Re: [Full-disclosure] Top Information Security Consultants to Hire -- WANTED

2013-07-23 Thread Travis Biehn 
What an interesting mix of 'pro tips'. *ahem*


On Tue, Jul 23, 2013 at 7:55 PM, Daniël W. Crompton <
daniel.cromp...@gmail.com> wrote:

>
> I think he's collecting the names of people he can direct market to.
>
> D.
>
>
>
> On 24 July 2013 01:04,  wrote:
>
>> On Mon, 22 Jul 2013 21:23:08 -0500, Bob iPhone Kim said:
>>
>> > BUT... turns out that about half of the people we mentioned are NOT
>> looking
>> > for new clients.
>>
>> ironic_trombone.wav
>>
>> So are you making a list of actual top consultants, or a list of
>> those people who have free time to read F-D precisely because they
>> *aren't* top consultants?
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> blaze your trail
>
> --
> Daniël W. Crompton 
>
> 
>
> 
> http://specialbrands.net/
>
> 
> 
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] #warning -- DICE.COM insecure passwords

2013-02-12 Thread Travis Biehn 
What Tim said. I think warning was writing about the public shame from
having a massive pw dump not having some neckbeard expose them over using
crypt on some random industry mailing list (shudders).

Here is a long article on secure password storage. It is extremely exciting:
http://www.cigital.com/justice-league-blog/2012/06/11/securing-password-digests-or-how-to-protect-lonely-unemployed-radio-listeners/

-Travis


On Tue, Feb 12, 2013 at 5:14 PM, Tim wrote:

> > That's assuming that they didn't do the risk analysis and decide that
> > the effort required to fix the problem (which will probably require,
> > among other things, having every single user change their password)
> > is worth the effort.  Given that so many places have gotten hacked and
> > pwned that the user community response is usually "Meh. Another one",
> > they may rightfully have concluded that risking public shaming is
> > in fact a good business decision...
>
>
> Here's a bit of pseudocode for you Valdis:
>
> for each user:
>   let user.new_hash = scrypt(user.old_crypt_hash)
>
> # now update authentication routine to use user.new_hash with new
> # nested hashing algorithm
>
>
> So really, there's actually not a good reason to keep a crappy hash
> database around.  Just add a layer of good salted hashing on top.
>
> With that said, the unusual quirk of crypt being limited to 7
> characters is an additional challenge, but you can start with the
> above steps (which immediately improves security), and then slowly
> transition to using scrypt alone or some variant that supports longer
> passwords.
>
> tim
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Are software cracks also a form of security vulnerabilities?

2013-01-17 Thread Travis Biehn 
Most licensing systems are toothless except for the ones that offload
critical functionality to external components.
A) A USB Stick that processes encrypted commands issued by the program.
These little things are pretty ingenious, they contain the decryption keys
in the USB stick and the program contains encrypted functions. High cost to
recover the decryption key and get the routines and they work in offline
mode.
B) Program logic is carried out server side. Cost to maintain servers,
program requires persistent internet connection.

Neither of them seem too feasible for a mobile environment, developers have
to assume and account for losses due to piracy just like in any other
medium.

That being said nobody is preventing you from responsibly disclosing
licensing issues to a vendor and recommending a more robust approach. One
such case is if a vendor was to use a license.dat file stored in open
storage, easily copied and shared. You might also warn a vendor with
un-obfuscated binaries which make it excessively easy to bypass validation
routines.

Of course the impetus is on the vendor, as usual, to make a correction. In
the context of licensing the damage is to the IP holder not the consumer.
Outside of the licensing there are a number of areas where an unobfuscated
binary or improper data handling could hurt end-users.

-Travis


On Thu, Jan 17, 2013 at 8:31 AM, COPiOUS  wrote:

