Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
On Tue, Mar 04, 2008 at 12:02:25AM +, Adrian P wrote: * Exploring the UNKNOWN: Scanning the Internet via SNMP! * http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of _remote SNMP hacking_. * Why SNMP? * 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. First of all SNMP is a UDP-based protocol which allows us to perform scanning at a much shorter time than via TCP-based protocols. Another advantage of This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. 2.5 million addresses can be done in a very short coffee break. Sebastian -- ~ ~ perl self.pl ~ $_='print\$_=\47$_\47;eval';eval ~ [EMAIL PROTECTED] - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
Well, such statement is simply derived from my personal experience of doing application-layer UDP scanning. Never ran a proper benchmark to compare speed results to be honest. On Tue, Mar 4, 2008 at 8:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote: On Tue, Mar 04, 2008 at 12:02:25AM +, Adrian P wrote: * Exploring the UNKNOWN: Scanning the Internet via SNMP! * http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of _remote SNMP hacking_. * Why SNMP? * 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. First of all SNMP is a UDP-based protocol which allows us to perform scanning at a much shorter time than via TCP-based protocols. Another advantage of This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. 2.5 million addresses can be done in a very short coffee break. Sebastian -- ~ ~ perl self.pl ~ $_='print\$_=\47$_\47;eval';eval ~ [EMAIL PROTECTED] - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- pagvac | gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] like goolag but online
cDc's goolag tool is pretty cool but here is an online alternative for those of you who are interested: http://www.gnucitizen.org/ghdb/ pdp -- http://www.gnucitizen.org http://www.gnucitizen.com GNUCITIZEN ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Multiple vulnerabilities in Google's Android SDK *Advisory Information* Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: http://www.coresecurity.com/?action=itemid=2148 Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated release *Vulnerability Information* Class: Heap overflow, integer overflow Remotely Exploitable: No Locally Exploitable: No Bugtraq ID: 28006, 28005 CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 *Vulnerability Description* Android is project promoted primarily by Google through the Open Handset Alliance aimed at providing a complete set of software for mobile devices: an operating system, middleware and key mobile applications [1]. Although the project is currently in a development phase and has not made an official release yet, several vendors of mobile chips have unveiled prototype phones built using development releases of the platform at the Mobile World Congress [2]. Development using the Android platform gained activity early in 2008 as a result of Google's launch of the Android Development Challenge which includes $10 million USD in awards [3] for which a Software Development Kit (SDK) was made available in November 2007. The Android Software Development Kit includes a fully functional operating system, a set of core libraries, application development frameworks, a virtual machine for executing application and a phone emulator based on the QEMU emulator [4]. Public reports as of February 27th, 2008 state that the Android SDK has been downloaded 750,000 times since November 2007 [5]. Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality. Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor. This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit. *Vulnerable Packages* . Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process GIF, PNG and BMP images (bugs #1, #2 and #3 of this advisory). . Android SDK m5-rc14 is vulnerable to a security bug in the component that process BMP images (bug #3). *Non-vulnerable Packages* . Android SDK m5-rc15 *Vendor Information, Solutions and Workarounds* Vendor statement: The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review. *Credits* These vulnerabilities were discovered by Alfredo Ortega from Core Security Technologies, leading his Bugweek 2007 team called Pampa Grande. It was researched in depth by Alfredo Ortega. *Technical Description / Proof of Concept Code* Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack. The WebKit application framework is included to facilitate development of web client application functionality. The framework in turn uses different third-party open source libraries to implement processing of several image formats. Android includes a web browser based on the Webkit framework that contains multiple binary vulnerabilities when processing .GIF, .PNG and .BMP image files, allowing malicious client-side attacks on the web browser. A client-side attack could be launched from a malicious web site, hosting specially crafted content, with the possibility of executing arbitrary code on the victim's Android system. These client-side binary vulnerabilities were discovered using the Android SDK that includes an ARM architecture emulator.
