[Full-disclosure] Recruiting Troopers - Call for Papers, March 21-22 2012
Once more, it will be Troopers time. This year was an extraordinary event. Everybody involved had so much fun (in the end, the term best security con. ever got a bit overstressed ;-) and we had so many great talks... it seems a bit difficult to do even better next year. Still, we'll try. You can be part of it. Again, Troopers - www.troopers.de - will be held in the beautiful city of Heidelberg/Germany (on 03/21 and 03/22 2012) and will feature two tracks, one on attack techniques and security research, the other focused on the defense side and management aspects of the infosec world. This call for papers addresses security researchers interested in sharing their work with other researchers and a high level audience (composed of about 75% people from industry and 25% from academia). We would like to invite everyone with special knowledge in breaking security in whatever area or practical experience in securing complex information systems to present their skills, tools or experience. Speaker Privileges == We will cover the flight costs (limited to EUR 750 for speakers from Europe and US$ 1800 for speakers from other continents) and three nights of accomodation, plus some evening fun and other amenities. To get an idea of our speaker treatment see http://www.elladodelmal.com/2010/03/como-una-rockn-roll-star.html ;-) Fresh Headz = Given an appropriate subject and technical level we're happy to welcome fresh speakers (not seen in various places before) and we're happy to help you with setting up your talk (or getting over your pre-talk excitement). Submissions === We are mainly interested in talks on Security in a Mobile World Virtualization Cloud Stuff Embedded Devices Industrial Networking Security in Telco Environments Secure Coding Advances in the Software Security Space Feasible Risk Assessment Approaches Digital Certificates in 2012 Obviously heavy vendor-pitching will not be welcomed warmly and we reserve the right to ask for modifications of confirmed talks if we have the impression there's too much of that in a talk. CFP submissions [to c...@troopers.de] must include the following information: 1) Brief biography including list of publications and papers published previously. 2) Proposed presentation title synopsis/description. 3) Contact Information (full name, alias, handle, e-mail, postal address, phone, country of origin, special meal requirement, smoking habits ;-). 4) Employment and/or affiliations information. 5) Why is your material different or innovative or significant? Please note that all speakers will be allocated 55 minutes of presentation time + 5 minutes Q+A. Any speakers that require more time must inform the CFP committee in the course of the submission. By agreeing to speak at Troopers 11 you are granting ERNW GmbH the rights to reproduce, distribute, advertise and show your presentation including but not limited to http://www.troopers.de, printed and/or electronic advertisements, and all other mediums. Important Dates === Deadline for Submission: 5 Dec 2011, Final Notification: 5 Jan 2012, Presentation slides due: 10 Mar 2012 The conference: 21-22 Mar 2012 == thanks, Enno -- Enno Rey ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey === Blog: www.insinuator.net || Conference: www.troopers.de === ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
I've used Impacket to craft raw packets of all kinds. Then again I don't know if that counts - used to work at Core at the time, so it was pretty much the only choice due to licensing issues with other libraries. I don't mean to say it's a bad tool to work with, not at all. I happen to prefer the newer Scapy, but it's just a matter of personal taste. :) On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal antony.wid...@gmail.comwrote: Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in order to play with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib. Saying that we should use Impacket in order to craft *raw* UDP packet is definitively the dumbest thing I've heard today. Seriously. Anyone can confirm that ? Mario ? Carlos ? Anyways, This guy doesn't understand shit, talks a lot about shit he doesn't know about, why would you even spend time reading his shit ? This vulnerability is about sending a *huge fucking* stream of UDP packets on a closed port in order to trigger a int overflow via a ref count. Most of the people here didn't even understand what we are talking about/dealing with. Anyways, it's probably time for you to unsubscribe since you don't follow and S-K's like sec...@gmail.com are trying to act like they know. Yeah right, a UDP int overflow triggered via a refcount UDP overflow that you can trigger with 1 single TCP (with the right ACK) packet is the way to go. This mailing list is getting gay, seriously. Cheers, Antony. On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance tzewang.do...@gmail.comwrote: Okay, now I'm confused! From http://oss.coresecurity.com/projects/impacket.html Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes support for low-level protocols such as IP, UDP and TCP, as well as higher-level protocols such as NMB and SMB. Impacket is highly effective when used in conjunction with a packet capture utility or package such as Pcapyhttp://oss.coresecurity.com/projects/pcapy.html. Packets can be constructed from scratch, as well as parsed from raw data. Furthermore, the object oriented API makes it simple to work with deep protocol hierarchies. Thanks for your input Antony. Can you explain why impacket has nothing to do with crafting UDP packets? Fascinating thread this. Thanks to all!! dan :) On 11 November 2011 22:42, Antony widmal antony.wid...