[Full-disclosure] Selling Adobe exploit
Hey, we are selling last adobe u3d 0day's exploit. It works on Adobe Acrobat = 9.2 . works on Windows XP with Service Pack 0/1/2/3 and also on Windows Vista with Service Pack 0/1/2 and on Internet Explorer 6 7 . So as you know, it bypasses DEP and ASLR mitigations. As a proof to make you sure, you can watch the video of this exploit: http://www.mediafire.com/?jyarzmmgumg You suggest your price, we decide! thank you ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FRHACK 01 Epic fail keynote
FRHACK: By Hackers, For Hackers! http://www.frhack.org ## FRHACK is the First International IT Security Conference, by hackers - for hackers, in France! FRHACK is not commercial - but - highly technical. Here's an insane keynote by Jerome Athias, single man behind FrHack (sold on a 100$ DVD...) : Streaming : http://www.megavideo.com/?v=RTCV7ESH / Full http://www.youtube.com/watch?v=C2hKkIXJ-Rs / Part 1 http://www.youtube.com/watch?v=pp_LIqnu198 / Part 2 Download HQ : http://www.megaupload.com/?d=ITPILU6P Don't miss it. Replicate it, twit it, have a nice *WTF* yell. tags (true story) : WAREZ HACKING SECURITY CONFERENCE FRHACK JEROME ATHIAS 0DAY DVD EPIC FAIL PARIS HILTON IPHONE RFID TOILET GEORGE BUSH GSM A5/1 DECT HAPPY BIRTHDAY PADLOCKPICKING MAGIC KEY WHITE HAT BLACK CAP RAINBOW WIG VIRUS 99.9% WIFI DIVINE CHRIST SSL CRYPTO COOL GOLF NON SENSE -- The magic key ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] JRE Update 11/12 Pack 200 reliable WinXP exploit
Hi, http://zerodayservice.blogspot.com/2009/04/jre-update-1112.html Cheers, 0day.service http://zerodayservice.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iPhone Security Settings
http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Source code of the belgian electoral voting system
Hi list, Here you can find the official release of the software used this week-end for the elections in Belgium: http://www.ibz.rrn.fgov.be/index.php?id=627 j ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Wordpress default theme XSS (admin) and other problems
There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2 Filename functions.php, line 387. Code: form style=display: inline method=post name=hicolor id=hicolor action=?php echo $_SERVER['REQUEST_URI']; ? $_SERVER['REQUEST_URI'] is directly echoed to the user. This problem can be exploited if the adminstrator is logged in. Sample exploit URL. http://www.example.com/wp-admin/themes.php?page=functions.phpzmx;scriptalert(1)/script There are other XSS vulnerabilities in popular Wordpress themes. More details on http://www.xssnews.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Latest wu-ftpd exploit :-s
You're about 2 years too late. Mark Heiligen wrote: http://www.frsirt.com/exploits/08.11.0x82-wu262-advanced.c.php ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Christian Ehlen /KOELN/DE/BULL ist außer Haus.
no wai! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (no subject)
Firstly, the user ID isn't used anywhere, although its captured. The KPID is used to determine the unique algorithm used for time-delay, and the static control algorithm used to create the dynamic encryption for the unit's auth sequence, (the two hashes created using date/time sequence and dynamic algorithm based off of control algorithm). I might not have explained that very well - sorry. One consideration would be the large amount of different algorithms to keep track of, and whether a dynamically generated algorithm can be trusted to have invariably similar characteristics, (ie strength, any collisions). Second, this is still subject to a mitm attack. Well, I know that the MITM attack would still be possible with the authenticated session, as thehost is compromised, but I thought the question was how to keep the authentication itself private, as using a compromised system means everything is available anyway. Perhaps a kind of keep-alive using the time-delay could help prevent excessively easy interception of the session... Thirdly, any message or session data is not protected as coming from the same site to/from user, compromised workstation or keypad. Indeed, a compromised machine may simply 'route' an attacker's data to appear to originate from the machine that commenced the session. Now, the session could definitely be stolen, but again, I thought we were assuming any session was going to be compromised already. Maybe I missed the point.If we have to protect more then the authentication scheme, from what little I know,there would have to be NO involvement with the compromised machine, or users who can decrypt things themselves..hehehe - decoder ring to check your email... :) Even hardware interrupts could be intercepted and analysed, I believe though I'm not positive, if you, say,decided to setup a method of direct communication between the USB peripheral and the user-interfaces, (which would be cool, anyway). Well, that was my thought. I'm no engineer, so it was more of a stab in the dark, but thanks for your reply :) I think the time-delay thing and the control algorithm dynamically generating unique algorithms during encryption could really be expanded on. I haven't seen much along those lines, personally. Perhaps its because of the overhead. -- ___Play 100s of games for FREE! http://games.mail.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Most common keystroke loggers?