[Full-disclosure] lets go vishing
[19:15] lsi2lsi: hiya! ... so i was nearly vished today ... [19:16] lsi2lsi: mobile rings - hello, we're calling from Lloyds TSB, if you are not [name], you must press 2 [19:16] lsi2lsi: if you ARE [name], please press 1 [19:17] lsi2lsi: ..etc.. i went to bank - they'd never heard of such a thing [19:17] lsi2lsi: fucking scammers [19:17] lsi2lsi: so its an automated thing - and it's called me 4 times today [19:17] lsi2lsi: i looked on the net - cant immediately find someone to shut down their 0845 number [19:18] lsi2lsi: if they call me a few more times, i might go to the cops [19:18] lsi2lsi: before that tho, i think i'll have some fun with their machine, and post the gory details onto the full disclosure list on the net (a security conference, global, unmoderated) [19:19] lsi2lsi: together with the num, so all my friends and colleagues can enjoy the machine as well [19:19] lsi2lsi: hopefully they will get hammered by some freak on the list [19:20] lsi2lsi: fucking scammers!!! [19:20] lsi2lsi: it's 0845-331-2320 if u want to play :) [19:20] lsi2lsi: could be lotsa fun .. ;) [19:21] lsi2lsi: in fact, im gonna post this whole thing to full disclosure right now that's +44-845-331-2320 for non-UK folks... --- Stuart Udall stuart [EMAIL PROTECTED] net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [DailyDave] I like to read
[Forwarded from DailyDave] Tom Clancy just writes about how cool the Catholic religion is. His latest novel is all about someone trying to talk about format strings and buffer overflows, you can call them fish. I've read Dawson's Creek novels that were better written. Now, telling the public the truth about RPC is that until you find out you've actually been owned at least he wrote about sex. Here's me preparing to RPC fuzz Exchange 2003. Does anyone see anything interesting in this industry? In a way, I think it's funny that there's a new binary, then you're stuck. But with Windows, even accessing a file or directory was present. Remotely, with no authentication. This is the secret to open source security. It's only until their payroll spreadsheets get posted to full disclosure that they get all outraged and start trying to resolve this issue for the art, and prevents stupid and harmful things like OIS from gaining traction. This isn't related to security in any way. Basically it was at all interesting, but there are people on this list off the companies. - -dave ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Arbitrary commands execution in Versant Object Database 7.0.1.3
### Luigi Auriemma Application: Versant Object Database http://www.versant.com/en_US/products/objectdatabase Versions: = 7.0.1.3 Platforms:Windows, Solaris, HP-UX, AIX, Linux Bug: arbitrary commands execution Exploitation: remote Date: 04 Mar 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === From vendor's website: The Versant Object Database is the market leader in object databases. Using Versant Object Database for data storage brings powerful advantages to applications that use complex C++ and Java object models, have high concurrency requirements, and large data sets. The Versant Object Database is designed to handle the navigational access, seamless data distribution, and enterprise scale often required by these applications. The Versand server is used also in other stand-alone products like, for example, Borland CaliberRM which naturally are vulnerables too. ### == 2) Bug == VersantD is the service used for managing the Versant database and by default listens on port 5019 with the subsequent assigning of a new port after a client connects to it, so the client connects to port 5019 where is handled by the ss.exe process and after the initial exchange of data the connection continues on the new port. The first incredible thing which happens when a client connects is that the full paths which will be used by the server to launch the needed programs or locate the database files are passed directly by the same client. That means for example that if a client passes c:\folder in the VERSANT_ROOT field, the server will run (in case the -utility command is used) c:\folder\bin\obe.exe -version 7.0.1 -dbtype + -nettype 2 -arch 11 -utility -soc 220 o_oscp through the vs_prgExecAsync function. Then using a custom command value (at the place of the -utility showed before) beginning with the ..\ pattern for removing the \bin\ folder added by the server forces it to execute not only a custom executable decided by the attacker but also any additional argument too. Naturally is also possible to execute remote commands not available on the server through, for example, the Windows shares simply using \\myhost\myfolder as path. So, resuming, through the Versant server an attacker can execute any local or remote custom command. The following is the full command-line executed through a custom command value (in my proof-of-concept there is the explanation of all the fields) with the parameters supplied by the client in upper case: VERSANT_ROOT\bin\OUR_COMMAND OUR_ARGUMENTS -noprint -username VERSANT_USER -release VERSANT_REL -rootpath VERSANT_ROOT -dbpath VERSANT_DB -dbidpath VERSANT_DBID -dbidnode VERSANT_DBID_NODE DATABASE_NAME -posterrstk It's enough to use a line-feed at the end of our arguments for dropping all the useless stuff which starts from -noprint. Note: all the tests have been performed on the Windows version of the server so the exploitation could differ a bit on the other supported platforms. ### === 3) The Code === http://aluigi.org/poc/versantcmd.zip ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hack into a Windows PC - no password needed
http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200803-09 ] Opera: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: March 04, 2008 Bugs: #210260 ID: 200803-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Opera, allowing for file disclosure, privilege escalation and Cross-Site scripting. Background == Opera is a fast web browser that is available free of charge. