnets,
rootkits, rats, ect are all just as potentially vulnerable as any other
software, except the impact is pretty low. Let's say someone was exploiting
this in the wild. Realistically what are they accomplishing? Most of the
time
tl;dr: A security audit found security holes and a year later: not all of
the holes were fixed.
On Sep 26, 2012 3:15 AM, Bit WAshor b1t.was...@ymail.com wrote:
SENSITIVE financial data could be at risk after it was revealed that a
council’s IT network could be open to outside attacks following
Uhh I had to update a Windows box just the other day and it didn't install
any toolbars or anything like that. Might wanna start running a few
scans..
On Sep 6, 2012 10:42 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Sep 6, 2012 at 1:26 PM, James Lay j...@slave-tothe-box.net
wrote:
-boun...@lists.grok.org.uk] On Behalf Of Gage Bystrom
Sent: Thursday, July 19, 2012 9:44 PM
To: Glenn and Mary Everhart; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] A modest proposal
1.) waste of a reference by no follow through :( shame shame
2.) The only real problem
1.) waste of a reference by no follow through :( shame shame
2.) The only real problem with that idea is that you'd be doing it wrong.
As in what you are doing does not accomplish what you want it to do. Those
polymorphic techniques are there to prevent identification, not necessarily
to prevent
Hello Full Disclosure! I is warn you about musntlive!
He is use old joke over over again. Not funny!
--
I actually got nothing against you personally but its boring when you use
the same tactic over and over :/ mix things up and make it interesting!
On Jul 17, 2012 8:24 AM, Григорий
...@gmail.com wrote:
And you can is prove this theory is how?
On Tue, Jul 17, 2012 at 1:09 PM, Gage Bystrom themadichi...@gmail.com
wrote:
Hello Full Disclosure! I is warn you about musntlive!
He is use old joke over over again. Not funny!
___
Full
Ok after playing around and re-reading the advisory I was finally able
to get the PoC to work. While it is interesting once your actually see
it work I simply do not believe it warrants the severity you have
described. The man reason why I say this is because any attacker in a
position to modify a
.
Always remember A chain is only as strong as its weakest link. This is a
vulnerability, it's attacker's and conditions' decision how to use it.
You can use wider vision to consider about real life scenarios.
Gokhan Muharremoglu
-Original Message-
From: Gage Bystrom [mailto:themadichi
See now this is something I can get behind, as that's a scenario where this
attack can achieve something that arbitary js normally could not do, or at
least I'm more uncertain if other methods would work in that situation, and
its a situation that is going to be reasonably common and not some
Well if I understand Tim correctly you wouldn't need a CA. In the attack he
mentioned not once do you ever actually look at the ssl content. He's
talking about redirecting them to plain http and then setting the session
cookie and redirecting them back. Then when the victim logs on over ssl,
the
Not to mention as others pointed out it is implied that the guy might've
let out information he didn't have permission to let out, which could get
him into some serious trouble. Also I could be wrong since I don't remember
the full thing but did the guy said they were doing a pentest soon? No need
to me it seems like hes trying to say that someone with administrative
access has the ability tohave administrative access. Its like
saying Hey guys! I found a local exploit and all it requires is to be
a root user!!!
I'm not sure if he's trolling or just stupid.
On Thu, Jun 21, 2012 at 7:42
Well thats a bit of an iffy one. I'd say it IS a security measure,
albeit one that is solely effective if and only if compounded with
other measures.
It's unlikely, but you never know, you just might miss out on a nasty
worm all because you werent running on a default port one day.
On Thu, Jun
Never read any of his pieces on attack trees. That being said, and
having read over it, I believe it to be infeasible to make an attack
tree against any modern system, even with only the scope of web
applications. There are simply a vast majority of possible start
points, and what leafs that may
If you havnt guessed from the replies, there are no such thing as an attack
tree. Sure things maybe methodical, but I don't think of things as being
like a tree.
