[Full-disclosure] The most realistic hacking contest
Everybody is welcome to try on the crown during the King of the Hill contest from the 20 August to 2 of September. To try to repeat the feats of the CTF battle participants and fight for the prizes provided by Positive Technologies, please register at the official web site http://www.phdays.com/ctf/king/ During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible - no invented vulnerabilities, only those that occur in real contemporary information systems. The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing. The contest became the highlight of the forum program, that is why an idea came to our minds... Why not to repeat the royal battle separately for the Internet community, let us say, in the second half of August? What is King of the Hill? Following the principle maximum authenticity, the contest infrastructure imitates typical infrastructure of enterprise networks: its external perimeter includes web applications, DBMS servers and various directories (LDAP), taking control of which allows reaching the internal perimeter - Microsoft Active Directory. Everything is like in real life. The task of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in regeneration of the sets of vulnerabilities in the systems. The participants face a dilemma - whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems. The King of the Hill contest was developed by the Positive Technologies experts and was presented for the first time at PHDays CTF 2012 as part of the hacking contest. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ESET Smart Security LZH archive parsing PoC exploit
Software: ESET Smart Security 4.2 and NOD32 Antivirus 4.2 (x32-x64) Vendor status: notified/ignored Tested on: Windows XP, Vista, 7 (x32 and x64) Description: Scanning of malicious file causes heap corruption in context of the service process (ekrn.exe). See Dr. Watson log (drwtsn32.log) for details. Code : http://www.esagelab.com/files/eset_lzh.zip ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free Tibet..
This list is not about political problems. Go find yourself a free tibet mailing list. On Tue, Mar 25, 2008 at 3:00 PM, Tremaine Lea [EMAIL PROTECTED] wrote: Nah, there are a number of blogs and non-Western sources that are providing much the same information. Check out the English Al-Jazeera site for examples. Hardly a news source that is 'friendly' to Western interests, and definitely not a puppet like Fox or similar. There are also a number of video's up on Youtube. -- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On Tue, 2008-03-25 at 08:57 -0400, Kern wrote: Jerome, I find it odd that you would tell someone to ignore a media source and then not provide an alternative. I think the alternative sources of media are in Chinese. On Tue, Mar 25, 2008 at 8:41 AM, Tremaine Lea [EMAIL PROTECTED] wrote: Jerome, I find it odd that you would tell someone to ignore a media source and then not provide an alternative. While there are plenty of reasons, and good reasons, to be suspicious of western media, the facts speak for themselves. - There was violence in Tibet and a lot of protesters died. - The Chinese government said they did send in security forces but they didn't kill anyone and their forces weren't even armed. - Independent sources in Tibet, which are remarkably hard to find right now, managed to get information out. - The Chinese government fesses up days letter and says yes they killed people, and yes their security forces were armed. Just what is it you were trying to refute with this post to the list? -- Tremaine Lea Network Security Consultant Intrepid ACL Paranoia for hire On Tue, 2008-03-25 at 13:31 +0800, Jerome Jar wrote: Please, I humbly think that you know possibly nothing about Tibet, the province of China. A lot of Chinese people, who used to take western medias as the representation of good will and perhaps democracy, do feel sick of the misleading news article pieces produced by such medias on this very topic of Tibet. If all of your knowledge about the Tibet event comes from such sources, just ignore them. On Tue, Mar 25, 2008 at 8:57 AM, Gerald Maggro [EMAIL PROTECTED] wrote: ..with purchase of one country of equal or greater value? Seriously though, those cocksuckers in the Chinese gov't are at it again... wait, they never stopped. Murderous freedom hating ways. Just not right. How about a bigger target than Scientology this time? China's got the Olympics coming up, that makes them more sensitive than usual. The Dalai Lama can be as peaceful as he wants... more action is needed. Alot more. Anyone want to pick a fight with the Chinese? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wireless keyboard insecurity - any secure one available?