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/opera9.26 = 9.26 Description === Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path (CVE-2008-1080). Max Leonov found out that image comments might be treated as scripts, and run within the wrong security context (CVE-2008-1081). Arnaud reported that a wrong representation of DOM attribute values of imported XML documents allows them to bypass sanitization filters (CVE-2008-1082). Impact == A remote attacker could entice a user to upload a file with a known path by entering text into a specially crafted form, to execute scripts outside intended security boundaries and conduct Cross-Site Scripting attacks. Workaround == There is no known workaround at this time. Resolution == All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-client/opera-9.26 References == [ 1 ] CVE-2008-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080 [ 2 ] CVE-2008-1081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081 [ 3 ] CVE-2008-1082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-09.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzdUouhJ+ozIKI5gRAqoGAJ47fARNyjNN6tMh5+16Hm2KBadmUQCeL+CN 2+oHbJ2FRiLnzJ5Ein7ta7E= =Lfy+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200803-08 ] Win32 binary codecs: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background == Win32 binary codecs provide support for video and audio playback. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 media-libs/win32codecs 20071007-r2 = 20071007-r2 Description === Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Impact == A remote attacker could entice a user to open a specially crafted video file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-libs/win32codecs-20071007-r2 Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References == [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
2008/3/4, Ivan . [EMAIL PROTECTED]: http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html Here is a (totally unofficial) mirror of Metlstorm's files in case you can't reach his overloaded website :-\ http://www.hotsecuritynews.com/fearwire/ Again, very nice work Metlstorm ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
I guess the release of this tool makes physical access pen-tests a little bit easier huh? Will have to try this out some time. Steven http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDNet Asia and TorrentReactor IFRAME-ed
An in-depth overview of a currently active malware IFRAME campaign, that's targeting ZDNet Asia and TorrentReactor's search engine optimization practices of generating, and locally caching the search queries pages, thereby positioning the now cached popular keywords with the IFRAME between the first ten to twenty search results, taking advantage of the sites' high page ranks. The current state of the exploitation technique used, allows the malicious parties to basically inject as many, and as diverse keywords, presumebly taking advantage of today's world events. Sample redirects, lead me to known Russian Business Network netblocks and ex-customers in the face of rogue anti-virus and any-spyware applications, as well as fake codecs. http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
The key to the vulnerability: To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. I assume this makes it a local login, not a domain login. Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire. So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] us cyber command
On Mon, Mar 3, 2008 at 2:31 PM, worried security [EMAIL PROTECTED] wrote: [02:40] worried do you think cyber terrorism is real or its just the government softening ppl up for a couple of false flags for a reason to bomb iran? [02:49] worried the u.s are still deciding where to build the cyber command, so don't expect any die hard style false flags till 2009 [02:50] worried they said their false flag cyber command would be up and running by december 2008 [02:50] worried so they will test out their capabilities probably 2009/10 Mar 03 22:50:50 worried bunch of skript kiddos with DDoS nets... this is why ppl will stop posting vulnerabilities to mailing lists, so the enemy can't use it against their countries Mar 03 22:51:10 Biff` huh? Mar 03 22:53:22 worried for instance do you think UK/china/iran hackers are going to keep posting to mailing lists vulnerabilties jsut so the script kids at the US cyber command can copy and paste the code to black out our electricity grids etc? Mar 03 22:53:25 worried http://www.ktbs.com/news/Ad-promote-Cyber-command-9337/ Mar 03 22:54:00 worried we will stop feeding the mailing lists the cyber ammo so the us cyber command can't attack our countries Mar 03 22:55:25 worried the us cyber command are advertising a cyber war on news articles, but do they realise what will happen if their is a cyber war? no will will post to the mailing lists anymore. Mar 03 22:55:55 worried the us government are the biggest dumb asses who