Re: [Full-disclosure] Large password list

2011-12-01 Thread xD 0x41
http://dazzlepod.com/site_media/txt/passwords.txt hes put alo of passes here, and makes direct compares to JTR on the website.. this seems to be the Point of sale also...so this domain would shape the outcome.. On 2 December 2011 14:40, Richard Golodner wrote: > On Fri, 2011-12-02 at 14:

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread xD 0x41
> The only one who has daily updates Thats total crap... look like 3 posts away, he had to apologise for "playing with his new MMORPG game" , instead of doing as he had said, wich was, porting the latest freebsd PoC/exploit code, to his py, he made even, exe installer, wich led nowhere... then, he

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread xD 0x41
Thats not the main one :P Checkout INSECTPro tool ;) but, thats metasploit v2 nd v3 i believe...and alot nicer than this,...same author... i have a copy, but he wont let me know, if i can use my copy, to pull updates from git ;'( I assume that means, the pirated copy i have, must work fine, aslong

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Sanguinarious Rose
Why did you rewrite metasploit? On Tue, Nov 29, 2011 at 9:09 PM, wrote: > Exploit Pack is an open source security tool that will help you test > the security of your computer or servers. It combines the benefits of a > Java GUI, Python as  engine and the latest exploits on the wild. It has > an

Re: [Full-disclosure] Large password list

2011-12-01 Thread xD 0x41
Or simply, use openwal.com who atleast do something and have an oyutstanding os... they do not charge on that basis, and also the socalled hash, if you look in the 3 offered fiiles, theyre all same length of digits, i am not even sure what hes offering, because, i assume that is a decrypted list...

Re: [Full-disclosure] Large password list

2011-12-01 Thread Sanguinarious Rose
I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! If you are like me I always download and store the various dbase le

Re: [Full-disclosure] FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit

2011-12-01 Thread Michal Zalewski
> If you want to respect the license of this code you cannot include the > exploit in your software. And don't get me started about my patent on NOP sleds! /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-ch

Re: [Full-disclosure] Large password list

2011-12-01 Thread Valdis . Kletnieks
On Fri, 02 Dec 2011 13:10:14 +1100, xD 0x41 said: > Idiot > You are NO blackhat,and NO hacker. > xd You know things are pretty screwed up when I'm +1'ing an xD rant. :) pgp6MREtrth6e.pgp Description: PGP signature ___ Full-Disclosure - We believ

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread xD 0x41
fail. On 2 December 2011 13:25, Antony widmal wrote: > Fix defaced website or flip burgers to help mom with the rent, that's > tough dilemma for a script-kiddie. > > Speaking of helping > mom: http://web.archive.org/web/20110129092551/http://crazycoders.com/ > > > > On Thu, Dec 1, 2011 at 3:47 P

Re: [Full-disclosure] Large password list

2011-12-01 Thread Gary Baribault
As usual Xd is trolling .. and I shouldn't answer but he pisses me off .. Gary B On 12/01/2011 09:10 PM, xD 0x41 wrote: > This is what whitehats would probably class as a 'blackhat' , the sad > thing is, i bet NO blackhats, really like this.. not serious ones. > Its sad, your a pathetic person,

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Antony widmal
Fix defaced website or flip burgers to help mom with the rent, that's tough dilemma for a script-kiddie. Speaking of helping mom: http://web.archive.org/web/20110129092551/http://crazycoders.com/ On Thu, Dec 1, 2011 at 3:47 PM, ghost wrote: > I saw your site got defaced today, mr "your meant

Re: [Full-disclosure] Large password list

2011-12-01 Thread adam
In case you missed it, that's one of the other files he's hosting off that website. Part of his plan to sell this groundbreaking .txt file, or whatever. On Thu, Dec 1, 2011 at 8:11 PM, xD 0x41 wrote: > 22033538 > > whats this hash for > nothin. > hes a f00l. > > altho, i dont like you, atlea

Re: [Full-disclosure] Large password list

2011-12-01 Thread xD 0x41
22033538 whats this hash for nothin. hes a f00l. altho, i dont like you, atleast, you see a fool as i do. unfortunately, your not much better. On 2 December 2011 13:05, adam wrote: > Also, not to beat a dead horse, but.. > >>>- cover cost of upstream bandwidth, the list is currently at  64

