-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As of today, one of the best hacker books ever, long out of print and
unavailable except from eBay and crusty used book stores in the East
Village, is now available for free download here:
http://www.immunityinc.com/downloads/TheLongRun.pdf
Dave
d in the appendix."
That would be, uh, ALL NT applications?
Dave Aitel
SVP Research and Engineering
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ <--"Exploits that don't have to brute
force."
On Fri, 28 Mar 2003 09:30:23 -0600
"Eric Hines" <[EMAIL PROTECTED
ode manually, just
out of curiosity?
Dave Aitel
Advanced Engineering Directorate
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking like it's done in the
movies."
On Wed, 26 Mar 2003 22:55:12 +0900
¿ÀÁ¤¿í <[EMAIL PROTECTED]> wrote:
> my @return_addresses=(
> &
ave a chance to use the encoder sometime soon, I'm sure.
I'm not having the same problem you are with characters > 0x7f though.
Did you use the % character in your shellcode?
Dave Aitel
VP of Research and Development
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hacking l
ently than previously hoped? I'm really
curious.
Also in the article is a insanely optimistic belief that most
vulnerabilities are found first by "researchers who publish them" and that
"it's been about a year since a significant 0day exploit was revealed."
Da
m seeing with Windows 2000 SP3 here in my lab.
(I spent a while trying to track down what a particular field with the
Locator traffic was, but it turned out to be just a part of my stack.)
In practice, you would want to get the address of the data segment for
RPCRT4, I imagine, rather than the a
inputs to a program can be reduced intelligently by a
tester, compensating for incomplete knowledge of the target's
implementation or design.
Thank you,
Dave Aitel
Public and Media Relations
Immunity, Inc.
http://www.immunitysec.com/
917-545-4742
So after writing the RPC locator exploit, I noticed that the service
is not actually vulnerable until it has been initialized
properly. Does anyone have any more information on how often and when
this service is intialized (as opposed to simply started)?
Here is tethereal output illustrating an u
the end of
February (during BlackHat).
Thanks,
Dave Aitel
Media Relations
Immunity, Inc.
http://www.immunitysec.com/
he Hello bug, I hereby pre-name it the "Yo
G! What's up! SQL!" worm.
Dave Aitel
Immunity, Inc.
On Sat, 25 Jan 2003 13:56:36 -0500
"trent dilkie" <[EMAIL PROTECTED]> wrote:
> Can anybody confirm that this worm is spreading on the Desktop Engine
> too?(MSDE)
platforms fuzzers are happily picking out stack
overflows in initial handshake messages.
Were you comparing a vendor's internal bug database to various bugzillas
you might have a better case.
Dave Aitel
Immunity, Inc.
On Tue, 26 Nov 2002 19:17:56 +1300 (NZDT)
zen-parse <[EMAIL PROTECTED]&
have the random seed that crashed it. Then
you can do some more work to manually isolate the exact packet or
sequence that crashes it.
On Tue, 2002-10-22 at 14:25, lion wrote:
> *
> * MS WIN RPC DoS CODE FROM SPIKE v2.7
> *
--
Dave Aitel <[EMAIL PROTECTED]>
Immunity, Inc
signa
Immunity Advisory to the General Public
Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3
Author: Dave Aitel
Date: October 18, 2002
Because the default SPIKE 2.7 run has been able to discover this
vulnerability, and various people have contacted me regarding it, I
offer this
t one case, they succeed.
You can verify all Immunity packages with hashdb
( http://www.immunitysec.com/hashdb.html ). A full changelog
is available at http://www.immunitysec.com/CHANGELOG.txt .
Dave Aitel
Immunity, Inc.
I've run into, gives you
LOCAL/SYSTEM. LOCAL/SYSTEM usually has significant privileges.
Dave Aitel
Immunity, Inc.
"Unchecked buffer in SQL Server 2000 authentication function
(CAN-2002-1123):
Whats the scope of this vulnerability?
This is a buffer overrun vulnerability. By send
gainst 192.168.1.100 after setting up PPTP on that
machine. It's a good idea to set up SoftIce as well.
bash$ ./generic_send_tcp 192.168.1.100 1723 ./pptp.spk 0 0
#wait for crash. It's in the second packet, I believe.
Dave Aitel
Immunity, Inc.
References
-
. SPIKE Proxy now includes a crawler, and dcedump now
includes a Unix port of ifids.
A full changelog is available at:
http://www.immunitysec.com/CHANGELOG.txt
There's also a new SPIKE mailing list at:
http://www.immunitysec.com/mailman/listinfo/spike
Dave Aitel
Immunity, Inc.
(P.
. :>
So in this case, "Exclusively" means "Exclusive to iDefense and everyone
else in the whole world who bothers to do basic QA (run sharefuzz) on
their systems."
Dave Aitel
Immunity, Inc.
On Wed, 2002-08-28 at 11:58, David Endler wrote:
>
> -BEGIN PGP SIG
So, unless I'm mistaken, there's no way to patch MS Desktop Engine for
this bug. Unless someone can point out a way to get it to SP2, since the
SQL Server SP2 installer won't work for it.
Also, does anyone find it odd that you have to literally copy a dll over
another dll to apply the hotfix? Not
, you probably
still have some time as everyone rushes to update their trojans.
Dave Aitel
Immunity, Inc
www.immunitysec.com
P.S.
md5sums for BodyGuard, since key distribution is still a hard problem:
If you need a high level of assurance, feel free to call, or e-mail
Immunity and we will read n
On Thu, 2002-07-04 at 09:06, noir sin wrote:
>
> Resend:
> attachment moved to http://gsu.linux.org.tr/~noir/b.tar.gz
> since no more than 100K is allowed
>
> Hi,
>
> Recently, Dave Aitel posted a link to a loadable kernel module for the
> Solaris operating system to
web app auditing as well now.
Yes, SPIKE is still GPL.
Dave Aitel
22 matches
Mail list logo
