Re: [Full-disclosure] New open source Security Framework
1337 and then 31337 for exec cmd..yea.. but have not seen more paid... On 6 October 2011 19:01, Dan Dart dand...@googlemail.com wrote: tl;dr past popcorn, but when I saw $2, I lol'd. Weren't Google giving $1337 at some point? And didn't it go up to like $50,000 for a terrible remote root exploit? Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
As you might know, or not know, Exploit Pack is working without any foundation, company, governement and money-giving guy. There is no professionnal coder, programmer that is paid to develop this program. I have tried to ensure that the name of the exploit author is seen in all the software.It was my bad pasting the license there, but hey! Im human give me a break you troll. The next time would be better if you post it in the right place, GitHub. And in fact youre trying to blame here. Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. The freedom to run the program, for any purpose (freedom 0). The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The freedom to redistribute copies so you can help your neighbor (freedom 2). The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. Let me ask you why you are spending so much time annoying this GPL software? I hope next time get a patch of code from you and no nonsense again. Like I said to lroot. The same goes for YOU. If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:36 PM, xD 0x41 sec...@gmail.com wrote: wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
Re: [Full-disclosure] New open source Security Framework
Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!! ( Please do me a favor and read the license first ) Wanna keep talking about your personal opinion? Please.. As it was told stop doing it here, this is not a chatroom. We have a forum and a mailing list for that. It would be nice to see you there... Believe me. I invite you all to the new forum! :-) http://exploitpack.com Cheers! On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 sec...@gmail.com wrote: Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by
Re: [Full-disclosure] New open source Security Framework
ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, Oct 6, 2011 at 12:34 AM, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/ #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, 06 Oct 2011 00:34:00 -0300, root wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Bolud! no jodes con un Porteño fino! Aya se callen or desaparecen . [[ Juan Sacco ]] @ [[ 06/10/2011 02:16 ]]-- Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com mailto:sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com mailto:juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com mailto:sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com mailto:noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar mailto:ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com mailto:szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com
Re: [Full-disclosure] New open source Security Framework
Telling people to move their criticisms off of the (unmoderated) public forum and into the private forum that you control (and can freely censor as you see fit) is ridiculous. Now, if you really did as root said and just grabbed peoples' code from various public outlets and put it into your GPL product... *you really can't do that*. First off, the copyright of the code does not belong to you. You have to get permission or a separate license, *in writing*, *from the original author of the code*. If they don't give it to you, you have to do without or have someone cleanroom it for you (if you rewrite it yourself, your clone is arguably contaminated by your previous exposure). And they have to specifically authorize you to redistribute with the GPL license. If *they've* distributed with GPL, you should be fine; if they've distributed with nearly *any other license at all*, you have to get permission to redistribute since most other licenses impose additional restrictions which are specifically forbidden by the GPL. And if you're AT ALL unclear on what the redistribution license for their code is, the safe choice is simply to not redistribute. Just because someone puts their code out in public doesn't mean you're allowed to put their code out in public as well. As to your claim that Exploit Pack is working without any foundation, company, governement and money-giving guy, -- number one, you probably mean 'Venture Capitalist when you say money-giving guy. Number two, you seem to be either the PR for or the head of the company that makes INSECT Pro, correct? If INSECT Pro is your product and Exploit Pack is your *open source * product, especially given the proximity of both tools in their field (information security or whatever you want to call it), I would call this claim quite a stretch, at best. You are providing some measure of similar support for both products; how are you working to eliminate the conflict of interest of pulling something from Exploit Pack into INSECT? Maybe I'm not well-versed enough in your products, but I still do not believe it is possible for you (personally!) to claim Exploit Pack as a personal pet project when it's that close to the one you sell for money. On Wed, Oct 5, 2011 at 9:06 PM, Juan Sacco juansa...@gmail.com wrote: ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, Oct 6, 2011 at 12:34 AM, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it