> Yes, I know - lets say that someone who isn't me is an experienced
> software and hardware
>  reverse engineer.
>
> But the cracking scene is often surrounded with a dirty smell of piracy,
> leaving the real interest (research
>  in software "vulnerabilities") often obfuscated.
>
> Let's say that someone who isn't me has found obvious risks in licensing
> systems of certain vendors,
>  does this also account as vulnerabilities, since licensing issues mostly
> don't really account customers
> directly, but pose a risk for the software manufacturer.
>
> COPiOUS
>
> On 17-1-2013 at 2:11 PM, "Travis Biehn"  wrote:
> >
> >COPiOUS,
> >The best you can do is obfuscate your binaries to the point where
> >it keeps
> >out the least skilled attackers, beyond that it's unreasonable to
> >expect
> >your binaries will stay un-modifiable or resist examination at all.
> >
> >The best I can recommend is that if you have logic that you don't
> >want compromised or if there's a pay-application to host most of
> >the logic
> >on your server; providing license verification there.
> >
> >-Travis
> >
> >
> >On Thu, Jan 17, 2013 at 4:20 AM, COPiOUS 
> >wrote:
> >
> >> Hello,
> >>
> >> First of all, the question is in the subject. Should say enough.
> >>
> >> In my opinion they are, since a software crack allows
> >unauthorized use of
> >> software and the exposure of (possible) trade secrets, but I
> >want to know
> >> how other people think about this. Also, by cracking software
> >packages,
> >> other issues pop up quite often - quite a lot of applications
> >aren't
> >> tamper-proof. But does "not tamper-proof" mean that the software
> >is flawed?
> >>
> >> Since we're moving to a smartphone/app-centric world,
> >application security
> >> (and especially mobile application security) is an important
> >topic, since
> >> many developers think that a walled garden is safe. It's not
> >because you
> >> can't get out, that others can't get in.
> >>
> >> COPiOUS
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> >--
> >Twitter <https://twitter.com/tbiehn> |
> >LinkedIn<http://www.linkedin.com/in/travisbiehn>|
> >GitHub <http://github.com/tbiehn> |
> >TravisBiehn.com<http://www.travisbiehn.com>
>
>


-- 
Twitter <https://twitter.com/tbiehn> |
LinkedIn<http://www.linkedin.com/in/travisbiehn>|
GitHub <http://github.com/tbiehn> | TravisBiehn.com<http://www.travisbiehn.com>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] new law proposal on EU against hacking tools and practices

2012-04-09 Thread Travis Biehn 
'Clear purpose for committing any of the offenses' is usually easy to prove.

-Travis

On Mon, Apr 9, 2012 at 11:53 AM,  wrote:

> On Mon, 09 Apr 2012 16:43:16 +0200, psy said:
> > this is the official text.
> >
> >
> http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-476.089+01+DOC+PDF+V0//EN&language=EN
>
> Thanks for posting that.  Looks like the final text is in fact not that
> bad. In
> particular, Amendent 7 clarifies that authorized pen-testing is legal, and
> Amendment 22 strikes the "possession" of tools/devices and adds "for the
> clear
> purpose of committing any of the offences".
>
> So you're allowed to have a copy of Metasploit, but pointing it someplace
> you don't have permission is still strictly forbidden. Sanity wins, at
> least this
> time. ;)
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] CIntruder v0.1

2012-04-09 Thread Travis Biehn 
Awesome.

On Mon, Apr 9, 2012 at 10:58 AM, psy  wrote:

> Dear All,
>
> I am pleased to present a new tool called: *CIntruder* (v0.1) - the
> captcha intruder.
>
> Description
> ===
> CIntruder is an automatic pentesting tool to bypass captchas.
>
> Website
> ===
> http://cintruder.sf.net
>
> Videos
> ==
> http://cintruder.sourceforge.net/#videotutorials
>
> Download
> 
>
> http://sourceforge.net/projects/cintruder/files/cintruder_v0.1.0.tar.gz/download
>
> Mailing list
> 
> cintruder-us...@lists.sourceforge.net
>
> -
>
> Any suggestion or idea is welcome.
>
> Enjoy it!
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Circumventing NAT via UDP hole punching.

2012-02-22 Thread Travis Biehn 
I'm looking forward to your article about how staplers can 'inject metal
projectiles into vulnerable pulp-slurry attack surface substrates for
information affixal.'

http://en.wikipedia.org/wiki/STUN

-Travis

On Wed, Feb 22, 2012 at 11:04 AM, Dan Dart  wrote:

> Yes, isn't it great?
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Large password list

2011-12-02 Thread Travis Biehn 
Thanks, I'm not really up on my hipster licensing schemes.

