Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in order to play with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib. Saying that we should use Impacket in order to craft *raw* UDP packet is definitively the dumbest thing I've heard today. Seriously. Anyone can confirm that ? Mario ? Carlos ? ....
Anyways, This guy doesn't understand shit, talks a lot about shit he doesn't know about, why would you even spend time reading his shit ? This vulnerability is about sending a *huge fucking* stream of UDP packets on a closed port in order to trigger a int overflow via a ref count. Most of the people here didn't even understand what we are talking about/dealing with. Anyways, it's probably time for you to unsubscribe since you don't follow and S-K's like sec...@gmail.com are trying to act like they know. Yeah right, a UDP int overflow triggered via a refcount UDP overflow that you can trigger with 1 single TCP (with the right ACK) packet is the way to go. This mailing list is getting gay, seriously. Cheers, Antony. On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance <tzewang.do...@gmail.com>wrote: > Okay, now I'm confused! From > http://oss.coresecurity.com/projects/impacket.html > > "Impacket is a collection of Python classes focused on providing access to > network packets. Impacket allows Python developers to craft and decode > network packets in simple and consistent manner. It includes support for > low-level protocols such as IP, UDP and TCP, as well as higher-level > protocols such as NMB and SMB. Impacket is highly effective when used in > conjunction with a packet capture utility or package such as > Pcapy<http://oss.coresecurity.com/projects/pcapy.html>. > Packets can be constructed from scratch, as well as parsed from raw data. > Furthermore, the object oriented API makes it simple to work with deep > protocol hierarchies." > > Thanks for your input Antony. Can you explain why impacket has nothing to > do with crafting UDP packets? > > Fascinating thread this. Thanks to all!! > > dan :) > > On 11 November 2011 22:42, Antony widmal <antony.wid...@gmail.com> wrote: > >> You are definitely a lamer secn3t. >> Also for you little brain, impacket has nothing to do with crafting UDP >> packets.. >> >> Thanks for proving this again and again. >> >> On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <sec...@gmail.com> wrote: >> >>> well look at that :P >>> not same author but , nice coding predelka! good one, i will add you >>> to crazycoders.com coderslist... i guess there is a few codes you have >>> now done wich might be useful... cheers. >>> xd >>> >>> >>> >>> On 12 November 2011 05:43, Ryan Dewhurst <ryandewhu...@gmail.com> wrote: >>> > An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic: >>> > >>> > http://pastebin.com/fjZ1k0fi >>> > >>> > On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) >>> > <t...@hammerofgod.com> wrote: >>> >> Yeah, I gotta say, I’m going to use it at some point ;) >>> >> >>> >> >>> >> >>> >> From: full-disclosure-boun...@lists.grok.org.uk >>> >> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of >>> Mario Vilas >>> >> Sent: Friday, November 11, 2011 9:02 AM >>> >> To: Ryan Dewhurst >>> >> >>> >> Cc: full-disclosure@lists.grok.org.uk >>> >> Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in >>> TCP/IP >>> >> Could Allow Remote Code Execution (2588516) >>> >> >>> >> >>> >> >>> >> I liked the "heavy breather in the perv closet" bit. >>> >> >>> >> On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst < >>> ryandewhu...@gmail.com> >>> >> wrote: >>> >> >>> >> I think Jon just said what everyone else was thinking, he said what I >>> >> was thinking at least. >>> >> >>> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.ke...@gmail.com> >>> wrote: >>> >>> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <sec...@gmail.com> wrote: >>> >>>> About the PPS, i think thats a very bad summary of the exploit, >>> 49days >>> >>>> to send a packet, my butt. >>> >>>> There is many people assuming wrong things, when it can be done with >>> >>>> seconds, syscanner would scan a -b class in minutes, remember it >>> only >>> >>>> has to find the vulns, gather, then it would break scan, and trigger >>> >>>> vuln... so in real world botnet, yes then, with tcpip patchers, like >>> >>>> somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks... >>> >>>> and it is ONLY one wich actually works, when you maybe modify the >>> src >>> >>>> so the sys file, is dropped from within a .cpp file, well thats up >>> to >>> >>>> you but thats better way to make it work, this will open >>> >>>> sockets/threads, as i could, easily proove with one exe, but, the >>> goal >>> >>>> is, to trigger the vuln then exploit it, less than 49days :P , so , >>> >>>> iguess if this exploit, in real form, gathered 2 million hosts over >>> 3 >>> >>>> nights.. i guessing that the exploit, could possibly be triggered >>> with >>> >>>> ONE properly setup packet.. people forget that, a packet is one >>> thing, >>> >>>> and a crafted UDP packet, is quite another.. >>> >>> >>> >>> I'd really like to see you actually explain this bug with code. >>> Either >>> >>> with a poc or with the disassembly. You seem to act like you know >>> >>> what's going on, but so far your description has been off base (from >>> >>> what I can make of your writing). >>> >>> >>> >>> No one cares about paragraphs of speculation and bragging, code or >>> you >>> >>> are just another heavy breather in the perv closet of FD. >>> >>> >>> >>> _______________________________________________ >>> >>> Full-Disclosure - We believe in it. >>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >> >>> >> _______________________________________________ >>> >> Full-Disclosure - We believe in it. >>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>> >> >>> >> >>> >> -- >>> >> “There's a reason we separate military and the police: one fights >>> the enemy >>> >> of the state, the other serves and protects the people. When >>> the military >>> >> becomes both, then the enemies of the state tend to become the >>> people.” >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/