Re: [Full-disclosure] New open source Security Framework
On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. pgpaRIdfRsNlC.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. pgpF3exFtRiNv.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I'd expect someone with the brain size of a pea would at least rename variables in the code he claimed as his... Someone with more sense would probably write such a 50-liner from scratch... On Thu, Oct 6, 2011 at 4:01 PM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On 10/05/2011 09:16 PM, Juan Sacco wrote: ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** Insults to you person are a very useful form of disclosure. People needs to know that you are insane. MITRE already reserved a block of CVEs for bugs in your stupid brain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hi Valdis, it is more complex than i thought... I do support open src, and am going to try and help the exploit pack, so, i hope that the maker is reading all of this and making some adjustments perhaps... alot of them actually. I did not think it was as complex as it has shown to be, but it indeed is. I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. Being .py script based code, it really has potential but the author has to get the GPL/lisencing in order and, make Insect pro and this product cleared up,asin to where your exploit code goes, will it stay there, or will it be added to his paid app... he could even be doing this, to get cheap exploits, to indeed put into the paid app... it is another possiblility, but, i do see he is putting in the hours, asin trying to make some changes to this app so it does work... so, for now, it is in public. cheers. xd On 7 October 2011 01:09, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Fri, 07 Oct 2011 06:36:51 +1100, xD 0x41 said: I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. One of the good things about the GPL (as opposed to the BSD license), is that you *can't* take GPL code private - if he's adding it to the proprietary app and shipping the result under a non-GPL license, he's in violation of the GPL and could end up in court. A lot of embedded hardware people have gotten into trouble that way. The *vast* majority have cleaned up their act and complied with the GPL requirements by either removing the GPL code or releasing source as required by the GPL. A few have been silly enough to let it get to court, and have universally been handed their butts by the judge. http://www.gpl-violations.org/ pgpwPGLW3rssx.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Well, I guess then people nowdays should be keeping more watch on ANYTHING they release into public... It is just going to get more complex i assume, with adding more lisences, as creative commons has kindly done.. however i do like theyre lisence, as it actually covers a .txt file, or even a .c file... wich is mainly why i have used it once in past for some code, so I could then keep an eye on it, but never have looked atall, at GPL. Anyhow, thx Valdi for shedding more light on things. On 7 October 2011 07:03, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 06:36:51 +1100, xD 0x41 said: I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. One of the good things about the GPL (as opposed to the BSD license), is that you *can't* take GPL code private - if he's adding it to the proprietary app and shipping the result under a non-GPL license, he's in violation of the GPL and could end up in court. A lot of embedded hardware people have gotten into trouble that way. The *vast* majority have cleaned up their act and complied with the GPL requirements by either removing the GPL code or releasing source as required by the GPL. A few have been silly enough to let it get to court, and have universally been handed their butts by the judge. http://www.gpl-violations.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 3:36 PM, xD 0x41 sec...