[Full-disclosure] [SECURITY] [DSA-2109-1] New samba packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2109-1 secur...@debian.org http://www.debian.org/security/ Stefan Fritsch September 16, 2010http://www.debian.org/security/faq - Package: samba Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-3069 Debian bug : 596891 A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sid_parse() function does not correctly check its input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. (CVE-2010-3069) For the stable distribution (lenny), this problem has been fixed in version 3.2.5-4lenny13. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed in version 3.5.5~dfsg-1. We recommend that you upgrade your samba packages. The packages for the mips architecture are not included in this upgrade. They will be released as soon as they become available. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.dsc Size/MD5 checksum: 1834 eca5531616077567a13aa70c77c24930 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.diff.gz Size/MD5 checksum: 238904 69d9df4c5fd03523273a58464326d0fb Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny13_all.deb Size/MD5 checksum: 6252920 302863fb9b5611992881228e1d3c0fec http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny13_all.deb Size/MD5 checksum: 7949970 de6f2284630f59ca11c79a87d7f5cd37 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 637700 c41437b466eacc9ce13f9927f0e9852d http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 2573608 1a9676f80e510842a6fc86da6a91b899 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 3269896 f330c809c6486b02fed3eed42c4cbd9e http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 1948232 20825562722fe3cb30f700b965bd73c2 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_alpha.deb Size/MD5 checksum:81782 3d389a482f79dd4c89b2347172b0d686 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 3730994 3d05cb0edd68b953914fd35a98d9a682 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 1462724 f90caf4c588dfa6dbb79e8bbe8fc0b06 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 5735060 45ac8e96f769c76e11e2593a8081d618 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 4832734 6b399772ff085ca7c930c8f3242f41cb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 1333652 ff93a9e6efd379b3feff79d1c5c2346d http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 1080332 b089287b8511b1d49bc12535729d5d58 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_alpha.deb Size/MD5 checksum: 6954438 c77f399019586c78105821e8d985274c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_amd64.deb Size/MD5 checksum: 1494510 87442b7933664fb9d73318ebf90af8c8
[Full-disclosure] New tool for pentesting
A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DLL hijacking POC (failed, see for yourself)
hey funboys! get a room! 2010/9/16 Stefan Kanthak stefan.kant...@nexgo.de Christian Sciberras wrote: Yes. Once again: get your homework done! http://www.codeproject.com/KB/DLL/dynamicdllloading.aspx That's a double DYNAMIC there! Did you even bother to read the article? The very first paragraph states the difference between the two. Oh, and for the records, you can't statically link to dll files. At least, not in the way you're imagining. You should start to read what I wrote in 34a088424c7d499f988d1adca645b...@localhost: | Static linking occurs when the linker builds a binary (this might be a | DLL.-) using *.OBJ and *.LIB. Static linking (in your case) only works for object files (.o or .lib). I wrote that already. Why should I bother to do the work of the loader? I reference the DLL export in my code and expect the loader to resolve it. There is no need for fancy do-it-yourself DLL entry resolution! Forfuckssake where did this point come from? Your completely superfluous trip to codeproject.com! Nobody can load a DLL that does not exist! Wow what genius! The hell with that. It's the practice that is wrong. As the saying goes, one shouldn't cry over spilled milk; attempting to load a non-existent is asking for trouble. Oh, and by the way. Looks like MS just broke your little fact... ...they've been loading an nonexistent dll via ACROS' POC (via wab.exe). Bloody wrong: the .DLL accompanies the *.VCF in the share. Why should I call or even write a routine which checks whether a DLL exists instead of just calling the loader and let it search/load it? Hint #1: this is exactly what MSFT advices NOT to do! And they are right. You shouldn't be doing the OS's work. Hint #2: loading a DLL does not mean to run any code from this DLL! But it is still loading the library into memory. That's what I expect when loading a DLL. From there on, perhaps, some buffer overflow exploit would escalate the issue. Which issue? Ever heard of Occams Razor?! At which point we all go critical over the damn crap just like you're doing right now. Why? You wrote that your self-written POC failed! ACROS' POC but works. Who's wrong? Who guarantees that your self-written or the OS supplied search routine will find the same DLL as the loader (just in case you do not use the fully