I'm sure there are problems with this, but here's my idea of preventing improper authentication. At best, I think the attacker would only be able to DoS the device, or attempt replay - which would fail without the correct time-delay. I think some kind of two-part blackbox auth with time delay waswhat I was trying to get at:) ** = an event -- = any traffic that crosses USB peripheral border, ie vulnerable data[KP] = USB (for instance)input peripheral, with keycode entry pad[RS] = Remote authentication site **[KP] is intialized upon deployment like a SecurId. It is synced with the auth server based on time, and several static algorithms. **[RS] is on the same time as [KP] **[RS] knows [KP] time-delay algorithm, and control algorithm, assoc. w/KPID. ** Upon being plugged in, heres what would happen: [KP] -- Remote auth SYN request, w/encrypted KPID sent -- [RS] **[RS] determines what time-delay algorithm [KP] is on by KPID. (KPID encryption is static to all components - possible point of failure.) [KP] - ACK sent back [RS] [KP] --- Traffic averages analysis between KP and RS --- [RS] **[KP] flashes green light to user **[KP] -- User enters Keycode --- [USER] **[KP] calculates two hashes, based on separate date/time sequence selected algorithms that are created using the current synced time, and a unique control algorithm determined during intialization. [KP] - transmits first hash sequence to - [RS] **[KP] waits x cycles based on a unique time-delay algorithm [RS] knows by KPID. [KP] --- transmits second hash sequence to [RS] - [RS] **[RS] uses earlier traffic analysis to determine an acceptable level of tolerance for receipt time, and determines consistency with time-delay algorithm for KPID. **[RS] authenticates data [KP] - Close session, pass/fail errout to KP [RS] **[KP] shuts down USB port, no further traffic until reset (several ways to do that) [Compromised PC] - Session -- [RS] What do you think? -- ___Play 100s of games for FREE! http://games.mail.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sugget a small pentest distro
I like knoppix STD, it fits on a CD, but hasn't been updated in sometime. First hit on google for live linux cds http://www.frozentech.com/content/livecd.php?pick=Allshowonly=security I even narrowed it down to the security section for your lazy ass. crazy frog crazy frog wrote: Hi, can anyone suggest a small pentest liux distro.smallest means(under 250 mb.),i seen one on whax site.has any one used it? no google please -- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) oh yeah oh yeah... another wannabe, in hackerland!!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Hole Found In Dave's Sock
Can we all shut up now? I know most of you are bored, please try to find something else to occupy yourselves with. I did not sign up to this list for childish banter (even though that is what I get most of the time, this is far exceeding the normal limit). Raj Mathur wrote: Ted == Ted Frederick [EMAIL PROTECTED] writes: Ted Dear list, I know that this list is not meant for personal Ted promotion but I think I would be remiss if I did not mention Ted that my company has recently released an upgrade to our Ted initial offering of Shoe 1.0. The upgrade to Shoe 2.0 Ted includes a firewall/anti-virus product previously known as Ted Sock 3.4563.v54. Ted The upgrade cost is $19.99. There is also a required software Ted assurance subscription of $325.79 monthly. Ted If all goes well with the new product I suspect that we will Ted be purchased by a major software vendor before year end thus Ted making updates available on the first Tuesday of every month Ted to protect against further holes. These updates will have Ted vague names with no indication of what they actually fix Ted which should relieve you of sparing any thought to what risks Ted you may have been exposed to prior to the patch. Ted Yes, we have in fact thought of everything so you don't have Ted to. I'm afraid you have fallen into the common trap of suggesting a hardwear solution for what is essentially a softwear problem. I'd have been much happier to see the softwear vendors acknowledge this vulnerability (it's endemic, not specific to one vendor) and offer upgrades to their softwear on a regular basis. I'm making a compilation of socks v5.0 softwear available in the market and subjecting them to stress testing; the testing includes running 2KM after subjecting the softwear to dipping in Sewer 0.2, having /bin/cat /bin/sleep on them for 2 days, and a cron job to periodically transfer them to and from a Windows system. The results of this testing will be available for a nominal fee(*). I also suspect that by the end of the testing the softwear will have metamorphosed into those elusive WMDs that have been, uh, eluding us for so long. (*) Standard nominal fee is half your kingdom and your daughter's hand in marriage). Regards, -- Raju ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Hole Found In Dave's Sock