@gmail.com wrote: Hi Valdis, it is more complex than i thought... I do support open src, and am going to try and help the exploit pack, so, i hope that the maker is reading all of this and making some adjustments perhaps... alot of them actually. I did not think it was as complex as it has shown to be, but it indeed is. GPL V3 is encumbered. Software released under it should not be considered 'free' because of the entanglements. Its why Apple is stuck at GCC 4.2 (and the reason they bought LLVM). Its the reason OpenBSD and other projects don't want use GPL V3. Its simply not free software under GPL V3. I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. Being .py script based code, it really has potential but the author has to get the GPL/lisencing in order and, make Insect pro and this product cleared up,asin to where your exploit code goes, will it stay there, or will it be added to his paid app... he could even be doing this, to get cheap exploits, to indeed put into the paid app... it is another possiblility, but, i do see he is putting in the hours, asin trying to make some changes to this app so it does work... so, for now, it is in public. Perhaps an Apache or BSD style license would be a more appropriate choice. http://www.gnu.org/licenses/ http://www.gnu.org/licenses/license-list.html Jeff On 7 October 2011 01:09, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Re: putting things in the public domain: Daniel J. Bernstein and Lawrence Rosen (of Creative Commons fame, I believe) seem to disagree with you on that: http://cr.yp.to/publicdomain.html Plus, pretty much the only 'license' djb uses is public domain, so qmail, djbdns, etc. are all public domain. Incidentally, SQLite (*not* written by djb) is *also* public domain, and very widely used, too. As for being sued for public domain code... I would say it is hard to sue an owner that does not exist (which is what public domain seems to do). Plus, they would probably have to prove malice or something. (I personally still wouldn't do it though!) On Oct 6, 2011 7:02 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 6:35 PM, Zach C. fxc...@gmail.com wrote: Re: putting things in the public domain: Daniel J. Bernstein and Lawrence Rosen (of Creative Commons fame, I believe) seem to disagree with you on that: http://cr.yp.to/publicdomain.html Plus, pretty much the only 'license' djb uses is public domain, so qmail, djbdns, etc. are all public domain. Incidentally, SQLite (*not* written by djb) is *also* public domain, and very widely used, too. Crypto++ is also public domain. As for being sued for public domain code... I would say it is hard to sue an owner that does not exist (which is what public domain seems to do). Plus, they would probably have to prove malice or something. I would not put anything past the lawyers. Jeff On Oct 6, 2011 7:02 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 5:34 AM, root ro...@fibertel.com.ar wrote: do not harass people who are writing software for free Oh, that's rich. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
- * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Wait there is more: http://exploitpack.com/faq How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. Juan Sacco, infosec needs people like you. You make me happy, Juan. Thank you. On 10/04/2011 12:42 PM, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Wed, 05 Oct 2011 06:49:40 -0300, root said: How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. At $2 per pop, you're going to see a lot of exploits that look like they were mass-migrated by a Perl script, or by an 11 year old, because that's the only two ways it makes economic sense for somebody to work for that pay rate. Man, is it too early in the morning to make popcorn? pgpZkTAPtq0D3.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I grab a bag of popcorn whenever Juan sends an email. On Wed, Oct 5, 2011 at 4:25 AM, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 06:49:40 -0300, root said: How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. At $2 per pop, you're going to see a lot of exploits that look like they were mass-migrated by a Perl script, or by an 11 year old, because that's the only two ways it makes economic sense for somebody to work for that pay rate. Man, is it too early in the morning to make popcorn? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
When I saw this I too thought Insect. Though still, I dont recall Insect having an exploit editor or ANY way to add modules (insect used a Metasploit install IIRC), but it DOES remind me (scarily) of CANVAS. Might check it out later. Out of interest, I was considering asking - what is all your opinions on using Metasploit (via RPC) as the shell handler in an exploitation framework? I was considering writing a fork of Fimap that used one. On Wed, Oct 5, 2011 at 2:10 PM, Gage Bystrom themadichi...@gmail.comwrote: I grab a bag of popcorn whenever Juan sends an email. On Wed, Oct 5, 2011 at 4:25 AM, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 06:49:40 -0300, root said: How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. At $2 per pop, you're going to see a lot of exploits that look like they were mass-migrated by a Perl script, or by an 11 year old, because that's the only two ways it makes economic sense for somebody to work for that pay rate. Man, is it too early in the morning to make popcorn? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. This is IT dream, 2bux for one 0day or, 100 = 200bux :P dang nabbit thats just to good an offer! what is sad, some people will actually 'do it' until they maybe find some people selling one 0day, for say 3000.hehe... thats verymuch taking advantage...nasty pack not exploitpack...made by others losses. On 5 October 2011 20:49, root ro...