The classical method is something along the lines of preform recon,
enumerate, attack, presist/extract data. You react based upon the
I think what he was trying to say, and I'm not sure since I havnt tested
it, is that you can bypass the 2nd layer of authentication by logging into
IMAP. Cause normally if you try to login from a strange device Google
becomes highly suspicious and starts asking you questions(the 2nd layer)
and
Anyone visiting a compromised site can get the hash, meaning anyone
who is looking for it can find it and lets any random person(assuming
stored) visiting to be able to grab all the cookie values.
That's not even my personal concern. My concern is why should I trust
the owner? Whether you are a
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote:
Is good evening. I is would like to warn you about is vulnerability in
Backtrack is all version.
Backtrack Linux is penetration tester is system. Is come complete with
Next thing ya know he will publish a disclosure on the default password
being toor.
On Apr 24, 2012 7:41 AM, Urlan urlanc...@gmail.com wrote:
It makes me laugh! hahahaha
2012/4/24 Gage Bystrom themadichi...@gmail.com
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50
Eh, nothing really exciting or noteworthy in it. Could serve as a good
overview, but there are better techniques actively being used that
solves multiple other problems as well(ROP comes to mind, although not
always).
On Sun, Apr 15, 2012 at 11:01 AM, Levent Kayan levonka...@gmx.net wrote:
a
The best you could do without internet access to store the keys is to
implement a strong crypting method on the app itself and use every trick
you can that would piss off a reverse engineer.
On Apr 9, 2012 2:26 PM, Erki Männiste erki.manni...@webmedia.ee wrote:
I am developing a software that is
You forget that the culprits have already been caught, no one is there in
order to issue an update to circumvent the check site.
On Apr 4, 2012 9:55 AM, demonsdeba...@gmail.com wrote:
I see a hole in the Check this site to test your DNS.
DNS spoofing attacker would change NS,A or MX record for
Shoulda gotten a lawyer o.O professor sex scandals can rake in decent money
On Mar 13, 2012 4:32 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Mar 13, 2012 at 6:17 PM, Marcus Meissner meiss...@suse.de wrote:
Hi,
How is this different from writing a fork bomb?
:)
Fork bombs can be
Uhh no, you misread what he said. He's saying he's seen that code in a few
php shells that were supposedly meant to be private but the authors were
miserable failures and he found the code anyways, not that he wrote it.
On Feb 20, 2012 12:36 AM, Manu sourvi...@gmail.com wrote:
But you saw it in
in
was invited researchers to study DDoS on this model, because anytime
someone can direct thousands to generate a network congestion.
On 13-02-2012 11:17, Gage Bystrom wrote:
Uhh...looks pretty standard boss. You aren't going to DoS a halfway decent
server with that using a single box. Sending your
Uhh...looks pretty standard boss. You aren't going to DoS a halfway decent
server with that using a single box. Sending your request through multiple
proxies does not magically increase the resource usage of the target, its
still your output power vs their input pipe. Sure it gives a slight boost
a target is definitely beneficial and has all
kinds of advantages.
On Mon, Feb 13, 2012 at 7:17 AM, Gage Bystrom themadichi...@gmail.comwrote:
Uhh...looks pretty standard boss. You aren't going to DoS a halfway
decent server with that using a single box. Sending your request through
multiple
This seemed amusing at first, right up until you 'take over' the chatroom
by clicking make owner from a staff name . ill give you the benefit of
the doubt that the example could have just been exectuted badly
On Feb 2, 2012 1:04 AM, Stefan Jon Silverman s...@sjsinc.com wrote:
Folks:
Not to mention he was originally accused of stealing code from the
metasploit base without atribution. That and multiple risky signs on his
first website and such. It truly is a wonder that no one has dropped him in
a zine or anything like that. Blackhats read FD just as much as the
professionals,
Other than the fact they may somehow notice this and start trying to
autoban sites you should be fine. Since he is spoofing it would be hard for
him to tell without trying it out on a box he controls. If anything gets
autobanned you really need then just whitelist it, if you can think of such
What was the offlist message he was referring to? Cause yeah, he sounds
pretty new here with that kind of message. People bring in outside
conversations all the time, especially if they feel it is relevant to the
topic at hand.