qualified pathname of the DLL)? Because that is the damn point of the function, to tell us what the hell the loader is doing!! Which function then tells me what your function is doing? LoadLibrary*() IS documented, and its rather well documented. There's no need to reprogram it. Just use it. And check its return code! Why should someone with a sane mind let a program (or the OS) search a DLL twice? Just to waste performance? Why search? A simple CreateFile() (aka FileExists in winapi) over the cached path would suffice. Which cached path? KISS! Remember: for DLL hijacking to work the input to LoadLibrary() needs to be a simple filename or a relative pathname. Perhaps returning this cached path would completely solve the issue. Perhaps. The Win32 API but does not provide such a function! For DLLs: always. For EXEs: it depends. Just read it in the MSDN! Just in case that you misunderstood from the very beginning let me rephrase it: from the earliest days of DOS/Windows CWD was in the PATH. That is NOT true. OF COURSE THIS IS TRUE! I don't know if it was, perhaps in the Win95 era, but it most certainly is not there today. %PATH% is ALWAYS equivalent to .;%PATH% That was what my POC proved. Did you read the full article? I mentioned cases where the bad dll (in CWD) would not be loaded (and an error followed instead). Consult MSDN on the DLL load order. I don't have to. If you spared one moment from trolling, you might have noticed me dumping a list from ProcessMonitor...which clearly shows what the dll loading order is. BTW: Windows' base directory is MSFTs notion of $HOME. Use the right terms/words, PLEASE. Mind not putting words in my mouth? As far as definition goes, a base directory is where the source program started from... Wrong. That's the application directory. that could be a docroot of an index.php file Wrong again. *.PHP is no executable file format, but associated to an application. See CMD.EXE /K ASSOC .PHP and then FTYPE with the output of the ASSOC. or C:\Windows for notepad.exe. No one said anything about Windows! ACROS showed a POC for Windows' address book using a *.VCF and a .DLL built for Windows. Can I assume that you tested it just like you failed to test your own POC? SAFER works quite well here (and there too) for about 7 years now. Tell THAT to ACROS and their POC! Why should I care for existence of a certain functionality if it is not by default (and if doesn't relate to the issue at all)? You obviously need some
Re: [Full-disclosure] DLL hijacking POC (failed, see for yourself)
We did, it's number is 253 ... $00FD. On Fri, Sep 17, 2010 at 11:07 AM, huj huj huj datski...@gmail.com wrote: hey funboys! get a room! 2010/9/16 Stefan Kanthak stefan.kant...@nexgo.de Christian Sciberras wrote: Yes. Once again: get your homework done! http://www.codeproject.com/KB/DLL/dynamicdllloading.aspx That's a double DYNAMIC there! Did you even bother to read the article? The very first paragraph states the difference between the two. Oh, and for the records, you can't statically link to dll files. At least, not in the way you're imagining. You should start to read what I wrote in 34a088424c7d499f988d1adca645b...@localhost: | Static linking occurs when the linker builds a binary (this might be a | DLL.-) using *.OBJ and *.LIB. Static linking (in your case) only works for object files (.o or .lib). I wrote that already. Why should I bother to do the work of the loader? I reference the DLL export in my code and expect the loader to resolve it. There is no need for fancy do-it-yourself DLL entry resolution! Forfuckssake where did this point come from? Your completely superfluous trip to codeproject.com! Nobody can load a DLL that does not exist! Wow what genius! The hell with that. It's the practice that is wrong. As the saying goes, one shouldn't cry over spilled milk; attempting to load a non-existent is asking for trouble. Oh, and by the way. Looks like MS just broke your little fact... ...they've been loading an nonexistent dll via ACROS' POC (via wab.exe). Bloody wrong: the .DLL accompanies the *.VCF in the share. Why should I call or even write a routine which checks whether a DLL exists instead of just calling the loader and let it search/load it? Hint #1: this is exactly what MSFT advices NOT to do! And they are right. You shouldn't be doing the OS's work. Hint #2: loading a DLL does not mean to run any code from this DLL! But it is still loading the library into memory. That's what I expect when loading a DLL. From there on, perhaps, some buffer overflow exploit would escalate the issue. Which issue? Ever heard of Occams Razor?! At which point we all go critical over the damn crap just like you're doing right now. Why? You wrote that your self-written POC failed! ACROS' POC but works. Who's wrong? Who guarantees that your self-written or the OS supplied search routine will find the same DLL as the loader (just in case you do not use the fully qualified pathname of the DLL)? Because that is the damn point of the function, to tell us what the hell the loader is doing!! Which function then tells me what your