dont think things through Mar 03 22:56:24 worried it will stop new techniques getting publically disclosed etc Mar 03 22:56:44 worried because nonUS hackers dont want to give the US gov ideas on how to hack non US countries Mar 03 22:57:07 Biff` we're already in a cyber war. Mar 03 22:57:23 worried so i hope the fucking us gov cyber command have good security researchers to find their own vulns and techniques Mar 03 22:57:49 worried cos their enemies wont post on the mailign lsits if cities start getting blacked out by US gov Mar 03 22:59:07 Biff` they do. Mar 03 22:59:18 worried oh have they hired hd moore? Mar 03 23:00:13 worried trust me the us gov rely on whats post to the mailing lsits as much as everyone else Mar 03 23:00:31 female_ we are in a cyber war? shsh last night we were in a trojan war Mar 03 23:00:35 worried and if they start attacking other nations when the cyber command is built Mar 03 23:00:49 worried then non-us hackers will stop posting to mailing lsits Mar 03 23:01:06 worried then the whole security community will fuck up Mar 03 23:01:23 Biff` the cyber command is nothing new. Mar 03 23:01:31 worried it is Mar 03 23:01:34 Biff` It is just a structural reorganization. Mar 03 23:01:41 worried its more than that Mar 03 23:01:55 worried this is about attacking nations Mar 03 23:01:59 Biff` you actually think that everything they are advertising isn't going on already? Mar 03 23:02:31 worried not on a big a scale as their planning Mar 03 23:02:53 worried 60,000+ cyber command staff in a purpose built cyber battle center Mar 03 23:03:53 worried these dorks will bring the end to the security community as we know it the dumb asses Mar 03 23:04:17 worried nothing will get publically disclosed if real cyber war breaks out Mar 03 23:06:06 Biff` it's not going to be as big as you think. Mar 03 23:06:24 Biff` It's going to put a lot of existing jobs and stations under a central command. Mar 03 23:07:20 female_ a strategic command? Mar 03 23:07:57 Biff` yes.. US Strategic Command will be in the mix somewhere. Mar 03 23:15:50 worried how many real hackers out of the hundreds of script kids will they hire Mar 03 23:16:13 worried there aint that many elite hackers out there Mar 03 23:16:28 Biff` that's where defense contractors come in. Mar 03 23:20:24 worried what do you mean Mar 03 23:23:00 Biff` a lot of talent consults for the government. Mar 03 23:23:30 worried a chinese defence contractor is going to give hackers to us so the us can black out chinese infrastructure when us get angry with china? Mar 03 23:24:11 Biff` there are plenty of chinese foreign nationals working for the US government. Mar 03 23:29:36 Biff` I'm off to bed. Goodnight. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
Actually, it's full system compromise -- if the machine is joined to a domain, then any domain account credentials known to that machine are compromised as well. And yes, the same capability exists not only on Macs but on any computer that implements the Firewire specification. (details at http://storm.net.nz/projects/16) - Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Tuesday, March 04, 2008 4:01 PM To: Untitled Subject: Re: [Full-disclosure] Hack into a Windows PC - no password needed The key to the vulnerability: To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. I assume this makes it a local login, not a domain login. Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire. So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ attachment: winmail.dat___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
Actually, it's full system compromise -- if the machine is joined to a domain, then any domain account credentials known to that machine are compromised as well. And yes, the same capability exists not only on Macs but on any computer that implements the Firewire specification. (details at http://storm.net.nz/projects/16) - Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Tuesday, March 04, 2008 4:01 PM To: Untitled Subject: Re: [Full-disclosure] Hack into a Windows PC - no password needed The key to the vulnerability: To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. I assume this makes it a local login, not a domain login. Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire. So does the same capability exist on Macs? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ attachment: winmail.dat___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack into a Windows PC - no password needed
On Tue, 04 Mar 2008 19:00:33 EST, Larry Seltzer said: So does the same capability exist on Macs? What, don't you remember? :) Google for the phrase Owned by an iPod... pgppkWLA8zBDg.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerability in Linux Kiss Server v1.2
From: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
Application: Linux Kiss Server v1.2
Type: Format strings
Priority: Medium
Patch available: No
The Linux Kiss Server contains a format strings vulnerability that, if run
in foreground mode, can be leveraged for access. The vulnerability is
demonstrated in the code below:
Function log_message():
if(background_mode == 0)
{
if(type == 'l')
fprintf(stdout,log_msg);
if(type == 'e')
fprintf(stderr,log_msg);
free(log_msg);
}
Function kiss_parse_cmd():
/* check full command name */
if (strncmp(cmd, buf, cmd_len))
{
asprintf(log_msg,unknow command: `%s', buf);
log_message(log_msg,'e');
goto error;
}
buf += cmd_len;
So putting something like %n%n%n in 'buf' you can trigger the vulnerability.