Speaking of the topic at hand: I agree with the crowd that says it is
Yeah good luck with reproducing it cause it REALLY sounds like a mitm or a
phishing attack trying to get people to download fake av. I would do a dns
lookup and then compare those results to that of a public web service, and
save the links for the AVs to check if they have any malicious history
been on one of the
hijacked sept 11 planes.
Bet things would have gone down different then, amiright?
Sent from my BlackBerry® wireless device
-Original Message-
From: Gage Bystrom themadichi...@gmail.com
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Fri, 20 Jan 2012 13:29
would have done had you been on one of the
hijacked sept 11 planes.
Bet things would have gone down different then, amiright?
Sent from my BlackBerry® wireless device
-Original Message-
From: Gage Bystrom themadichi...@gmail.com
Sender: full-disclosure-boun...@lists.grok.org.uk
Exactly. People are mostly being ridiculous atm. If they told you about a
vuln and did not take advantage of it they are innocent. By all means you
have the right to investigate and make sure they didn't do anything else,
but if they didn't they are innocent. The moment they take advantage of a
Yeah, just mark those as spam. People with auto reply when they are on a
mailing list are dumb.
And yeah FB has no responsibility over apps. Generally and sqli or what not
is going to the app owners site, not FB so why should they care?
On Jan 2, 2012 12:48 PM, t0hitsugu tohits...@gmail.com
(I don't have the original, so ill qoute this guy)
Nmap has an option to change how it determines if a host is up by
attempting a port connection instead. I find this to be highly effective.
Using a couple of standard ports are the best, such as 80, 21, etc. If you
only have a few ports your
Seriously, what the fuck is wrong with you? How many times have you been
told that full disclosure is not the place for advertising your piece of
shit software?
On Dec 30, 2011 4:43 PM, runlvl run...@gmail.com wrote:
Great news!!! This 2012 we released the new version of INSECT PRO
INSECT Pro
Is be surprised if anyone related to security actually thought WPS was
remotely safe, bout time some actually released a public tool to brute it
though :P
On Dec 29, 2011 2:02 AM, Craig Heffner cheff...@devttys0.com wrote:
Yesterday, Stefan published a paper describing a vulnerability in WPS
between attacks and vulnerabilities throughout.
As for doing it wrong, that's fair. What do you consider to be doing
it right?
Thanks,
- Jeff
-Original Message-
From: Gage Bystrom [mailto:themadichi...@gmail.com]
Sent: Saturday, December 24, 2011 5:21 PM
To: Forristal, Jeff; full
While it was slightly interested to read, and I do not doubt the
intention of the whitepaper, I believe it to be nearly useless. All it
is, as they say, is a 'call-to-arms' to add additional classification
of vulnerabilities. Almost all of those attacks described are really
driver attacks. The
Fyodor has every right to tell them to fuck off. This is simple
backstabbing now matter how you look at it.
What makes me wonder is if the right people will get enraged enough to do
something drastic if drastic measures are required.
Truthfully I'm almost betting that there is a law or two
Good point.
Makes me wonder though how many people realize that ZDi and such are third
parties.
On Dec 8, 2011 9:47 AM, valdis.kletni...@vt.edu wrote:
On Thu, 08 Dec 2011 14:24:21 -0300, Pablo Ximenes said:
2011/12/8 Michal Zalewski lcam...@coredump.cx
If you don't like it, let us know
Doesn't matter. You just gotta prove it wasn't tampered with.
Conversely, you just gotta prove that it was tampered with, but by the
suspect.
On Thu, Dec 8, 2011 at 8:16 PM, james.macchle...@gmail.com wrote:
Good Day All,
I am looking to see if any of you know what minimum syslog level needs
passwords or view for non-windows users.