function is doing? LoadLibrary*() IS documented, and its rather well documented. There's no need to reprogram it. Just use it. And check its return code! Why should someone with a sane mind let a program (or the OS) search a DLL twice? Just to waste performance? Why search? A simple CreateFile() (aka FileExists in winapi) over the cached path would suffice. Which cached path? KISS! Remember: for DLL hijacking to work the input to LoadLibrary() needs to be a simple filename or a relative pathname. Perhaps returning this cached path would completely solve the issue. Perhaps. The Win32 API but does not provide such a function! For DLLs: always. For EXEs: it depends. Just read it in the MSDN! Just in case that you misunderstood from the very beginning let me rephrase it: from the earliest days of DOS/Windows CWD was in the PATH. That is NOT true. OF COURSE THIS IS TRUE! I don't know if it was, perhaps in the Win95 era, but it most certainly is not there today. %PATH% is ALWAYS equivalent to .;%PATH% That was what my POC proved. Did you read the full article? I mentioned cases where the bad dll (in CWD) would not be loaded (and an error followed instead). Consult MSDN on the DLL load order. I don't have to. If you spared one moment from trolling, you might have noticed me dumping a list from ProcessMonitor...which clearly shows what the dll loading order is. BTW: Windows' base directory is MSFTs notion of $HOME. Use the right terms/words, PLEASE. Mind not putting words in my mouth? As far as definition goes, a base directory is where the source program started from... Wrong. That's the application directory. that could be a docroot of an index.php file Wrong again. *.PHP is no executable file format, but associated to an application. See CMD.EXE /K ASSOC .PHP and then FTYPE with the output of the ASSOC. or C:\Windows for notepad.exe. No one said anything about Windows! ACROS showed a POC for Windows' address book using a *.VCF and a .DLL built for Windows. Can I assume that you tested it just like you failed to test your own POC? SAFER works quite well here (and there too) for about 7 years now. Tell THAT to ACROS and their POC! Why should I care for existence of a
Re: [Full-disclosure] New tool for pentesting
...without specialized training in penetration testing... Are you sure? I wouldn't let a newby to use a pentest tool in my company!! xDD 2010/9/17 runlvl run...@gmail.com A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
- Forwarded Message From: Jhfjjf Hfdsjj taser3...@yahoo.com To: runlvl run...@gmail.com Sent: Fri, September 17, 2010 3:26:44 AM Subject: Re: [Full-disclosure] New tool for pentesting Are you expecting us to believe that a windows only supported penetration tool with absolutely zero information regarding true effectiveness or methods is supposed to compete with metasploit? For all I know I could be paying $500 for a shiny box that spits blinkenlights at me with a message saying you just h4x0red y0urself! Trust meh1 umm yeahI think ill go back to reviewing that PoC args From: runlvl run...@gmail.com To: full-disclosure@lists.grok.org.uk Sent: Thu, September 16, 2010 7:02:06 PM Subject: [Full-disclosure] New tool for pentesting A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. Main tool for pentesting is brain. By the way we already have free Metasploit with nice CLI interface. Core Impact is enterprise level solution and Canvas has good exploit packs. What benefits does have Insect? -- Taras http://oxdef.info ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
ORLY? This screenshot http://www.faltaenvido.org/wp-content/uploads/2010/09/mainimage.jpg reminds me somehow of http://www.metasploit.com/modules/exploit/windows/ftp This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'CWD' commands, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; You didn't even bother to write your own stuff? Pen-Testing has nothing to do with pressing buttons or a fancy looking gui. Nor shouldn't it ripoff open source solutions and selling it for money. dude... --- runlvl run...@gmail.com schrieb am Do, 16.9.2010: Von: runlvl run...@gmail.com Betreff: [Full-disclosure] New tool for pentesting An: full-disclosure@lists.grok.org.uk Datum: Donnerstag, 16. September, 2010 22:02 Uhr A new product was born, similiar to Core Impact, Metasploit and Immunity Canvas. INSECT is affordable, easy to use and it has a friendly user interface. It promises to be an excellent tool and it allows organizations of all sizes to conduct comprehensive penetration testing across their infrastructure and applications. INSECT's interface is designed to be usable by individuals both with and without specialized training in penetration testing and vulnerability assessment, and includes functions for generating reports from the gathered information. See more at: http://www.faltaenvido.org/ Watch videos at: http://www.youtube.com/user/FaltaEnvidoVideo Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
