[Full-disclosure] Re: Forwarding comments to FD
A kiddie Funny how you assume I am an American. Even funnier that if I am a "stupid American" you have proven to be much much more stupid than even the most retarded American. People like you make George W. Bush look smart. I have no grudge against anyone but I do hold stupidity in contempt. Perhaps you should think about that before you STUPIDLY hit the reply button to this. On 11/18/05, n3td3v <[EMAIL PROTECTED]> wrote: > You've proved you can be a typical American when you want to be by > posting private mail that no one else wants to read. It's about time > you sat back and relaxed for a while, instead of jumping on some > bandwagon. > > Youre someone with a grudge against me, for some unknown reason. Time > to get educated, instead of posting random paragraphs out of context, > and by giving short arrogant (Stereo typical American replies). > > Yeah man, look, My names mr InfoSecBofh: I don't know how to reply to > n3td3v, i'll just make fun of him and call him a kiddie. That'll make > n3td3v look stupid and give you so much support as infosecbofh... yeah > right. > > You're some small time wanna be getting involved in shit that doesn't > concern you. Go back to your hole in the ground, or whatever they call > it nowadays, you're out of your depth. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Forwarding comments to FD
Blah blah blah... I never said I represented Yahoo you clueless fuck. I said, that I have intimate knowledge of Yahoo and know for a fact that you are full of shit. You criticize me for using a so called anonymous ID (which this really isn't) yet you are hiding behind your email address as well. Something tells me that I won't be banned from FD before you. Get a clue kiddie. On 11/19/05, n3td3v <[EMAIL PROTECTED]> wrote: > I will keep replying to you until everyone on FD tells you to stop > forwarding my messages, and / or you get banned from FD by > grok.org.uk. > > I won't be backing down just so you can think you've won this argument > about you representing an opinion that you claim Yahoo employees at > Yahoo's security inbox have of me. > > Even though you're using an anonymous user ID, your'e still claiming > you are representative of Yahoo or that you are friends with > individuals, which you are passing on their opinion. > > Back up your comments or get off FD in respect of your comments > towards me and Yahoo. > > Thanks > > On 11/19/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > > A kiddie > > > > Funny how you assume I am an American. Even funnier that if I am a > > "stupid American" you have proven to be much much more stupid than > > even the most retarded American. People like you make George W. Bush > > look smart. > > > > I have no grudge against anyone but I do hold stupidity in contempt. > > Perhaps you should think about that before you STUPIDLY hit the reply > > button to this. > > > > On 11/18/05, n3td3v <[EMAIL PROTECTED]> wrote: > > > You've proved you can be a typical American when you want to be by > > > posting private mail that no one else wants to read. It's about time > > > you sat back and relaxed for a while, instead of jumping on some > > > bandwagon. > > > > > > Youre someone with a grudge against me, for some unknown reason. Time > > > to get educated, instead of posting random paragraphs out of context, > > > and by giving short arrogant (Stereo typical American replies). > > > > > > Yeah man, look, My names mr InfoSecBofh: I don't know how to reply to > > > n3td3v, i'll just make fun of him and call him a kiddie. That'll make > > > n3td3v look stupid and give you so much support as infosecbofh... yeah > > > right. > > > > > > You're some small time wanna be getting involved in shit that doesn't > > > concern you. Go back to your hole in the ground, or whatever they call > > > it nowadays, you're out of your depth. > > > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Forwarding comments to FD
Sure moron, post the information to make me look stupid. I mean you have spent all this time and effort making yourself look stupid so why not take a shot at making someone else look stupid. Its time for you to shit or get off the pot. On 11/19/05, n3td3v <[EMAIL PROTECTED]> wrote: > With having three people from Yahoo security team on my Ymessenger > list and e-mail address book, I feel I have more inside knowledge than > you at Yahoo. You're a bit stupid in using profanity. Whats wrong, > can't handle the heat? I can post up information to make you look > stupid if you push this far enough. > > Keep up your bitching. > > On 11/19/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > > Blah blah blah... > > > > I never said I represented Yahoo you clueless fuck. I said, that I > > have intimate knowledge of Yahoo and know for a fact that you are full > > of shit. > > > > You criticize me for using a so called anonymous ID (which this really > > isn't) yet you are hiding behind your email address as well. > > > > Something tells me that I won't be banned from FD before you. > > > > Get a clue kiddie. > > > > On 11/19/05, n3td3v <[EMAIL PROTECTED]> wrote: > > > I will keep replying to you until everyone on FD tells you to stop > > > forwarding my messages, and / or you get banned from FD by > > > grok.org.uk. > > > > > > I won't be backing down just so you can think you've won this argument > > > about you representing an opinion that you claim Yahoo employees at > > > Yahoo's security inbox have of me. > > > > > > Even though you're using an anonymous user ID, your'e still claiming > > > you are representative of Yahoo or that you are friends with > > > individuals, which you are passing on their opinion. > > > > > > Back up your comments or get off FD in respect of your comments > > > towards me and Yahoo. > > > > > > Thanks > > > > > > On 11/19/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > > > > A kiddie > > > > > > > > Funny how you assume I am an American. Even funnier that if I am a > > > > "stupid American" you have proven to be much much more stupid than > > > > even the most retarded American. People like you make George W. Bush > > > > look smart. > > > > > > > > I have no grudge against anyone but I do hold stupidity in contempt. > > > > Perhaps you should think about that before you STUPIDLY hit the reply > > > > button to this. > > > > > > > > On 11/18/05, n3td3v <[EMAIL PROTECTED]> wrote: > > > > > You've proved you can be a typical American when you want to be by > > > > > posting private mail that no one else wants to read. It's about time > > > > > you sat back and relaxed for a while, instead of jumping on some > > > > > bandwagon. > > > > > > > > > > Youre someone with a grudge against me, for some unknown reason. Time > > > > > to get educated, instead of posting random paragraphs out of context, > > > > > and by giving short arrogant (Stereo typical American replies). > > > > > > > > > > Yeah man, look, My names mr InfoSecBofh: I don't know how to reply to > > > > > n3td3v, i'll just make fun of him and call him a kiddie. That'll make > > > > > n3td3v look stupid and give you so much support as infosecbofh... yeah > > > > > right. > > > > > > > > > > You're some small time wanna be getting involved in shit that doesn't > > > > > concern you. Go back to your hole in the ground, or whatever they call > > > > > it nowadays, you're out of your depth. > > > > > > > > > > > > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Apologies to any one who experienced a problem with running this tool.
I have been made aware that since the latest .net framework BobCat won't
run. It seems the problem is with M$ making
System.Windows.Forms.RaftingSides obsolete.
I wasn't able to build it in the latest C# Express. Or run it on a
machine that had the latest .net framework patches applied.
I being lazy decided just to re-write the GUI from scratch and add a
bunch of new features (v0.2 ETA 1/2 weeks).
This morning I have gone through Alphav0.1 code and removed the
offending items. If you experienced problems please re-download and
give it another try. Apologies for your problems.
A few people had it running, but without checking I don't know when M$
upgraded the controls from depreciated to obsolete.
Hope this helps.
If you need any more help or have any bugs to report always happy to
help or hear. It will always improve the program!
Dave wrote:
> BobCat -- Automated SQL Injection Tool
>
> URL: http://www.northern-monkee.co.uk
>
> Download from:
>
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.zip
>
> Or
>
> http://www.northern-monkee.co.uk/projects/bobcat/bin/BobCat_Alphav0.1.rar
>
> I've had a few late nights lately re-working BobCat. Upgraded
> to latest C# and .net libs and SP's. I originally wrote the tool a year
> or more ago and now M$ have made a bunch of system.form controls
> obsolete :-(
>
> I took it as an opportunity to re-write the GUI from scratch and it also
> meant I didn't have to juggle things around to fit some of the new
> features in.
>
> I haven't had a local MSSQL DB or APP to test against so can't say with
> certainty that bugs are ironed out, however making progress for
> Alphav0.2 release soon.
>
> Features:
>
> 1. Return Data via:
>
> a) OPENROWSET [alpha v0.1]
> b) Create Table Method [alpha v0.2]
> c) CAST method [alpha v0.2]
>
> 2. Interactive shell via:
>
> a) OPENROWSET [alpha v0.2]
> b) Create Table [alpha v0.2]
> c) CAST method [alpha v0.2]
>
> 3. Port Scanner
>
> a) OPENROWSET (TCP Only) [alpha v0.1]
> b) TCP and UDP (port scanner file upload via XP_CMDSHELL) [alpha v0.2]
>
> 4. File Upload {custom files}
>
> a) Debug [alpha v0.2]
> b) BCP [alpha v0.2]
>
> 5. Password Cracking/ Brute Forcing
>
> a) Dictionary Attack [alpha v0.1]
>
> 6. Interactive Query Analyzer [alpha v0.2]
>
> 7. Custom XP_CMDSHELL
>
> a) re-add it as long as .DLL is present [alpha v0.2]
> b) custom XP_CMDSHELL if no .DLL present [alpha v0.2]
>
> 8. Reverse TCP & UDP Shell upload via
>
> a) Debug [alpha v0.2]
> b) BCP [alpha v0.2]
>
> 9. Browser Window/Control
>
> a) To help with debugging output [alpha v0.2]
>
>
> Thanks to Gary for his excellent perl SQL injection tool (AUTOMAGICAL)
> available from http://scoobygang.org/uncon.zip and Ollies NetCat hacks
> for the reverse shell.