@fibertel.com.ar wrote: Wait there is more: http://exploitpack.com/faq How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. Juan Sacco, infosec needs people like you. You make me happy, Juan. Thank you. On 10/04/2011 12:42 PM, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Out of interest, I was considering asking - what is all your opinions on using Metasploit (via RPC) as the shell handler in an exploitation framework? I was considering writing a fork of Fimap that used one. Well here, i can say, I have recoded theyre whole fingerprinter for rpc/smb and it r0x. In windows, is worth doing 10x. Awesome handler for exploiting, and the updated ones look even better... although, i am mainly using a cpp fork of theyre rpc-smb fingerprint host-attack... very very good. On 6 October 2011 01:18, Darren Martyn d.martyn.fulldisclos...@gmail.comwrote: When I saw this I too thought Insect. Though still, I dont recall Insect having an exploit editor or ANY way to add modules (insect used a Metasploit install IIRC), but it DOES remind me (scarily) of CANVAS. Might check it out later. Out of interest, I was considering asking - what is all your opinions on using Metasploit (via RPC) as the shell handler in an exploitation framework? I was considering writing a fork of Fimap that used one. On Wed, Oct 5, 2011 at 2:10 PM, Gage Bystrom themadichi...@gmail.comwrote: I grab a bag of popcorn whenever Juan sends an email. On Wed, Oct 5, 2011 at 4:25 AM, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 06:49:40 -0300, root said: How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. At $2 per pop, you're going to see a lot of exploits that look like they were mass-migrated by a Perl script, or by an 11 year old, because that's the only two ways it makes economic sense for somebody to work for that pay rate. Man, is it too early in the morning to make popcorn? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - print Written by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Dont be angry about it, but, you could atleast give credit to those, your paying a whole 2$ to, or even if NOT paid, you should leave AUTHOR name INSIDE the exploit, maybe thats why it is being molested ? GPL is fine, but, you are seen as a bad dude, simply coz you dont give simple credit, and rather, add a patch for the thing to remove the autho, i mean, why not allow let ppl atleast see authors nickname/name.. it is not nice to those who put in theyre time, to help YOUR project, for whatever reasons, and, i love github, and, this has nothing todo with github, but, i am saying, you should never rename stuff, just take a look at 1337day.com, or , is that yours also ;p have a lovely day, i will look at the project, if i think it is decent, i would even buy, a pirated version... etc...etc... you know how it is, one copys out, 100 copies is really outtt ;) its all good bro, keep up the good work, just leave authors names maybe, remove email is fine, but you shuld leave author name, so ppl know maybe, wich things will be better/more reliable code, or stabler code, perhaps, than other authors... or, is that wrong to assume... i sure, would not like to see some code i have wrote, on there, without atleast saying #Thanks to xd for this one. it is one line dude. take it easy, dont flame up. xd On 6 October 2011 09:04, Juan Sacco juansa...@gmail.com wrote: As you might know, or not know, Exploit Pack is working without any foundation, company, governement and money-giving guy. There is no professionnal coder, programmer that is paid to develop this program. I have tried to ensure that the name of the exploit author is seen in all the software.It was my bad pasting the license there, but hey! Im human give me a break you troll. The next time would be better if you post it in the right place, GitHub. And in fact youre trying to blame here. Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. The freedom to run the program, for any purpose (freedom 0). The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The freedom to redistribute copies so you can help your neighbor (freedom 2). The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. Let me ask you why you are spending so much time annoying this GPL software? I hope next time get a patch of code from you and no nonsense again. Like I said to lroot. The same goes for YOU. If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:36 PM, xD 0x41 sec...@gmail.com wrote: wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On 10/05/2011 06:39 PM, xD 0x41 wrote: You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. This is IT dream, 2bux for one 0day or, 100 = 200bux :P I have verified your calculations. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