SHUT UP GADI ! On Mon, Mar 10, 2008 at 5:59 AM, Markus Jansson [EMAIL PROTECTED] wrote: I decided to write here after not getting any real response from any vendor or security forums that I have written about the subject in the past few months. The issue is relatively simple and affecting a lot of people, companies and propably even goverment officials: Wireless keyboards. Now, we know that most of the wireless keyboards are just stupid, if not analog, atleast somehow buggy and cheap pieces of tech that work on various RF bands. Some of them have been analysed and cracked wide open and ofcourse nobody is patching them up at all. For example here is a good example to proof my point: http://www.theregister.co.uk/2007/12/03/wireless_keyboard_crypto_cracked/ Is this a big issue? Oh yes. What point is having a good 32+ char passphrase on your www-accounts, 63marks long WPA2-PSK and PGP encryption in your emails...if you type them all with wireless keyboard, that can be easily eavesdropped maybe over 100yards away? Or is it just me thinking its weakest link in the chain of security? From my knowledge, Id say the best option for secure wireless keyboard is somekind of bluetooth keyboard that actually, REALLY works like bluetooth is supposed to work. You know, a wireless keyboard that would allow its default PIN (which is usually 1234 or ) to be changed in secure fashion to something long and complext (well, lets say 16 or 32 marks long)...and that would only allow encrypted and authenticated connections and would not broadcast its existance to the rest of the world. Sure, there has been cracks in bluetooth and its crypto, like here: http://www.terminodes.org/micsPublicationsDetail.php?pubno=1216 that make you think that even bluetooths crypto, if it would actually be used, is not good enought for wireless keyboards. But its still the best we got right? WUSB might be a good replacement for bluetooth, but are there really any secure ones available yet - or will there ever be? How can you know they are secure - are you trusting the same manufactorers claims that have for years marketed and sold insecure wireless keyboards while claiming that they are secure? I dont. Is it just me or have someone else also payed attention to the insecurity of the wireless keyboards - and the total silence around this serious security issue? And how to fix this? How and where to get wireless keyboards that are really secure? -- http://www.markusjansson.net http://markusjansson.blogspot.com PGP: 6E9E375EC50A27FDB9DA1672A78C27BF735ADADA PGP2: 9966C10DDC7F0DEDEC480A75FE952445F24D55DD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Invalid memory access in Acronis True Image Group Server 1.5.19.191
Oh man you are a super star !!! but why no fix ??? On Mon, Mar 10, 2008 at 11:47 PM, Luigi Auriemma [EMAIL PROTECTED] wrote: ### Luigi Auriemma Application: Acronis True Image Group Server http://www.acronis.com/enterprise/products/ATIES/group-server.html Versions: = 1.5.19.191 (included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages) Platforms:Windows Bug: invalid memory access Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Acronis Group Server is a component of Acronis True Image Echo Server (Workstation and Enterprise packages) which allows the viewing and managing of backup tasks for all systems in the network from the Acronis Management Console. ### == 2) Bug == The packets used by this server contain some 16 bit fields which specify the length of the subsequent data. The problem is that the memory assigned for each packet is about 2048 bytes so the server allocates the amount of memory specified by that 16 bit field and then tries to copy the data from the packet into this new buffer with the subsequent crash of the service due to an invalid read access. ### === 3) The Code === http://aluigi.org/poc/acrogroup.txt nc SERVER 9877 -v -v -u -p 9876 acrogroup.txt ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!
dude, you don't need the entire handshake for tcp scanning. On Wed, Mar 5, 2008 at 2:54 PM, Andrew A [EMAIL PROTECTED] wrote: hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote: This is not true. I doubt there is any measurable advantage of UDP vs. TCP scans if you do it right. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: when will AV vendors fix this???
On Mon, 7 Aug 2006, Thomas D. wrote: And even if you hide the file, if it hide the way you describe, you aren't able to execute the file, until you give access to yourself. If you do this, the anti-virus program will also have access Keep in mind: If it is an unknown file (zero-day), you don't even think about hiding, because it isn't necessary. You have other problems... = I don't think it is a security related problem nor a problem itself. Remember: some years ago off by one was treated as useless for exploits. Any type of data/file hiding (of course, alternate data streams in the first place) can become the last brick required for some new attack vector. So, while currently I can't present any workable scenario, I wouldn't consider such type of data hiding as not a security-relate problem. _ Dmitry Yu. Bolkhovityanov The Budker Institute of Nuclear Physics Novosibirsk, Russia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/