@gmail.comwrote: You are definitely a lamer secn3t. Also for you little brain, impacket has nothing to do with crafting UDP packets.. Thanks for proving this again and again. On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 sec...@gmail.com wrote: well look at that :P not same author but , nice coding predelka! good one, i will add you to crazycoders.com coderslist... i guess there is a few codes you have now done wich might be useful... cheers. xd On 12 November 2011 05:43, Ryan Dewhurst ryandewhu...@gmail.com wrote: An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic: http://pastebin.com/fjZ1k0fi On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: Yeah, I gotta say, I’m going to use it at some point ;) From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mario Vilas Sent: Friday, November 11, 2011 9:02 AM To: Ryan Dewhurst Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) I liked the heavy breather in the perv closet bit. On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: I think Jon just said what everyone else was thinking, he said what I was thinking at least. On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz jon.ke...@gmail.com wrote: On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 sec...@gmail.com wrote: About the PPS, i think thats a very bad summary of the exploit, 49days to send a packet, my butt. There is many people assuming wrong things, when it can be done with seconds, syscanner would scan a -b class in minutes, remember it only has to find the vulns, gather, then it would break scan, and trigger vuln... so in real world botnet, yes then, with tcpip patchers, like somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks... and it is ONLY one wich actually works, when you maybe modify the src so the sys file, is dropped from within a .cpp file, well thats up to you but thats better way to make it work, this will open sockets/threads, as i could, easily proove with one exe, but, the goal is, to trigger the vuln then exploit it, less than 49days :P , so , iguess if this
Re: [Full-disclosure] Even worse
oh do shut up noone cares about your inane rantings and ravings you're the ozzy n3td3v 2011/11/12 xD 0x41 sec...@gmail.com oh, and your nice, by double posting the infos, yet telling me im the fool. nice one! your a no.1 cocksucker. no go fuck yourself, with antony and the other wanker whos goin to fucking jail./ On 12 November 2011 15:34, Chris L inchcom...@gmail.com wrote: I have no idea what the point of this post is. Hell, most of your posts are hard to understand. However, considering it appears it involves your own, (or at least an associated to you crazy coders site), I'd think you would pay more attention to it. Now, I'm not one to think that security through obscurity is a good policy, but that said, revealing the login page: cpanel.crazycoders.com just seems stupid to me. Technically, it requires SSL, so the page is: https://cpanel.crazycoders.com:2083/ . Still, not a good idea to advertise it. Maybe one idiot was trying to break in, and you wanted to burn him, but you just told everyone, on a list called Full Disclosure no less, the address of your login page. Does that really strike you as a good idea? https://cpanel.crazycoders.com:2083/ On Fri, Nov 11, 2011 at 8:18 PM, xD 0x41 sec...@gmail.com wrote: dude, cry to your isp, when they kick your ass :) now fuckoff. On 12 November 2011 15:13, crazy coder crazycoder1...@gmail.com wrote: So, you know how to view the source of a message. Do you know how to fix a zone transfer, eh? crazycoders.com.300 IN SOA ns2.psychz.net. ufo.mboca.com. 201102 20 20 20 20 crazycoders.com.60 IN MX 0 crazycoders.com. crazycoders.com.86400 IN NS ns2.psychz.net. crazycoders.com.86400 IN NS ns14.psychz.net. crazycoders.com.86400 IN NS ns15.psychz.net. crazycoders.com.60 IN A 173.224.214.202 member.0f.crazycoders.com. 300 IN A 72.20.12.11 1337.crazycoders.com. 300 IN A 72.20.12.10 default._domainkey.crazycoders.com. 300 IN TXT k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALFWHaishP7Edaj+i4ndem/VzV7diLWwc7BuEJ1XGjnPBrpfayzuODrWPzqg2DAjl1CTRM4hDfk82TuY1T3AcRPL4S+yCGdwBbjLBk9Eb/RQB6N7UrXdPPGuKhxJjs39swIDAQAB\; best-at.crazycoders.com. 300IN 2001:470:d:10e8::c0de:1 cpanel.crazycoders.com. 14400 IN A 173.224.214.202 crazycoders.crazycoders.com. 14400 IN A 173.224.214.202 www.crazycoders.crazycoders.com. 14400 IN A 173.224.214.202 dmdsecurity.crazycoders.com. 300 IN A 173.224.214.202 default._domainkey.dmdsecurity.crazycoders.com. 300 IN TXT k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANXQE6RQJ9uRaHKT/CnnFe4+luS2DHN/YKgtm/8cAsifM62rKBOWbX5aXFe6Zj1vKnm0RPRDoexeAEyV1RMLuI8PFPCuw/Z6X0Z9mQ6IJzMgAsrrUcowxOiIp8DrNEjSkQIDAQAB\; www.dmdsecurity.crazycoders.com. 300 IN A 173.224.214.202 ftp.crazycoders.com.60 IN CNAME crazycoders.com. l33t-c0derz.crazycoders.com. 300 IN 2001:470:d:10e8::c0de:3 localhost.crazycoders.com. 60 IN A 127.0.0.1 luv.crazycoders.com.300 IN 2001:470:d:10e8::6 mail.crazycoders.com. 60 IN CNAME crazycoders.com. webdisk.crazycoders.com. 14400 IN A 173.224.214.202 webmail.crazycoders.com. 14400 IN A 173.224.214.202 whm.crazycoders.com.14400 IN A 173.224.214.202 www.crazycoders.com.60 IN CNAME crazycoders.com. crazycoders.com.300 IN SOA ns2.psychz.net. ufo.mboca.com. 201102 20 20 20 20 xD 0x41 sec...@gmail.com wrote: Received: from [127.0.0.1] (host86-160-211-44.range86-160.btcentralplus.com. [86.160.211.44]) to bad eh... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:173 ] openssl0.9.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:173 http://www.mandriva.com/security/ ___ Package : openssl0.9.8 Date: November 12, 2011 Affected: 2010.1 ___ Problem Description: On Mandriva Linux 2010.2 we provided the old openssl 0.9.8 library but without a source RPM file. This could pose a security risk for third party commercial applications that still uses the older OpenSSL library, therefore the latest stable openssl 0.9.8r library is being provided. ___ Updated Packages: Mandriva Linux 2010.1: 0ac7acb87359c1038310ba6cf0987ca6 2010.1/i586/libopenssl0.9.8-0.9.8r-0.1mdv2010.2.i586.rpm a7ae1f9b66b0353d25b1ac720c778e38 2010.1/SRPMS/openssl0.9.8-0.9.8r-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: f42097f3e4950bde2be23890f173d843 2010.1/x86_64/lib64openssl0.9.8-0.9.8r-0.1mdv2010.2.x86_64.rpm a7ae1f9b66b0353d25b1ac720c778e38 2010.1/SRPMS/openssl0.9.8-0.9.8r-0.1mdv2010.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOvlDzmqjQ0CJFipgRAkKJAJoCUuh0FPNEUQ/RWZCo+u6GthGyEACg88NR hPA9dG9FoWOAV0iCXYdoxmY= =6Pob -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Off topic (kinda) but with all this talk on SCAPY, has anyone a good reference on using it IN a python script for crafting/reading packets? Me and a friend wanted to write a python version of Ettercap/dsniff using the SCAPY libraries as a challenge and as a learning experience. Even if we can just get some reliable ARP poisoning to work with it we will be pretty happy, and will have learned something. Any good literature? Also, ON topic - http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt On Sat, Nov 12, 2011 at 11:39 AM, Mario Vilas mvi...@gmail.com wrote: I've used Impacket to craft raw packets of all kinds. Then again I don't know if that counts - used to work at Core at the time, so it was pretty much the only choice due to licensing issues with other libraries. I don't mean to say it's a bad tool to work with, not at all. I happen to prefer the newer Scapy, but it's just a matter of personal taste. :) On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal antony.wid...@gmail.comwrote: Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in order to play with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib. Saying that we should use Impacket in order to craft *raw* UDP packet is definitively the dumbest thing I've heard today. Seriously. Anyone can confirm that ? Mario ? Carlos ? Anyways, This guy doesn't understand shit, talks a lot about shit he doesn't know about, why would you even spend time reading his shit ? This vulnerability is about sending a *huge fucking* stream of UDP packets on a closed port in order to trigger a int overflow via a ref count. Most of the people here didn't even understand what we are talking about/dealing with. Anyways, it's probably time for you to unsubscribe since you don't follow and S-K's like sec...@gmail.com are trying to act like they know. Yeah right, a UDP int overflow triggered via a refcount UDP overflow that you can trigger with 1 single TCP (with the right ACK) packet is the way to go. This mailing list is getting gay, seriously. Cheers, Antony. On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance tzewang.do...@gmail.comwrote: Okay, now I'm confused! From http://oss.coresecurity.com/projects/impacket.html Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes support for low-level protocols such as IP, UDP and TCP, as well as higher-level protocols such as NMB and SMB. Impacket is highly effective when used in conjunction with a packet capture utility or package such as Pcapyhttp://oss.coresecurity.com/projects/pcapy.html. Packets can be constructed from scratch, as well as parsed from raw data. Furthermore, the object oriented API makes it simple to work with deep protocol hierarchies. Thanks for your input Antony. Can you explain why impacket has nothing to do with crafting UDP packets? Fascinating thread this. Thanks to all!! dan :) On 11 November 2011 22:42, Antony widmal antony.wid...@gmail.comwrote: You are definitely a lamer secn3t. Also for you little brain, impacket has nothing to do with crafting UDP packets.. Thanks for proving this again and again. On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 sec...@gmail.com wrote: well look at that :P not same author but , nice coding predelka! good one, i will add you to crazycoders.com coderslist... i guess there is a few codes you have now done wich might be useful... cheers. xd On 12 November 2011 05:43, Ryan Dewhurst ryandewhu...@gmail.com wrote: An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic: http://pastebin.com/fjZ1k0fi On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: Yeah, I gotta say, I’m going to use it at some point ;) From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mario Vilas Sent: Friday, November 11, 2011 9:02 AM To: Ryan Dewhurst Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) I liked the heavy breather in the perv closet bit. On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst ryandewhu...@gmail.com wrote: I think Jon just said what everyone else was thinking, he said what I was thinking at least. On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz jon.ke...@gmail.com wrote: On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 sec...@gmail.com wrote: About the PPS, i think thats a very bad summary of the exploit, 49days to send a packet, my butt. There is many people assuming wrong things, when it can be done with seconds, syscanner would scan a -b class in minutes, remember it