-Travis

On Fri, Dec 2, 2011 at 1:54 PM, Nate Theis  wrote:

> Creative Commons BY-SA might be more appropriate than the GPL.
> On Dec 2, 2011 10:41 AM, "Travis Biehn"  wrote:
>
>> My password leaks will all be released under the GPL.
>>
>> -Travis
>>
>> On Fri, Dec 2, 2011 at 7:28 AM, Mario Vilas  wrote:
>>
>>> On Fri, Dec 2, 2011 at 3:05 AM, adam  wrote:
>>>
>>>> C:\Users\adam\Desktop>ls -la combined.zip | gawk "{print $5}"
>>>> *31337*317
>>>>
>>>
>>> That's a funny coincidence. :)
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> Twitter <https://twitter.com/tbiehn> | 
>> LinkedIn<http://www.linkedin.com/in/travisbiehn>|
>> GitHub <http://github.com/tbiehn> | 
>> TravisBiehn.com<http://www.travisbiehn.com>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>


-- 
Twitter <https://twitter.com/tbiehn> |
LinkedIn<http://www.linkedin.com/in/travisbiehn>|
GitHub <http://github.com/tbiehn> | TravisBiehn.com<http://www.travisbiehn.com>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Large password list

2011-12-02 Thread Travis Biehn 
My password leaks will all be released under the GPL.

-Travis

On Fri, Dec 2, 2011 at 7:28 AM, Mario Vilas  wrote:

> On Fri, Dec 2, 2011 at 3:05 AM, adam  wrote:
>
>> C:\Users\adam\Desktop>ls -la combined.zip | gawk "{print $5}"
>> *31337*317
>>
>
> That's a funny coincidence. :)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

2011-11-08 Thread Travis Biehn 
I think these details released are in line with our understanding of the
attack:
a) Enumerate network (by trying routes, or reading the broadcast list.)
b) Scan the nodes
c) Hack the vulnerable ones, installing malware, and/or add your own
malicious nodes
d) DOS the un-comprimized nodes, forcing network traffic to the attacker
controlled nodes

The only things that seem like they could be of value are the malicious
node used to support traffic correlation and the alluded to TCP-Reset
attack (which is probably just a syn flood).

The rest is hype, you are safe to use Tor as usual. If you are worried
about using Tor, grab a list of exit nodes and try to hack them yourself.

-Travis

On Tue, Nov 8, 2011 at 10:47 AM, not here  wrote:

> That's a followUp!
> TOR Attack isn't hype, and on 10th of november, mayhem will be released
> don't troll, you fool.
>
> http://cvo-lab.blogspot.com/2011/11/tor-attack-technical-details.html
>
>
> -
> "Rumors of Tor's compromise are greatly exaggerated"
>
> https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
>
> [[   Mohit Kumar   ]] @ [[   24/10/2011 16:31
> ]]--
> > French researchers from ESIEA <
> http://www.esiea.fr/c/en/Web.Esiea.Public.cuke?>, a French engineering
> school, have found and exploited some serious vulnerabilities in the TOR
> network. They performed an inventory of the network, finding 6,000
> > machines, many of whose IPs are accessible publicly and directly with
> the system’s source code. They demonstrated that it is possible to take
> control of the network and read all the messages that circulate.
> >
> > But there are also hidden nodes, the Tor Bridges, which are provided by
> the system that in some cases. Researchers have developed a script that,
> once again, to identify them. They found 181. "/We now have a complete
> picture of the topography of
> > Tor/," said Eric Filiol.
> >
> > Read More at "The Hacker News" --
> http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html
> > --
> > *Regards,*
> > *Owner,*
> > *The Hacker News *
> > *Truth is the most Powerful weapon against Injustice.*
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Tor anonymizing network Compromised by French researchers

2011-10-24 Thread Travis Biehn 
So they put up a fake network, 'hacked' most of the nodes, and with complete
control of their dummy network they were able to figure out traffic
movement?

This is news why?

-Travis

On Mon, Oct 24, 2011 at 10:31 AM, Mohit Kumar wrote:

> French researchers from 
> ESIEA,
> a French engineering school, have found and exploited some serious
> vulnerabilities in the TOR network. They performed an inventory of the
> network, finding 6,000 machines, many of whose IPs are accessible publicly
> and directly with the system’s source code. They demonstrated that it is
> possible to take control of the network and read all the messages that
> circulate.
>
> But there are also hidden nodes, the Tor Bridges, which are provided by the
> system that in some cases. Researchers have developed a script that, once
> again, to identify them. They found 181. "*We now have a complete picture
> of the topography of Tor*," said Eric Filiol.
>
> Read More at "The Hacker News" --
> http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html
> --
> *Regards,*
> *Owner,*
> *The Hacker News *
> *Truth is the most Powerful weapon against Injustice.*
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] New open source Security Framework

2011-10-04 Thread Travis Biehn 
XML Modules? In *my* exploit pack?