The reason tools exist is because there is a demand for them- hell, its a
password safe. Perhaps OP should look at this type of solution.
On Wed, Dec 7, 2011 at 6:28 AM, Gage Bystrom themadichi...@gmail.comwrote:
I'm disturbed in the first place that you
:* full-disclosure-boun...@lists.grok.org.uk [mailto:
full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Gage Bystrom
*Sent:* woensdag 7 december 2011 9:38
*To:* full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] distributing passwords to users
** **
O.o and you act like
a distinction without difference.
--On December 6, 2011 11:48:02 AM -0800 Gage Bystrom
themadichi...@gmail.com wrote:
My bad, should have said that you can't trust the md5sum tampering(since
you stated to have a static copy on the flash drive) but you couldn't
trust it since you couldn't trust
And quite annoying. Why do you even need an email address in the first
place? You're already pulling people in from a mailing list. And its rude
to require anything at all to access the content you're presenting to FD.
After all that's one of the primary reasons so many people hate jsacco.
On Dec
I didn't actually bother to get the teaser but I have to ask, was the free
content in the teaser 23 pages?
If it is, then they weren't misleading in the email. Otherwise, they are
being rude.
On Dec 7, 2011 12:46 PM, xD 0x41 sec...@gmail.com wrote:
umm, its not misleading atall.. this is the
2011 07:51, Gage Bystrom themadichi...@gmail.com wrote:
I didn't actually bother to get the teaser but I have to ask, was the
free
content in the teaser 23 pages?
If it is, then they weren't misleading in the email. Otherwise, they are
being rude.
On Dec 7, 2011 12:46 PM, xD 0x41 sec
...wellI guess it is 23 pages :/ but that's more annoying then if they
gave out just 3 full pages
On Dec 7, 2011 12:58 PM, xD 0x41 sec...@gmail.com wrote:
its like a snippet from each page..
On 8 December 2011 07:56, Gage Bystrom themadichi...@gmail.com wrote:
Lol I get
an investigation standpoint. Say the kernel has a rootkit and is
creating files. How do you find those files? If it's opening network
connections, how do you find out what those connections are and what
process is tied to them?
--On December 7, 2011 10:13:42 AM -0800 Gage Bystrom
Nice, but is it stored? Or at least reflective?
On Dec 7, 2011 2:59 PM, Tomy supp...@vs-db.info wrote:
still vulnerable:
sample:
http://pentestmag.com:80/wp-login.php?action=registerhttp://pentestmag.com/wp-login.php?action=register
(XSS)
e-mail:
.
On Dec 7, 2011 3:16 PM, Tomy supp...@vs-db.info wrote:
it does not matter, it's about the fact that someone who publishes such a
newspaper should know his stuff..
Tomy
Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. 00:04:
Nice, but is it stored? Or at least reflective
/12/8 Gage Bystrom themadichi...@gmail.com
Not really. It it isn't exploitable in any sense of the word its not a
vulnerability. It's akin to opening up firebug, writing the generic xss PoC
and calling the site vulnerable :P I'd love to bash on these guys as much
as you want to, but let
to be pwnd thru
a login.php :s
2011/12/8 Gage Bystrom themadichi...@gmail.com:
Not really. It it isn't exploitable in any sense of the word its not a
vulnerability. It's akin to opening up firebug, writing the generic xss
PoC
and calling the site vulnerable :P I'd love to bash
://www.yourmembers.co.uk/
.
By that standard, Wordpress is as safe as Linux running sshd root:root,
24/7.
On the other hand, this doesn't excuse these people from checking their
own software.
Paying for something that happened to be shit isn't an excuse either.
Chris.
2011/12/8 Gage Bystrom themadichi
win even if they tried a 'clever' trick like that.
Set the right options, plug the holes, and relish in the fact they weren't
serious about your box and you will be just find.