i know eh, coders dream :P Iits only 2bux per sploit you add.. so even from PoC code, to scanner, wow! Thats a bargain, a day code per scanner, unfortunately tho this is good money for some countrys, and people, and thats who the targets are for this.. lower level skilled coders... nasty . On 6 October 2011 10:15, root ro...@fibertel.com.ar wrote: On 10/05/2011 06:39 PM, xD 0x41 wrote: You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. This is IT dream, 2bux for one 0day or, 100 = 200bux :P I have verified your calculations. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY
Re: [Full-disclosure] New open source Security Framework
Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Juan, why lie dude, i looked at your github LATEST pull/commit, what is this then Exploit Pack/exploits/Free Float FTP Server - copia.xml - View file @ e17cc4dhttps://github.com/exploitpack/trunk/blob/e17cc4d5ee893ce93d2e56deccd7595e944210ee/Exploit%20Pack/exploits/Free%20Float%20FTP%20Server%20-%20copia.xml @@ -1,17 +0,0 @@ -?xml version=1.0 encoding=UTF-8? -Module - -Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=linux Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= -/Exploit - -Information Author=Blake Date=August 23 2011 Vulnerability=N/A -Free Float FTP Server USER Command Remote Buffer Overflow Exploit -when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default -exploiting these issues could allow an attacker to compromise the application, access or modify data. -/Information - -Targets -Microsoft Windows XP SP2 - Microsoft Windows XP SP3 -/Targets - -/Module exposed! and it is rubbish. 5 exploits, i even pointed him, (in pvt) to a million py files he can now deface... and he acting like, hes all for the author being in the sploit..right..ye.. and nice use of xml ... this is worse thing, i have seen, i have seen better made bash exploit packs. sorry, again your stuff is a complete fail. not even the main exploits, who the heck cares about ftpds like, 10 students use.. you are maybe in need of guidance, wich, i doubt anyone will give after these lies your pulling... telling ppl, your doing the RIGHT thing, when your git pull says different! i alsio have a giot hub, and understanmd how it works,. so stop trying to stooge people dude, your stuff sux. and when i tried to seperate links, into different downloads, like your download page specifies.. it does not work and always gives the base, wich is linux. only. i believe...unless osme, small tweaking/batfile made for win32..but, you advertise the win32 binarys..so, your just fake. pls explain..why your acting like, i am a liar, when, your removing the author, from even the exploits now... cheeky,and very rude to me personally. screw u and ur pathetic crap, open or closed,it is a waste of time. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake
Re: [Full-disclosure] New open source Security Framework
as i said again stop the lies.' Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco I did, and i also looked at hyour git src to. screw u and the pack,. until it is pro, i wont b near it, and, it wont EVER b pro, with YOU runnin it,. who will give u GOOD stuff, for 2bux.. fool. and you dare lie, anyone can check what i just saw, and, thats him, plain out lying about his stuff, instead of just, admitting, ok well, it is new, and, could be, fixed alittle..any siggestions are welcome... as, i did give him already one in PM... but now, pfft. stop ccing me pls. xd On 6 October 2011 11:16, Juan Sacco juansa...@gmail.com wrote: Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59,
Re: [Full-disclosure] New open source Security Framework
OK, now that is out of way, i would be very happy to help, and contribute even, and will join that list, i dont have address offhand, but i will look for it if i have to,...and, i will suggest things there, and, i am not nasty, I just, respect authors. I appreciate this change..and, i understand, the project, is still young. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. I thankyou for this, and this would be nice if it was somehow, incorporated into the exploit-name,but, i understand this is harder..but some coders, theyre work is always amazing, those guys, would definately deserve it.. but, thats totally something, i will leave to you. i will even try and, assist the project when i have time, since you are also trying to work with things. I want this clear, there is no spite/hate here, it is simply new, and needs like all new things, debugging alittle :) it is, good start. xd On 6 October 2011 11:16, Juan Sacco juansa...@gmail.com wrote: Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011
Re: [Full-disclosure] New open source Security Framework