-Travis

On Tue, Oct 4, 2011 at 3:44 PM, Mario Vilas  wrote:

> I don't think it's supposed to be a secret. There are also references to
> Insect Pro in the source code:
>
>
> https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java
>
> BTW, you gotta love the "scanner" :)
>
>
> https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java
>
> On Tue, Oct 4, 2011 at 9:31 PM, Justin Klein Keane wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>>
>> insecurityresearch.com (the Insect PRO site) does in fact seem to
>> redirect to exploitpack.com - nice catch Chris.
>>
>> Justin Klein Keane
>> http://www.MadIrish.net
>>
>> The digital signature on this e-mail may be confirmed using the
>> PGP key located at: http://www.madirish.net/gpgkey
>>
>> On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote:
>> > So this is from the same people that developed Insect Pro?
>> >
>> >
>> > Chris
>> >
>> >
>> >
>> >
>> > On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote:
>> >> Exploit Pack is an open source security framework developed by
>> >> Juan Sacco. It combines the benefits of a JAVA GUI, Python as
>> >> Engine and well-known exploits made by users. It has a module
>> >> editor to make the task of developing new exploits easier,
>> >> Instant Search and XML-based modules.
>> >>
>> >> This open source project comes to fill a need, a high quality
>> >> framework for exploits and security researchers with a GPL
>> >> license and Python as engine for its modules.
>> >>
>> >> GPL license to ensure the code will always be free Instant search
>> >> built-in for modules easy access Module editor that allows the
>> >> user to create custom exploits Modules use XML DOM, really easy
>> >> to modify Python as Engine because its the language more used on
>> >> security related programming
>> >>
>> >> We are actually working with social code network, to participate
>> >> in this project you will only need a GitHub account.
>> >>
>> >> Also, I am looking for financial support to keep me coding. If
>> >> you want to be part of this open source project or just want to
>> >> collaborate with me:
>> >>
>> >> Please reply to jsa...@exploitpack.com
>> >>
>> >> Why don’t you download and give it a try right now? While
>> >> downloading, you may watch this quick video on YouTube!
>> >>
>> >> Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website:
>> >> http://www.exploitpack.com
>> >>
>> >> ___ Full-Disclosure -
>> >> We believe in it. Charter:
>> >> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> >> sponsored by Secunia - http://secunia.com/
>> >
>> > ___ Full-Disclosure -
>> > We believe in it. Charter:
>> > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> > sponsored by Secunia - http://secunia.com/
>> >
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG
>> IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj
>> Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT
>> TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+
>> KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6
>> 3PrlNE7PDDdjWHj2mcA=
>> =zyNs
>> -END PGP SIGNATURE-
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> “There's a reason we separate military and the police: one fights the enemy
> of the state, the other serves and protects the people. When the military
> becomes both, then the enemies of the state tend to become the people.”
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting

2011-09-25 Thread Travis Biehn 
GloW: there's a lot of 3rd party software that installs itself as windows
services.

-Travis

On Sun, Sep 25, 2011 at 9:15 PM, GloW - XD  wrote:

> Haha , too good and too true thor !
>
>
> Maybe he can trick the user into installing on a FAT32 partition first, and
> THEN get the to execute from a remote share!
>
> Rofl x10.
>
> Agreed , this kind of attack, is NOT deasible in 2011, try maybe, 2006.
>
> Anyhow it has been a pleasure, ending this BS i think once and for all,
> lookup how winlogon works for one thing, then look at how windows creates
> and maintains a service_table, and then at the dlls, wich are protected ofc,
> you cannot touch msgina.dll,without ALOT of help from a rootkit or something
> similar, in wich case, why would you need to ?
> You could add an admin, hidden, and in simple batfile script (yes i do have
> my own code but no it is not for kids..), this is 10seconds and hidden, so
> when you have gotten that far, why would you bother to hijack a dll ?
>
> You CANNOT do crap,without complete ADMIN not SYSTEm, ADMIN$ share, and
> total axcs to all sockets, meaning, all pipe control and thats where half of
> windows exchanges smb shares for one thing, you guys dont seem to know CRAP
> about windows to start with, then have the gall to raise such a frigging
> ridiculous topic about a non happening, YOUTUBE ONE 'real' event, of this
> being useful, or, even just working, and i would look but, you wont, cannot,
> and will never be able to, especially on newer systems of windows7-8.
> As i said earlier, enjoy your bs DFLL hijacking, but ms, dont care for it,
> and whatever patches they instilled, dont touch even service_table.. so,
> they have not given it a high prio,and why shuld they.
>
> This is simply a case of a secteam gaining notoriety, to try and make this
> a 'big bug!!' , to try and gain brownie points from MS. Even tho, i dont
> believe in many things MS, I know windows system, and how to break it,
> better than many people, and i can tell you now, this whole DLL hijack, is a
> complete and utter waste of your times.
> But... keep on going, maybe MS will send you another 'thankyou' email ;)
> xd / crazycoders.com / #haxnet@Ef
>
>
>
>
>
> On 26 September 2011 10:52, Thor (Hammer of God) wrote:
>
>>  Maybe he can trick the user into installing on a FAT32 partition first,
>> and THEN get the to execute from a remote share!
>>
>> On Sep 25, 2011, at 5:30 PM, "Travis Biehn"  wrote:
>>
>>   It might be a fun experiment to see what DLLs they're looking for :.)
>>
>>
>> -Travis
>>
>> On Sun, Sep 25, 2011 at 2:57 PM, < 
>> kz2...@googlemail.com> wrote:
>>
>>> To replace a service executable you usually need administrator access
>>> anyway.
>>>
>>>
>>> --Original Message--
>>> From: Madhur Ahuja
>>> Sender: 
>>> full-disclosure-boun...@lists.grok.org.uk
>>> To: security-bas...@securityfocus.com
>>> To: full-disclosure@lists.grok.org.uk
>>> Subject: [Full-disclosure] Privilege escalation on Windows using
>>> BinaryPlanting
>>> Sent: 25 Sep 2011 19:31
>>>
>>> Imagine a situation where I have a Windows system with the restricted
>>> user access and want to get the Administrator access.
>>>
>>> There are many services in Windows which run with SYSTEM account.
>>>
>>> If there exists even one such service whose executable is not
>>> protected by Windows File Protection, isn't it possible to execute
>>> malicious code (such as gaining Administrator access) simply by
>>> replacing the service executable with malicious one and then
>>> restarting the service.
>>>
>>> As a restricted user, what's stopping me to do this ?
>>>
>>> Is there any integrity check performed by services.msc or service
>>> itself before executing with SYSTEM account ?
>>>
>>> Madhur
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter:  <http://lists.grok.org.uk/full-disclosure-charter.html>
>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - <http://secunia.com/>
>>> http://secunia.com/
>>>
>>>  Sent from my POS BlackBerry  wireless device, which may wipe itself at
>>> any moment
>>>  ___
>>> Full-Disclosure - We believe in it.
>>> Charter:  <http://lists.gr

Re: [Full-disclosure] Privilege escalation on Windows using BinaryPlanting

2011-09-25 Thread Travis Biehn 
It might be a fun experiment to see what DLLs they're looking for :.)


-Travis

On Sun, Sep 25, 2011 at 2:57 PM,  wrote:

> To replace a service executable you usually need administrator access
> anyway.
>
>
> --Original Message--
> From: Madhur Ahuja
> Sender: full-disclosure-boun...@lists.grok.org.uk
> To: security-bas...@securityfocus.com
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Privilege escalation on Windows using
> BinaryPlanting
> Sent: 25 Sep 2011 19:31
>
> Imagine a situation where I have a Windows system with the restricted
> user access and want to get the Administrator access.
>
> There are many services in Windows which run with SYSTEM account.
>
> If there exists even one such service whose executable is not
> protected by Windows File Protection, isn't it possible to execute
> malicious code (such as gaining Administrator access) simply by
> replacing the service executable with malicious one and then
> restarting the service.
>
> As a restricted user, what's stopping me to do this ?
>
> Is there any integrity check performed by services.msc or service
> itself before executing with SYSTEM account ?
>
> Madhur
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> Sent from my POS BlackBerry  wireless device, which may wipe itself at any
> moment
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
GitHub  | TravisBiehn.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fix for NTFS permissions issue in QuickTime 7.x for Windows

2011-09-20 Thread Travis Biehn 
Lol... Nice.

On Wed, Sep 21, 2011 at 12:24 AM, Robert Kim App and Facebook Marketing <
evdo.hs...@gmail.com> wrote:

> Geoff... what other platforms does this not help? Does this apply to
> Android? Or am i totally missing the point?
>
> On Tue, Sep 20, 2011 at 3:42 PM, Geoff Strickler
>  wrote:
> > In Dec 2010, Apple released QT 7.6.9. One of the included fixes was for
> > Apple. While 7.6.9 corrects the problem with new installations, it does
> not
> > revoke the inappropriate NTFS permissions that may have been granted by
>
> --
> Robert Q Kim
> SEO Marketing Advisor Google Page 1
> http://sparkah.com/google
> 2611 S Coast Highway
> San Diego, CA 92007
> 310 598 1606
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Twitter  |
LinkedIn|
TravisBiehn.com 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/