>
> Without their contributions v0.2 would not be as interesting ;-)
>
> If anyone is interested in testing and reporting bugs then drop me a mail.
>
> Cheers
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDfxdkCq8ddNLLSusRAgOFAJ90KOeRmIY25hrb9S+DoGHiLE2HfgCglzQW
eCggAOeTMa4YHRZzFOJB3cc=
=ldZS
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
I'm no legal expert, but I'm guessing that you'd be well within your rights to sue him if he would happen to release information about your identity on here. I mean, from the kind of stuff he's said I'd say it'd be very easy to prove he's been threatening people and is basically slandering Yahoo by saying he's associated with them. By the way, I think I might have noticed something with gmail. I haven't really tested this, but it seems like if I log into gmail on one computer in my house and click the box for it to remember me, and then I go to a different computer and change my password for gmail I'm still able to access it from the first computer without having to log in again. Maybe it's just me, or maybe it's intentional. Either way, it seems like a bad idea if it is intentional. I guess what I'm wondering is if anyone else will give it shot so I can be sure it's not just my computer or something. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anyone messed with the md5 collision code yet?
Has anyone on here really messed with the md5 collision code that was released the other day? http://www.stachliu.com.nyud.net:8090/collisions.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Google Base
It seems that if you select an existing item type and then click on the create your own item type radio button it will edit the item type you selected from the dropdown (I dont think this is a planned feature) On 11/18/05, Petko Petkov <[EMAIL PROTECTED]> wrote: OK, I need to start this subject since nobody else has discussedanything yet on the mailing list. Do you guys know about Google Base?:Google our big hacker friend that helps us to find malicious scripts andopen proxies just like that. Well, Google has a new service: Google Base. And there are many cool stuff that you can do with it.First of all I would like to mention that Google Base is sort ofdatabase where you can put whatever information you want: you can blog,you can post your advisories there, you can write awesome worms that upload and read commands from there, you can even use it as the biggestrainbow table in the world that can crack any hash in less than asecond. check it out: http://base.google.com I was playing around with goggle base and I must say I am quiteimpressed and in the same time scared to death. Goggle base is the mostamazing thing I have seen for a while and it can be used for many different things.Now here is a list that I built for you how to use goggle base for yourown good:* Brute forcer - massive storage for mare mortals.* Keep your exploits* Keep your code fragments * Keep your advisories and security notes* Log there :)* Write a book (Goggle Book) :)* You can write even a Game Book.* Write a game and store its data on goggle base* Use it to hold your secret hacker tools (with encryption) :) just joking * Make a goggle base forum* Make a security listIf you have more ideas how to use and abuse goggle base service, justcontribute to the thread. Of course we all have to be responsible. Thisis the reason why I believe that this early notice about goggle base power is fair enough.Cheers-- Moo (tm) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] unknown windows rootkit
We found what seems to be a unknown rootkit on a customer system which was windows 2000 sp4.It is a kernel resident infector as it installs itself as hidden device driver operating in kernel level to hide its directories and programs aswell as network connections. For our research we named it Win32/McSport-A.More Detailed informations aswell as removal instructions can be found here: http://www.groundzero-security.com/mcsport.html regards, GroundZero Security Research Http://www.groundzero-security.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Advisory:Multiple Cross Site Scripting vulnerabilities in phpMyFAQ Name:TKADV2005-11-004 Revision:1.0 Release Date:2005/11/19 Last Modified: 2005/11/19 Author: Tobias Klein (tk at trapkit.de) Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3) Risk:Critical ( ) High (x) Medium ( ) Low ( ) Vendor URL: http://www.phpmyfaq.de/ Vendor Status: Vendor has released an updated version = Overview: = phpMyFAQ is a multilingual, completely database-driven FAQ-system. Version 1.5.3 and prior contain multiple persistent Cross Site Scripting vulnerabilities. = Solution: = Upgrade to phpMyFAQ 1.5.4 or newer. http://www.phpmyfaq.de/download.php For more details see: http://www.trapkit.de/advisories/TKADV2005-11-004.txt -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7 Q9va6jZFp+mJS94hk+8LcRkQ =HLVb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Forwarding comments to FD