Seriously. The only reason CANVAS and IMPACT are still used is because of the 0-days that come packaged with them. Metasploit if far superior not only in exploitation, but post exploitation, persistance, networking pivioting, and just generally being a badass! Can ANYTHING really compare to the meterpreter for pwning windows? They implemented remote kernel calls for gods sake! You have the ENTIRE windows API at your disposal with it, assuming you don't want to use one of the very awesome ruby scripts that come with it to manipulate your tokens or do remote route additions! If I'm going to use any 'enterprise level vulnerability scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus. Mainly just my brain though, which costs me nothing! If you're going to try to sell stuff like this, I wouldn't go where ACTUAL security people dwell, I'd go back to the netstumbler forums. You'd have better luck there. On Sep 17, 2010, at 11:31 AM, Eyeballing Weev eyeballing.w...@gmail.com wrote: Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2110-1secur...@debian.org http://www.debian.org/security/ dann frazier September 17, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 CVE-2010-3081 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges. CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference. CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory. CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference. CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+25lenny1 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, armel, hppa, i386, ia64, mipsel, powerpc, and sparc. Updates for other architectures will be released as they become available. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.diff.gz Size/MD5 checksum: 7975777 f39bbdb91ea404d5174d636e3722c995 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.dsc Size/MD5 checksum: 5778 76122adfa3afe005deb3399383a2bd32 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 48768982 07edfb93c4b92a09d816c7142bdca0ca http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 112362 26c3562b8492b990a07741994b54d5ff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 4629662 f7a91bed6e26fd5a36cb0d882df15892 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 2961806 6992f6d3a88e41e804e1d1179b6f9c43 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-25lenny1_all.deb Size/MD5 checksum: 127628 b7c6d712c237cae69a3ab3efca80cf11 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-25lenny1_all.deb Size/MD5 checksum: 1775764 46f01e171d2686b95d916e7713b4186f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_alpha.deb Size/MD5 checksum: 3549986 07802097454a9b2390589322ae5fdd0d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb Size/MD5 checksum: 369380
Re: [Full-disclosure] New tool for pentesting
To be fair, both Canvas and Impact had the same pivoting features years before Metasploit (and yes, that includes the entire Windows API too). It's no wonder really, since Metasploit is newer too (Impact was created some ten odd years ago and Canvas came shortly later, if I'm not wrong). But IMHO if a community, open source project like Metasploit can reach the quality of it's big budget, closed source competitors, that alone is quite impressive! What I think is really wrong here is someone made a poorly designed (at least judging from the GUI), Windows-only commercial tool by ripping off a few public exploits... What's the added value here? What are these people trying to charge money for, exactly? This looks like snake oil to me. On Fri, Sep 17, 2010 at 6:54 PM, rdse...@mtu.edu wrote: Seriously. The only reason CANVAS and IMPACT are still used is because of the 0-days that come packaged with them. Metasploit if far superior not only in exploitation, but post exploitation, persistance, networking pivioting, and just generally being a badass! Can ANYTHING really compare to the meterpreter for pwning windows? They implemented remote kernel calls for gods sake! You have the ENTIRE windows API at your disposal with it, assuming you don't want to use one of the very awesome ruby scripts that come with it to manipulate your tokens or do remote route additions! If I'm going to use any 'enterprise level vulnerability scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus. Mainly just my brain though, which costs me nothing! If you're going to try to sell stuff like this, I wouldn't go where ACTUAL security people dwell, I'd go back to the netstumbler forums. You'd have better luck there. On Sep 17, 2010, at 11:31 AM, Eyeballing Weev eyeballing.w...@gmail.com wrote: Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
I know the story of this guy. He was fired from Core for incompetence and swore he'd make a better product and compete with them. I bet they're still laughing their asses off... Check out his Twitter account: https://twitter.com/runlvl Apparently this guy used to do website defacements, judging from his tweets... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New tool for pentesting
I was just commenting on the Wordpress page, with the ugly theme, the weird URLs (page ID), and the lack of an image slideshow.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
