Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Fri, Nov 11, 2011 at 10:08 PM, Jeffrey Walton wrote: > On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal > wrote: > > Dear Dan, > > Impacket was at first a Pysmb copy/update from Core Security in order to > > play with RPC. (look at the source) > > They've done some work on pysmb library in ord

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal wrote: > Dear Dan, > Impacket was at first a Pysmb copy/update from Core Security in order to > play with RPC. (look at the source) > They've done some work on pysmb library in order to implement DCE/RPC > functionality in this dinosaurus lib. You ca

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in order to play with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib. Saying that we should use Impacket in order to craft *raw* UDP packet i

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

as ive stated, when the pudding is ready, it would been released, simple... it is not my fault, if a friend hands me papers, and i am not obliged to re release them... simple. I dont care to provide amusement for you, and any other idiot like you. So, go fk yourself to :) thx, and have a nice day.

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Walk the stairs i said. Im fixing your father genetic issue. Le 11 nov. 2011 20:47, "xD 0x41" a écrit : > yes, dude, if i were to ever see you, in aus, id beat your arse so > good, mother jokes would become a fucking dream to you.. believe it > stupid. > keep it up to... thinking, im someone who

Re: [Full-disclosure] Even worse

oh, and your nice, by double posting the infos, yet telling me im the fool. nice one! your a no.1 cocksucker. no go fuck yourself, with antony and the other wanker whos goin to fucking jail./ On 12 November 2011 15:34, Chris L wrote: > I have no idea what the point of this post is. Hell, most o

Re: [Full-disclosure] Even worse

eh, he had already put it on fd... so, what did it matter..and you really think, it is hard todo a nslookup ? you still have to, login to cpanel, and, i kow, you can go right ahead... there is no cpanel bruter, go make one, i dont think it is so posible...and even then, howlong will someone wait...

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Nop. Im in your mom's bedroom,walk up the stairs you will hear us.. Le 11 nov. 2011 19:57, "xD 0x41" a écrit : > > another fuck who hides :) > > > On 12 November 2011 14:51, Antony widmal wrote: > > Typical S-K behavior; talk about stuff he has nfi. > > > > Le 11 nov. 2011 19:15, "xD 0x41" a écr

Re: [Full-disclosure] Even worse

nice excuse to ddos again...to bad, i will be reporting that Ip. you know, and i know, it IS yours. so, enjoy. arsehole. and, a stupid arsehole, who did not think that, being a PUBLIC LISt, it will NOT filter anything, your mail showed, from your own hme, no proxys,. your screwed.go east shit, and

Re: [Full-disclosure] Even worse

dude, cry to your isp, when they kick your ass :) now fuckoff. On 12 November 2011 15:13, crazy coder wrote: > So, you know how to view the source of a message. Do you know how to fix a > zone transfer, eh? > crazycoders.com.        300     IN      SOA >   ns2.psychz.net. ufo.mboca.com. 2011

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Typical S-K behavior; talk about stuff he has nfi. Le 11 nov. 2011 19:15, "xD 0x41" a écrit : > > 0day for ms, is not so hard, and, i hjave already explained one of > them to some people > > 0day for ms, is not so hard, and, i hjave already explained one of > them to some people :) > but, i dont

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Received: from [127.0.0.1] (host86-160-211-44.range86-160.btcentralplus.com. [86.160.211.44]) to bad eh... On 12 November 2011 13:42, baqstabz wrote: > Judging by your posts I would go out on the edge and say that you have about > as much chance of having 0-day (yes, that is including xxs) as

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

oh, you really areee lame... go ahead... ddos away... but, you will never face me, as always :) typical doskiddy... jealousy bites eh :) go home, your boring me. again, this is great stuff from Fd! DDos, and, all for trying, to mention a few things, and try to be civil about it. meh. fuck you all.