--
Name: Vashnukad
E-mail: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] us cyber command
Mar 03 23:00:49 worried then non-us hackers will stop posting to mailing lsits you will stop posting php include exploit ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] us cyber command
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 worried security wrote: On Mon, Mar 3, 2008 at 2:31 PM, worried security [EMAIL PROTECTED] wrote: [02:40] worried do you think cyber terrorism is real or its just the government softening ppl up for a couple of false flags for a reason to bomb iran? [02:49] worried the u.s are still deciding where to build the cyber command, so don't expect any die hard style false flags till 2009 [02:50] worried they said their false flag cyber command would be up and running by december 2008 [02:50] worried so they will test out their capabilities probably 2009/10 Mar 03 22:50:50 worried bunch of skript kiddos with DDoS nets... this is why ppl will stop posting vulnerabilities to mailing lists, so the enemy can't use it against their countries Mar 03 22:51:10 Biff` huh? Mar 03 22:53:22 worried for instance do you think UK/china/iran hackers are going to keep posting to mailing lists vulnerabilties jsut so the script kids at the US cyber command can copy and paste the code to black out our electricity grids etc? Mar 03 22:53:25 worried http://www.ktbs.com/news/Ad-promote-Cyber-command-9337/ Mar 03 22:54:00 worried we will stop feeding the mailing lists the cyber ammo so the us cyber command can't attack our countries Mar 03 22:55:25 worried the us cyber command are advertising a cyber war on news articles, but do they realise what will happen if their is a cyber war? no will will post to the mailing lists anymore. Mar 03 22:55:55 worried the us government are the biggest dumb asses who dont think things through Mar 03 22:56:24 worried it will stop new techniques getting publically disclosed etc Mar 03 22:56:44 worried because nonUS hackers dont want to give the US gov ideas on how to hack non US countries Mar 03 22:57:07 Biff` we're already in a cyber war. Mar 03 22:57:23 worried so i hope the fucking us gov cyber command have good security researchers to find their own vulns and techniques Mar 03 22:57:49 worried cos their enemies wont post on the mailign lsits if cities start getting blacked out by US gov Mar 03 22:59:07 Biff` they do. Mar 03 22:59:18 worried oh have they hired hd moore? Mar 03 23:00:13 worried trust me the us gov rely on whats post to the mailing lsits as much as everyone else Mar 03 23:00:31 female_ we are in a cyber war? shsh last night we were in a trojan war Mar 03 23:00:35 worried and if they start attacking other nations when the cyber command is built Mar 03 23:00:49 worried then non-us hackers will stop posting to mailing lsits Mar 03 23:01:06 worried then the whole security community will fuck up Mar 03 23:01:23 Biff` the cyber command is nothing new. Mar 03 23:01:31 worried it is Mar 03 23:01:34 Biff` It is just a structural reorganization. Mar 03 23:01:41 worried its more than that Mar 03 23:01:55 worried this is about attacking nations Mar 03 23:01:59 Biff` you actually think that everything they are advertising isn't going on already? Mar 03 23:02:31 worried not on a big a scale as their planning Mar 03 23:02:53 worried 60,000+ cyber command staff in a purpose built cyber battle center Mar 03 23:03:53 worried these dorks will bring the end to the security community as we know it the dumb asses Mar 03 23:04:17 worried nothing will get publically disclosed if real cyber war breaks out Mar 03 23:06:06 Biff` it's not going to be as big as you think. Mar 03 23:06:24 Biff` It's going to put a lot of existing jobs and stations under a central command. Mar 03 23:07:20 female_ a strategic command? Mar 03 23:07:57 Biff` yes.. US Strategic Command will be in the mix somewhere. Mar 03 23:15:50 worried how many real hackers out of the hundreds of script kids will they hire Mar 03 23:16:13 worried there aint that many elite hackers out there Mar 03 23:16:28 Biff` that's where defense contractors come in. Mar 03 23:20:24 worried what do you mean Mar 03 23:23:00 Biff` a lot of talent consults for the government. Mar 03 23:23:30 worried a chinese defence contractor is going to give hackers to us so the us can black out chinese infrastructure when us get angry with china? Mar 03 23:24:11 Biff` there are plenty of chinese foreign nationals working for the US government. Mar 03 23:29:36 Biff` I'm off to bed. Goodnight. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I just want to know, since you are (supposedly) an informant to all the US gov domains, how you don't have a clue as to the capabilities of any country with hackers, disassemblers and people in general that strive to find vulnerabilities in software? Same sh*t, same 'King of Ridiculous'.