OMG! It seems the Crank-Bot.A and the Humrlss variantare now being deployed as a polymorphous worm, using the Sock vulnerability as an initalpoint of infection. The implications are simply enormous...we all knew a "superworm" was just waiting to be developed, butwhowould haveguessedanybody would waste the time to write it! *click click click* Wait a minute...I didn't write that email... " From: John Smith" oh no...it's too late! I've been compromised! Quickly,protect yourselves from me! I need immediate quarantine! Additionally,I feel it is both my legal and moral responsibililty to completely disclose the nature of the compromise to those potentially affected. If you are a user of the host John Smith, please change your passwords, and begin checking your credit reports. This compromise may be extremely serious. Can we all shut up now? I know most of you are bored, please try to find something else to occupy yourselves with. I did not sign up to this list for childish banter (even though that is what I get most of the time, this is far exceeding the normal limit). -- ___Sign-up for Ads Free at Mail.com http://www.mail.com/?sr=signup ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
I agree. Please stop. Perhaps we could have a count of the 'ayes' to determine whether the list members wish to participate in the drama. I think the real issue here is that the rest of us really don't care. If you have a problem with someone, great. But telling us about it doesn't make you any more important in our eyes. In fact, everyone involved in this tit-for-tat is coming off looking very unprofessional. -- ___Sign-up for Ads Free at Mail.com http://www.mail.com/?sr=signup ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
I joined said IRC channel, and the topic is .ntscan 100 120 -a -b so it appears to be joining the channel and getting paramaters for this ntscan program --M Jan Nielsen wrote: I was at a customer today with this problem, initially their network was acting up and some ppl, couldn't logon to the servers in the morning. We found the file kilo.exe on some machines that apparently had not been patched, one thing I noticed while running this file on a vmware xp sp1 is that it connects to on irc server @ 61.220.217.49 on port 4128 and logs in to it with password : 146751dhzx Then it sets a few commands : JOIN #100+ MODE #100+ +nts Which for an RBOT virus in itself is nothing special, but I noticed one thing in my sniffer trace that got me a bit worried, this is a packet sent from the infected pc to the irc server : 00 06 53 2b f8 b1 00 0c 29 ce 67 a3 08 00 45 00 ..S+).g...E. 0010 00 53 a0 9b 40 00 80 06 1e 46 c0 a8 64 0d 3d dc [EMAIL PROTECTED] 0020 d9 31 07 13 10 20 22 0c d2 5b 13 95 d8 ee 50 18 .1... ..[P. 0030 3f 31 fe 93 00 00 50 52 49 56 4d 53 47 20 23 31 ?1PRIVMSG #1 0040 30 30 2b 20 3a 5b 02 4e 54 53 63 61 6e 02 5d 3a 00+ :[.NTScan.]: 0050 20 57 65 61 6b 70 61 73 73 77 6f 72 64 2e 2e 0d Weakpassword... 0060 0a . Anyone know what this could be ? Regards Jan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17. august 2005 00:54 To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Disney Down? MD5SUM 7a67f7a8c844820c1bae3ebf720c1cd9 (wintbp.exe) Trend Micro: WORM_RBOT.CBQ - http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBO T.CBQ Symantec: Win32.Zotob.E McAfee: exploit-dcomrpc Kaspersky: Net-Worm.Win32.Small.d This is what is on CNN right now. -Original Message- From: [EMAIL PROTECTED] on behalf of David Wilde Sent: Tue 8/16/2005 5:13 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Disney Down? A buddy of mine who's fiance works for Disney just told me that they have sent everyone home for the day. When I say everyone I mean, Disney Land, Disney World, Disney Corporate, etc... He's not sure what the virus is called but it's apparently very nasty. Anyone have any more info on this? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/