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

unleash the dragons and let you see what a 10k botnet feels like. unleash away son :) another, hider... always have some bs to say, but, your just jealous... as most lame botnet owners, are.. ddos, is yo9ur no.1 skill, and only reason your here, is to try get the .cpp scanner, and thats that. so y

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

0day for ms, is not so hard, and, i hjave already explained one of them to some people :) but, i dont care, because, you dont have it, and, i do. so, many people have 0days...whats wrong with this ? i found my own, and, thats why i am happy to keep them. and, as i said, one, i have discussed and, m

Re: [Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability

Which version is this? On Sat, Nov 12, 2011 at 12:35 AM, resea...@vulnerability-lab.com < resea...@vulnerability-lab.com> wrote: > Title: > == > Joomla Component (com_content) - Blind SQL Injection Vulnerability > > > Date: > = > 2011-11-11 > > > References: > === > http://www.

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

or a blue screen... 2011/11/11 Antony widmal > Let me guess your M$ 0days can be triggered by hitting ALT-F4 while > browsing with IE ? > > > On Fri, Nov 11, 2011 at 3:26 PM, xD 0x41 wrote: > >> Indeeed. >> Seeing how the wolves are, i ceertainly would bnot release it. >> i am only saying, I

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Fri, Nov 11, 2011 at 3:13 PM, xD 0x41 wrote > anyhow... it doesnty take, 49days, atall.. > and, yes, indeed, will be one good packet, if the packet , has the > right SQN + Ack number. ^^ We are discussing UDP, as per the MS advisory, yes? __

[Full-disclosure] Joomla Component (com_content) - Blind SQL Injection Vulnerability

Title: == Joomla Component (com_content) - Blind SQL Injection Vulnerability Date: = 2011-11-11 References: === http://www.vulnerability-lab.com/get_content.php?id=323 VL-ID: = 323 Introduction: = Joomla is a free and open source content management system (C

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Okay, now I'm confused! From http://oss.coresecurity.com/projects/impacket.html "Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes support for

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Fri, Nov 11, 2011 at 5:28 PM, xD 0x41 wrote: > I am shocked, howmany socalled 'skilled' people, cannot get this bug > to work...  but, theyre NOT the ones whining about code :) I didn't ask for a proof of concept, I told you to explain the bug and/or your claims with code. There is a differenc

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

I have no doubt that a lot of things are lost on you. On Fri, Nov 11, 2011 at 11:23 PM, xD 0x41 wrote: > are you braindead ? > your humor, is really lost on me..so, i think, look within :P > > > On 12 November 2011 04:01, Mario Vilas wrote: > > I liked the "heavy breather in the perv closet" bi

[Full-disclosure] [ MDVSA-2011:172 ] libreoffice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:172 http://www.mandriva.com/security/ _

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Let me guess your M$ 0days can be triggered by hitting ALT-F4 while browsing with IE ? On Fri, Nov 11, 2011 at 3:26 PM, xD 0x41 wrote: > Indeeed. > Seeing how the wolves are, i ceertainly would bnot release it. > i am only saying, I am using cpp, and windows, and, the exploit > bypasses all pro

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Indeeed. Seeing how the wolves are, i ceertainly would bnot release it. i am only saying, I am using cpp, and windows, and, the exploit bypasses all protections, but, since you guys dont have the actual real poc for it, i guess, i would not be saying anything more, and, ill be leaving it, for the p

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

> next time, i wont say shit, and, believe it. Well it's just that the attack you are describing will be thwarted by setting a sticky bit on /tmp, and you have not demonstrated otherwise. /mz ___ Full-Disclosure - We believe in it. Charter: http://list

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

lol... yea... no idea, dont care this is just for those ppl who *had* to see something :) now let them, worry why theyre box is executing ping fkloods and crap..or, maybe causing, even worse things ;) I know prdelka, is verry good with backdoors :P lol... i hope he got every fucker who was brea

[Full-disclosure] [ MDVSA-2011:171 ] networkmanager

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:171 http://www.mandriva.com/security/ _

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Sat, 12 Nov 2011 09:36:21 +1100, xD 0x41 said: > well look at that :P > not same author but , nice coding predelka! good one, i will add you > to crazycoders.com coderslist... i guess there is a few codes you have > now done wich might be useful... cheers. Did you actually do a code review? Th

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

You are definitely a lamer secn3t. Also for you little brain, impacket has nothing to do with crafting UDP packets.. Thanks for proving this again and again. On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 wrote: > well look at that :P > not same author but , nice coding predelka! good one, i will add