Re: [Full-disclosure] Large password list

2011-12-01 Thread xD 0x41
This is what whitehats would probably class as a 'blackhat' , the sad thing is, i bet NO blackhats, really like this.. not serious ones. Its sad, your a pathetic person, resorting to online theft, to cover your bs demands, as pointed out, what 'costs', for keeping, stolen data... ? ONLY the cost, Y

Re: [Full-disclosure] Large password list

2011-12-01 Thread adam
Also, not to beat a dead horse, but.. >>- cover cost of upstream bandwidth, the list is currently at 64MB compressed and new versions are likely to only get larger Is also pretty ridiculous. Why? Because you're offering hashes.txt , passwords.txt <

Re: [Full-disclosure] Large password list

2011-12-01 Thread Benji
Which country is "UNIQPASS" registered as a tm? On Fri, Dec 2, 2011 at 1:47 AM, adam wrote: > >>- reduce abuse > > The concerning part is that you're serious. Tell me, how does someone > paying for a list of STOLEN passwords reduce abuse? > > This email, your obsession with LulzSec and the disc

Re: [Full-disclosure] Large password list

2011-12-01 Thread adam
>>- reduce abuse The concerning part is that you're serious. Tell me, how does someone paying for a list of STOLEN passwords reduce abuse? This email, your obsession with LulzSec and the disclaimer on your site make it pretty clear where the information is coming from, so what kind of abuse poten

Re: [Full-disclosure] Large password list

2011-12-01 Thread Addy Yeow
There are many password lists already available for free out in the wild but mostly lack the quality. The minimal fee for UNIQPASS is necessary to help: - keep ongoing effort to improve the quality of the list over time - ensure frequent updates, i.e. when new leaked databases appear (existing use

[Full-disclosure] SANS AppSec 2012 CFP reminder

2011-12-01 Thread SANS AppSec CFP
Hi everyone, It's been over a month since we first announced the CFP for the SANS AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012. We've received a number of great submissions so far but there's only two months left until the deadline on February 1, 2012. If you'd like t

[Full-disclosure] International Checkout

2011-12-01 Thread Philippe Meunier
Hello, Read the email below if you want to laugh a little. Especially the answer to question 1 in the FAQ at the end of the email. No word on how they were pirated or how many credit card numbers were stolen though, but obviously I'm not the only who's received that email: http://forums.whirlpoo

Re: [Full-disclosure] FreeBSD ftpd & ProFTPd on FreeBSD exploit in Action [HACKTRO] :>

2011-12-01 Thread xD 0x41
Awesome stuff =) On 2 December 2011 09:17, HI-TECH . wrote: > Hi lists, > this is Kingcope > btw this exploit does not depend on the ProFTPd version > as illustrated in the youtube video below it will unlock > ProFTPd 1.3.4a too. > > enjoy the hacktro!! > http://youtu.be/10uedlgNEJA > >

[Full-disclosure] FreeBSD ftpd & ProFTPd on FreeBSD exploit in Action [HACKTRO] :>

2011-12-01 Thread HI-TECH .
Hi lists, this is Kingcope btw this exploit does not depend on the ProFTPd version as illustrated in the youtube video below it will unlock ProFTPd 1.3.4a too. enjoy the hacktro!! http://youtu.be/10uedlgNEJA ___ Full-Disclosure - We believe in it. Chart

Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

2011-12-01 Thread Wonder Guy
On Thu, Dec 1, 2011 at 10:37 PM, TAS wrote: > Wonder guy, the basis of your conclusion are as ridiculous as your question. > > Microsoft and Google are products companies. Atleast TCS and Wipro are not. > They are into offshore and managed business domains. Infosys is also into > making custom s

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Chris L
Depending on your country/local laws (no idea where you're from), how you discovered the vulnerabilities and if you actually tested them and gained unauthorized access in the process then there is the possibility you're on the wrong side of the law. If you haplessly stumbled across it and then left

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Miguel Lopes
Thanks for the advice, the money was a long shot i will stick with the anonymous e-mail, giving the information and tips to fix it. A 2011/12/01, às 18:08, Chris L escreveu: > Depending on your country/local laws (no idea where you're from), how you > discovered the vulnerabilities and if you a