Still waiting kiddie. Go take your meds... -- Forwarded message -- From: n3td3v <[EMAIL PROTECTED]> Date: Nov 19, 2005 3:31 AM Subject: Re: Forwarding comments to FD To: InfoSecBOFH <[EMAIL PROTECTED]> You're fighting a losing battle. You cannot back up your claims over Yahoo's opinion, but you feel you have enough authority to dictate what Yahoo are thinking on your user ID. Where as, I have four years of e-mail between myself and Yahoo, which can back up what you are calling "shit and far from the truth". I have been a continued provider of raw intelligence to Yahoo during this time, for damage limitation purposes. Feel free to contact Yahoo by phone or e-mail to confirm the facts. Yahoo should also have copies of e-mail sent. Still waiting for an example of where I have been BS'ing about Yahoo. All you can do is throw insults, come on surely you have something more intellectual to say, or do you exist only to provok anger towards me, maybe you're pushing for written confessions. Still trying to work out what your purpose of forwarding off list e-mails to FD as well. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
1. I haven't been posting anything to FD. Our little friend has been forwarding them. So on a legal point of view, I would only be sending his real Identity to his private mail box, if he decided to forward that information to FD, that would be legally his own doing, not mine. 2. The issue you speak about with cookies on your browser, is a known about Firefox issue. Get a clue before you post about bhugs. There is no Gmail issue in what you're describing ;-) On 11/19/05, Iadnah <[EMAIL PROTECTED]> wrote: > I'm no legal expert, but I'm guessing that you'd be well within your rights > to sue him if he would happen to release information about your identity on > here. I mean, from the kind of stuff he's said I'd say it'd be very easy to > prove he's been threatening people and is basically slandering Yahoo by > saying he's associated with them. > > By the way, I think I might have noticed something with gmail. I haven't > really tested this, but it seems like if I log into gmail on one computer in > my house and click the box for it to remember me, and then I go to a > different computer and change my password for gmail I'm still able to access > it from the first computer without having to log in again. Maybe it's just > me, or maybe it's intentional. Either way, it seems like a bad idea if it is > intentional. I guess what I'm wondering is if anyone else will give it shot > so I can be sure it's not just my computer or something. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
1. I haven't been posting anything to FD. Our little friend has been forwarding them. So on a legal point of view, I would only be sending his real Identity to his private mail box, if he decided to forward that information to FD, that would be legally his own doing, not mine. You have still been making threats which is very much against the law. 2. The issue you speak about with cookies on your browser, is a known about Firefox issue. Get a clue before you post about bhugs. There is no Gmail issue in what you're describing ;-) First of all, I;m not saying this is a a bug in anything. I'm merely asking if anyone has had the same thing happen, because I don't know if it's a bug with Gmail, or maybe something odd going on on my end. Second, it is you who needs to get a clue because you automatically assume I am using Firefox, when in fact I used Internet Explorer on one computer and Firefox on the other. (see below) 1) I log into Gmail on my girlfriend's laptop. I check the box for Gmail to set a cookie so I won't have to log in later. (Using Internet Explorer) 2) I go to my own computer, log into Gmail, and change my password. 3) I go back to my girlfriend's computer and go to Gmail, and I still do not have to log in, even though my password is different. I am not seeing how this could be a problem with Firefox. Shouldn't Gmail do something to the effect of checking to see when a cookie was set and comparing that to the last time my password was changed, and then if the password was changed more recently than the cookie was set make me log in again? And to restate this. I am not saying this is necessarily a bug with Gmail. I'm thinking it's more likely that something strange is going on with one of my computer or something. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
Our friend has been carefully picking out paragraphs out of context to use as propaganda against me on FD. I'm more than happy to defend myself in court over whats been said by me. Everything I have said is based on facts, there is nothing been said that I wouldn't be prepared to repeat. Everything I say has already been said many a time, and i'm not in jail yet. Heres hoping i'm not in jail soon, since theres so many people showing hate now ;-) Yahoo have my home address, personal photographs etc. If they were going to do something about me, it would have been done ages ago. This InfoSec guy is just someone causing trouble, he has no relation to Yahoo whatssoever. He is bull stirring for his own entertainment. 11/19/05, Iadnah <[EMAIL PROTECTED]> wrote: > You have still been making threats which is very much against the law. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
On Sat, Nov 19, 2005 at 09:34:49PM +, n3td3v wrote: ... In fact, you didn't write anything worth quoting. What happened to your virtual suicide? Can you stay dead longer please? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