Yes, i will join. http://exploitpack.com/mailing-list i will try and contribute actually.. i see now why you removed abit of the author name but... kinda handy to know it is always same author to ;p but, we will discuss this on that list :) i will look forward to trying to make it, abit nicer ... specially, could get some friendly help, wich would be nice.. thats what it needs, some deent codes..to be really looked at, and used, then, you would want to get it added to like BT or BackBox etc...so, i can try help , sure :) Im glad you offered that ,.hehe. cheers, xd On 6 October 2011 11:23, Juan Sacco juansa...@gmail.com wrote: Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!! ( Please do me a favor and read the license first ) Wanna keep talking about your personal opinion? Please.. As it was told stop doing it here, this is not a chatroom. We have a forum and a mailing list for that. It would be nice to see you there... Believe me. I invite you all to the new forum! :-) http://exploitpack.com Cheers! On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 sec...@gmail.com wrote: Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit
Re: [Full-disclosure] New open source Security Framework
Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I would say, this code would require better, like Creative Commons, perhaps lisencing on 3rd party code, then it can be named exactly what is and isnt added in as a 'paper' to the commons, it is better for his project, i think... GPLv3 , i have not studied but, i am considering the use of 3rd partry modules wich have NO lisencing whatsoever. I will try to help him but, he has to understand, there is simple rules about these things... I think he does though understand, so i will offer my help in this anyhow.. I guess you also have helped, by pointing the lisencing out for him to.. But id debate on wich lisence touse... id take CCommons.. cheers, xd On 6 October 2011 14:34, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New open source Security Framework
Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java On Tue, Oct 4, 2011 at 9:31 PM, Justin Klein Keane jus...@madirish.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
XML Modules? In *my* exploit pack? -Travis On Tue, Oct 4, 2011 at 3:44 PM, Mario Vilas mvi...@gmail.com wrote: I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java On Tue, Oct 4, 2011 at 9:31 PM, Justin Klein Keane jus...@madirish.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 insecurityresearch.com (the Insect PRO site) does in fact seem to redirect to exploitpack.com - nice catch Chris. Justin Klein Keane http://www.MadIrish.net The digital signature on this e-mail may be confirmed using the PGP key located at: http://www.madirish.net/gpgkey On 10/04/2011 02:46 PM, ctrun...@christophertruncer.com wrote: So this is from the same people that developed Insect Pro? Chris On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote: Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a JAVA GUI, Python as Engine and well-known exploits made by users. It has a module editor to make the task of developing new exploits easier, Instant Search and XML-based modules. This open source project comes to fill a need, a high quality framework for exploits and security researchers with a GPL license and Python as engine for its modules. GPL license to ensure the code will always be free Instant search built-in for modules easy access Module editor that allows the user to create custom exploits Modules use XML DOM, really easy to modify Python as Engine because its the language more used on security related programming We are actually working with social code network, to participate in this project you will only need a GitHub account. Also, I am looking for financial support to keep me coding. If you want to be part of this open source project or just want to collaborate with me: Please reply to jsa...@exploitpack.com Why don’t you download and give it a try right now? While downloading, you may watch this quick video on YouTube! Video: http://www.youtube.com/watch?v=cMa2OrB7b5A Website: http://www.exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iPwEAQECAAYFAk6LXyQACgkQkSlsbLsN1gDTAwb/U8PFg04A1Te4LywChw0tMQeG IZZf1wc3Uo0SVYoTxRjRgCfYKyLNaAgt2jvpxoaj2RlJssU/Conj7mBNXc1if3yj Jx+i2uKWUs0PMxU3reze5/xLrAL1avXAlpSeM9/9WO1hHeW/s7NTQUnMIRtnDwhT TII1euY67LuyQUqsK7LhShVZEK2uCu3pmIS3SIxTJKATXmo1UtU2VYxvnfLSVD8+ KwxL166Q20Xhyd4+i+u5buOGARm3vOO5d3wiN8hEuNXSJXM4v6dswUaR1y4Zx9U6 3PrlNE7PDDdjWHj2mcA= =zyNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Twitter https://twitter.com/tbiehn | LinkedInhttp://www.linkedin.com/in/travisbiehn| GitHub http://github.com/tbiehn | TravisBiehn.comhttp://www.travisbiehn.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On 10/4/11 12:44 PM, Mario Vilas wrote: I don't think it's supposed to be a secret. There are also references to Insect Pro in the source code: BTW, you gotta love the scanner :) https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java Looks a bit (identical) to http://www.vogella.de/articles/EclipseJobs/article.html#progressreport :p ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Would you kindly die in a fire? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Tue, 04 Oct 2011 20:01:26 EDT, Travis Biehn said: XML Modules? In *my* exploit pack? XML - the kudzu of the internet. pgptYubnGpgKV.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/