hi,
There is a little tools in JSky named MD5 Cracker. It is very fast to crack MD5
string. JSky developed by NOSEC www.nosec.org.
Take a look here http://www.nosec.org/2009/0919/66.html
Bad news : It is commercial!
BYM
___
Full-Disclosure - W
On Feb 6, 2010, at 5:26 PM, "Stefan Kanthak"
wrote:
> Dan Kaminsky wrote on February 06, 2010 6:43 PM:
>
>> You need admin rights to create junctions.
>
> OUCH!
> No, creating junctions (as well as the Vista introduced symlinks)
> DOESN'T need admin rights!
>
> [snip]
>
Really? Try. Espec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I had replied to you personally only, you should not have posted
>my
>reply to any mailing lists. But since you posted...
I'm very sorry about this. This may sound odd, but it wasn't my
idea of putting a private mail public. This was not an act of
dis
I find it puzzling how this discussion, including the official Samba
response
http://www.samba.org/samba/news/symlink_attack.html
fails to consider whether the mentioned configuration (when admin sets
non-default "writeable = yes" but leaving default "wide links = yes")
allows write access to t
Dear Marx,
> This is an interesting point of view.
I had replied to you personally only, you should not have posted my
reply to any mailing lists. But since you posted... yes my views are
interesting, should be studied and followed, for enlightenment :-)
> However u haven't answered my question.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>The default setting is "writeable = no". If you change that, then
>you are responsible for reading the docs and setting secure
>options.
This is an interesting point of view. However u haven't answered my
question. Is there an option to enable a trav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Paul,
seems like u get personal pissed about the situation or you are not
able to see that this is obviously a problem. But maybe you can
enlighten everybody how it is possible per "default" not to
traversal a directory by cd but doing this via s
You need admin rights to create junctions. At that point, path
constraints aren't relevant, just psexec and get not only arbitrary
path but arbitrary code.
The fix is to do what everybody with a directory traversal bug has to
do, block out of path relative directories. In this specific case,
Dan Kaminsky wrote:
[...]
> (On a side note, you're not going to see this sort of symlink stuff on
> Windows,
What exactly do you mean?
Traversing symlinks on the server/share, or creation of "wide" symlinks
by the client on the server/share?
Since Windows 2000 NTFS supports "junctions", which
According to the GNOME documentations, the file manager (Nautilus) is able
to display a preview of most of the files. [ref:
http://library.gnome.org/users/user-guide/stable/gosnautilus-60.html.en]
This is a Proof Of Concept, it works using the default settings (Local
Files Only checked).
BEGI
Dear Thierry,
> Of course you could disable ... but is it by enabled default?
Hmm... looking at
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WRITEABLE
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#READONLY
it seems that writeable is off by default: a Samba insta
Hi Paul,
Facts :
- Several distributions run with vulnerable settings per default
if there is a "misconfiguration" it is part of the vendor.
- Your not supposed to be able to traverse dirs.
Consequence it is a vulnerability, whether you can mitigate it is
a different piece of cake.
Next time s
http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html
--
http://blog.zoller.lu
Thierry Zoller
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
13 matches
Mail list logo