I just had to come back to clear things up on my legal position with mr InfoSec. I am dead, BANG On 11/19/05, Scott T. Cameron <[EMAIL PROTECTED]> wrote: > In fact, you didn't write anything worth quoting. > > What happened to your virtual suicide? Can you stay dead longer please? > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] unknown windows rootkit
Hi,rkdetector ( http://www.rkdetector.com ) should be able to remove McSport-A rootkit by overwriting clusters used by those files. After wiping those files, a reboot should be enough to get again a clear system. "Nothing detected it Panda titanium AV 2006 and McAfee didnt detect it nor Microsoft AntiSpyware etc.UnHackMe detected it as HackerDefender Rootkit but was unable to remove it, so it might be a mutation." regards,Andres Tarasco2005/11/19, sk / GroundZero <[EMAIL PROTECTED]>: We found what seems to be a unknown rootkit on a customer system which was windows 2000 sp4.It is a kernel resident infector as it installs itself as hidden device driver operating in kernel level to hide its directories and programs aswell as network connections. For our research we named it Win32/McSport-A.More Detailed informations aswell as removal instructions can be found here: http://www.groundzero-security.com/mcsport.html regards, GroundZero Security Research Http://www.groundzero-security.com ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- Loco de aTar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Forwarding comments to FD
n3td3v wr04t3: > I have been a continued provider of raw intelligence to Yahoo... This probably explains why Yahoo has zero clue about security :) -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
On 11/19/05, n3td3v <[EMAIL PROTECTED]> wrote: > 1. I haven't been posting anything to FD. Our little friend has been > forwarding them. So on a legal point of view, I would only be sending > his real Identity to his private mail box, if he decided to forward > that information to FD, that would be legally his own doing, not mine. So I am still waiting for you to send me my identity. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: I have great social network, fear
On 11/19/05, n3td3v <[EMAIL PROTECTED]> wrote: > Our friend has been carefully picking out paragraphs out of context to > use as propaganda against me on FD. I'm more than happy to defend > myself in court over whats been said by me. Everything I have said is > based on facts, there is nothing been said that I wouldn't be prepared > to repeat. Everything I say has already been said many a time, and i'm > not in jail yet. Heres hoping i'm not in jail soon, since theres so > many people showing hate now ;-) I am no friend of yours kiddie and I have not picked out paragraphs I have forwarded your emails in their complete form. > Yahoo have my home address, personal photographs etc. If they were > going to do something about me, it would have been done ages ago. This > InfoSec guy is just someone causing trouble, he has no relation to > Yahoo whatssoever. He is bull stirring for his own entertainment. Think what you want. I am still waiting for you to post my personal information. This thread is as dead as your ability for unique thought. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gmail cracked
http://www.elhacker.net/gmailbug/english_version.htm Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] searching for Showtee docu
Hello, im searching for more information about Showtee rootkit. I have a system commpromised by some LKM and Showtee rootkit according to chkrootkit. I got rid of libproc.a modifications but dont know where to begin searching for Showtee information. Can someone direct me to any links regarding Showtee? Thanks in advance Michel Zobel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Framework for the aid of exploiting SQL injection
Absinthe (www.0x90.org/releases/absinthe) might do some of what you are describing. It works via blind injection against MS SQL, Oracle and Postgres it also has the ability to work via error pages (which is faster) for MS SQL server to a limited extent.On 11/17/05, Roman Medina-Heigl Hernandez <[EMAIL PROTECTED]> wrote: Hi,Is there any recommended tool which helps to get databases tables,entries, structure, etc, given a particular SQL injection bug in one application? I mean, it should *automatically* try different sentencesto figure out the names of the columns and in general, other useful infofrom the database. Perhaps a PoC of some of NGSSoftware's papers or a more elaborated tool... I'd like to hear from you what's the state ofthe art in this very particular web-appsec field (so feel free to talkabout tools oriented to different database flavours, if you want: SQL Server, Oracle, MySQL, Access, etc...).Thanks.PD: For God's sake, don't continue feeding non-sense threads like theformer Netdev's related flamewar. The best thing you can do is to ignorethem. --Saludos,-RomanPGP Fingerprint:09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742[Key ID: 0xEAD56742. Available at KeyServ]___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- Bigger 1:23This address if for mailing list traffic only. Please direct non-list correspondence to 0x90.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