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Miguel Lopes
It was my first thought letting them know in anon e-mail but getting some extra cash would be great too. I guess i will stick with sending the e-mail alerting them of the situation. thanks A 2011/12/01, às 16:55, Thor (Hammer of God) escreveu: > You are in a tough spot. In general, the level

Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

2011-12-01 Thread phyco.rootelement phyco.rootelement
Hi, No offence, I think you have a wrong perception with these companies, They are not into Zero day !!! They are just vendor specific support companies. you cannot expect an vendor specific support company to find Zero day and handle operations support both at same time. Sorry buddy that aint pos

Re: [Full-disclosure] FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit

2011-12-01 Thread Jason Hellenthal
On Wed, Nov 30, 2011 at 11:05:08PM +0100, HI-TECH . wrote: > Hi lists, > sorry if I offended anyone with by referring to teso, > I really like teso as you might also. > all this happend because I was drunk hehe :> > I hope you enjoy this release! > > Am 30. November 2011 20:32 schrieb HI-TECH .

[Full-disclosure] InfoSec Southwest 2012 CFP

2011-12-01 Thread I)ruid
InfoSec Southwest 2012 Call for Papers March 30th through April 1st 2012, Austin, Texas http://infosecsouthwest.com/cfp.html The InfoSec Southwest staff are now soliciting papers to be presented at our 2012 conference to be held March 30th through April 1st 2012 in Austin, Texas. Who Should Submi

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread ghost
I saw your site got defaced today, mr "your meant to be PRO." Maybe time for less posting and more edumacation ? On Thu, Dec 1, 2011 at 11:41 AM, xD 0x41 wrote: > dude, your meant to be PRO, ___ Full-Disclosure - We believe in it. Charter: http://lis

Re: [Full-disclosure] Is FD no longer unmoderated?

2011-12-01 Thread Nick Boyce
On Thu, Dec 1, 2011 at 3:06 AM, wrote: > On Thu, 01 Dec 2011 07:49:28 +0530, David Blanc said: > > > A colleague of mine subscribed to FD recently and tried posting to it > > but every time he gets this message: > > The *list* isn't moderated.  However, several *people* are, and they for the > mo

[Full-disclosure] [SECURITY] [DSA 2356-1] openjdk-6 security update

2011-12-01 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2356-1 secur...@debian.org http://www.debian.org/security/Florian Weimer December 01, 2011

[Full-disclosure] Multiple vulnerabilities in RoundCube

2011-12-01 Thread MustLive
Hello list! I want to warn you about multiple vulnerabilities in RoundCube. These are Brute Force, Content Spoofing, Cross-Site Scripting and Clickjacking vulnerabilities. CS and XSS are in TinyMCE, which is included with RoundCube. - Affected products: --

Re: [Full-disclosure] Writing Self Modifying Code

2011-12-01 Thread coderman
On Wed, Nov 30, 2011 at 1:30 PM, Adam Behnke wrote: > Hello full disclosureites, a new tutorial is available at InfoSec Institute >... > Your thoughts? who was this content plagiarized from? ___ Full-Disclosure - We believe in it. Charter: http://lists

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread xD 0x41
dude, your meant to be PRO, i also tried to use your it to pull the latest files, and nothing there mate.not since, awhile ago... I also now have a copy of insectPRO , and am wondering, is your git able to update this for me.. am alittle worried ;p Altho on exploitpack.com/downloads/ there seems

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread noreply
Hi! I saw your message on FD and SF mailing list... So sorry for this.. But I didnt have the time to create the installer for win32, linux32/64 In fact.. I was playing my favourite MMORPG ( Lineage2 ) and they opened a new server yesterday so haha that keep me busy :p Anyway, that its planned to

Re: [Full-disclosure] Large password list

2011-12-01 Thread Fabio Pietrosanti (naif)
On 12/1/11 6:14 PM, Addy Yeow wrote: > I thought some of you may find this large password list useful, over 27 > million entries. > http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) Anyone linking a warez version (Why pay $4.99?) ? -naif _

[Full-disclosure] Large password list

2011-12-01 Thread Addy Yeow
I thought some of you may find this large password list useful, over 27 million entries. http://dazzlepod.com/uniqpass/ (it's a paid list though, at $4.99) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.h

Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

2011-12-01 Thread TAS
Wonder guy, the basis of your conclusion are as ridiculous as your question. Microsoft and Google are products companies. Atleast TCS and Wipro are not. They are into offshore and managed business domains. Infosys is also into making custom solutions and they are all closed source. And none of

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Peter Dawson
Send site owner/admin anon email and leave it at that.. as Thor mentioned give em the info for free! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.co

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Thor (Hammer of God)
You are in a tough spot. In general, the level of access you granted yourself in an unauthorized testing of the site would be considered illegal. You may recall the whole 'or 1=1 thing. So your approach to the client is all he would need to contact authorities if he so chose. Arguably, t

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Christopher Truncer
Everyone should remember that this software is made by the same people who make Insect Pro. Read into that what you will. On Nov 30, 2011, at 7:49 AM, Samuel Lavitt wrote: > Hmm, only a Windows installer, and no actual source code. Just who is > getting exploited here I wonder? > > On 11/30

Re: [Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

2011-12-01 Thread Valdis . Kletnieks
On Thu, 01 Dec 2011 07:24:14 +0530, Wonder Guy said: > What is the matter here? Indian software vendors are the best in the whole > world in security matters or Secunia simply doesn't care about Indian > software vendors? Secunia doesn't care about little fish no matter which pond they're in. If

Re: [Full-disclosure] Client aproach

2011-12-01 Thread Ferenc Kovacs
how not to do it: http://www.securityweek.com/hungarian-man-pleads-guilty-hacking-marriott-systems-demanding-job-it-dept http://www.infoworld.com/d/security-central/hungarian-man-charged-hacking-sony-ericsson-site-047 On Wed, Nov 30, 2011 at 11:56 AM, Miguel Lopes wrote: > Hi List, > > I found so

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Mario Vilas
Indeed, Juan Sacco is the author. It's pretty clear from the "about" page on the site, and the whois record on the domain. I don't think it's meant to be a secret. Now, I know his track record on this list is less than ideal, but let's try to be professional and wait for the source code to show up

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Stefan Edwards
>From one of the earlier emails to the list: """Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a...""" On Wed, Nov 30, 2011 at 10:58 PM, Gino wrote: > Seems to have Juan Succo written all over it > > On 11/30/11 1:49 AM, Mario Vilas wrote:

[Full-disclosure] Infosys TCS Wipro like companies don't know security basics?

2011-12-01 Thread Wonder Guy
Hi Security Experts, I have a question about the security track record of Indian IT vendors like Infosys, TCS, Wipro etc. An article about Indian IT vendors by an ex-employee of one of these companies is circulating in the different NITs (National Institute of Technology) of India today. My doubt

[Full-disclosure] News issue of PenTest Magazine - 21 pages of free content.

2011-12-01 Thread Maciej Kozuszek
Hi everyone! New issue of PenTest Magazine is out! 21 pages of free content, feat. full PainPill by Dean Bushmiller, where Dean talks about penetration testing business and law - this is a must for everyone in the business! The link to download is below: http://pentestmag.com/client-side-explo

Re: [Full-disclosure] New FREE security tool!

2011-12-01 Thread Samuel Lavitt
Hmm, only a Windows installer, and no actual source code. Just who is getting exploited here I wonder? On 11/30/2011 02:00 PM, full-disclosure-requ...@lists.grok.org.uk wrote: > Hi, > > I'm afraid all the download links in that webpage seem to be broken, except > for the Windows installer (which

[Full-disclosure] Client aproach

2011-12-01 Thread Miguel Lopes
Hi List, I found some major design flaws and vulnerabilities on a local webstore, but now i would like to tell the owner nicely and maybe profit from it?! Does anyone have some tips on how to inform a potential client of their vulnerabilities? Thanks in advance, Miguel Lopes ___

[Full-disclosure] [SECURITY] [DSA 2354-1] cups security update

2011-12-01 Thread Yves-Alexis Perez
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2354-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 28, 2011

[Full-disclosure] PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

2011-12-01 Thread Schurtz, Stefan
Advisory: PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability Advisory ID:INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact:secur...@infoserve.de Affected Software: Successfully tested on PHP Inventory 1.3.1 V