On Dec 6, 2011 1:18 AM, Lucio Crusca lu...@sulweb.org wrote:
Gage Bystrom wrote:
I would suggest iptables but the OP
appreciated!
dan :)
On 5 December 2011 11:13, Gage Bystrom themadichi...@gmail.com wrote:
If it was a rootkit then trying to run the outdated rkhunter would be a
moot point. Whatever seizes the kernel first wins, hands down.
Fortunately for him, since the bot was so easy to find in the first
My bad, should have said that you can't trust the md5sum tampering(since
you stated to have a static copy on the flash drive) but you couldn't trust
it since you couldn't trust the system calls.
The immediate moment you have to worry about a legit userland rootkit you
have to worry about a kernel
Sounds pretty neat to be honest. But one thing I'm wondering is that if
they have root, what's stopping them from turning that off? After all they
need root to load the modules in the first place, so if they are in a
position to want to do that, then they are in a position to turn that off.
anything in the first place and assuming that the change can't
be reversed by root itself;that would defeat the whole purpose of even
using that option in a security context.
On Dec 6, 2011 3:05 PM, valdis.kletni...@vt.edu wrote:
On Tue, 06 Dec 2011 13:20:51 PST, Gage Bystrom said:
serious
Well in that case it becomes fairly sane, assuming you've safeguarded
against the one of the worst case scenario like Valdis previously
mentioned. There are a handful of things I can think of however that
could still work, at which point depends on the attackers goals.
But at that point it'd be a
I'm disturbed in the first place that you want to distribute password
lists to multiple users.
I'm disturbed more so that there is no apparent cognitive dissonance
preventing you from functioning enough to have sent that email.
Someone please tell me that I'm not the only one disturbed here? And
If it was a rootkit then trying to run the outdated rkhunter would be a
moot point. Whatever seizes the kernel first wins, hands down.
Fortunately for him, since the bot was so easy to find in the first place
and such a simple way of maintaining it, the box was clearly seized by
someone who
root kits properly, but that it obviously needs installing
when the box is fresh and before it has been physically connected to a
network?
thanks to everyone for their valuable contributions here - much
appreciated!
dan :)
On 5 December 2011 11:13, Gage Bystrom themadichi...@gmail.com wrote
I think it simply makes sense though. As more and more common passwords are
cracked by the multitude of boxes out there dedicated to cracking hashes,
the more and more likely that its gunna turn up in a list or a site
somewhere. Add in that Google is really good at finding long strings and
numbers
I grab a bag of popcorn whenever Juan sends an email.
On Wed, Oct 5, 2011 at 4:25 AM, valdis.kletni...@vt.edu wrote:
On Wed, 05 Oct 2011 06:49:40 -0300, root said:
How can I earn money by migrating exploits?
You will inmediately recieve $2 (US Dollars) in your PayPal account for
each
Would you kindly die in a fire?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Well it depends on the scanner, and by my guess you're likely using nmap and
so yes root privs are required mainly to access raw sockets so it can use
its nifty math to figure out all the cool bits.
Generally speaking such privs are required by anything that does anything
really useful.
On Sep
Comodo got hacked awhile back and mass certificates compromised,
judging by that certificate you probably encountered one of the stolen
ones.
On Wed, Sep 7, 2011 at 7:40 AM, JT S whyteho...@gmail.com wrote:
I recently got this error You attempted to reach
www.westernunion.com, but instead you
Well your options are limited. You can look for some type of
information disclosure, find other hosts the target owns and then scan
their subnets for http servers, etc.
And of course if the situation permits it, pwn the proxy and check
their logs. Assuming you have permission naturally :P
On
People hate you because you've been stealing software, slapping a new
wrapper on it, and calling it your own.
All other complaints, criticisms, or even approvals is nothing in
light of that simple fact. A light that was cast the first time you
released InsectPro to FD and all you got was a horde
These guys just ought to be really happy it's a fricken pain in the
ass to get mod_frontpage 5.2 working these days or some highly annoyed
person could start churning up a private exploit for the known
associated vulnerability. That or fire up canvas/core impact(I don't
remember which one had the
85 matches
Mail list logo