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Sat, 12 Nov 2011 09:22:19 +1100, xD 0x41 said: > yer yer... everyone trys to shoot the messenger, when, i should have > just stfu, and, not offered any insight, wich would probably have been > better, sorry, ill makesure to keep this shit to myself, until the > actual author, gives out shit.. .o

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

well look at that :P not same author but , nice coding predelka! good one, i will add you to crazycoders.com coderslist... i guess there is a few codes you have now done wich might be useful... cheers. xd On 12 November 2011 05:43, Ryan Dewhurst wrote: > An attempt at a possible MS11-083 DoS/Po

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Would scapy be a suitable tool to attempt this kind of packet manipulation with? I'm a programmer, but I'm new to this kind of network/packet-level/security scripting. Yes, scapy + impacket./..would probably help u with the python side... On 12 November 2011 04:04, Dan Ballance wrote: > Would

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

yep! next time, i wont say shit, and, believe it. seems, you cannot even wait for the author to do it... as, to wich, i have said... and, i tried to show yu also, ow to simply *catch* it... but, you trying to get code from me, wich, i will never give you :) so to those who care about it, and want t

[Full-disclosure] [ GLSA 201111-04 ] phpDocumentor: Function call injection

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] [ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 20-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

are you braindead ? your humor, is really lost on me..so, i think, look within :P On 12 November 2011 04:01, Mario Vilas wrote: > I liked the "heavy breather in the perv closet" bit. > > On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst > wrote: >> >> I think Jon just said what everyone else was t

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

yer yer... everyone trys to shoot the messenger, when, i should have just stfu, and, not offered any insight, wich would probably have been better, sorry, ill makesure to keep this shit to myself, until the actual author, gives out shit.. .ok...thx. my mistake On 12 November 2011 03:43, Ryan Dewhu

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

I have said, when the author wants to, and when hes ready to, i am sure he will. On 12 November 2011 00:54, Jon Kertz wrote: > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >> About the PPS, i think thats a very bad summary of the exploit, 49days >> to send a packet, my butt. >> There is many

[Full-disclosure] iGuard Biometric Access Control - Multiple Vulnerabilities

Title: == iGuard Biometric Access Control - Multiple Vulnerabilities Date: = 2011-11-08 References: === 2011/Q3-4 URL: http://vulnerability-lab.com/get_content.php?id=104 VL-ID: = 104 Introduction: = Each iGuard Biometric / Smart Card Security Appliance has a

[Full-disclosure] Skype Vendor Website - Cross Site Scripting Vulnerability

Title: == Skype Vendor Website - Cross Site Scripting Vulnerability Date: = 2011-11-11 References: === http://www.vulnerability-lab.com/get_content.php?id=309 VL-ID: = 309 Introduction: = Skype is a software application that allows users to make voice and vid

[Full-disclosure] [SECURITY] [DSA 2345-1] icedove security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2345-1 secur...@debian.org http://www.debian.org/security/Florian Weimer November 11, 2011

[Full-disclosure] [SECURITY] [DSA 2344-1] python-django-piston security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2344-1 secur...@debian.org http://www.debian.org/security/Florian Weimer November 11, 2011

[Full-disclosure] ZDI-11-328 : ProFTPD Response Pool Use-After-Free Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-328 : ProFTPD Response Pool Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-328 November 11, 2011 - -- CVE ID: - -- CVSS: 9, AV:N/AC:L/Au:S/C:C/I:C/A:C - -- Affected Vendors: ProFTPD

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic: http://pastebin.com/fjZ1k0fi On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) wrote: > Yeah, I gotta say, I’m going to use it at some point ;) > > > > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-discl

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Would scapy be a suitable tool to attempt this kind of packet manipulation with? I'm a programmer, but I'm new to this kind of network/packet-level/security scripting. What tools / frameworks / languages etc do you guys use to write these kinds of exploit scripts? cheers, dan :) (keep forgettin

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Yeah, I gotta say, I'm going to use it at some point ;) From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mario Vilas Sent: Friday, November 11, 2011 9:02 AM To: Ryan Dewhurst Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-di

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Talk is indeed cheap! Gary B On 11/11/2011 11:43 AM, Ryan Dewhurst wrote: > I think Jon just said what everyone else was thinking, he said what I > was thinking at least. > > On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: >> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >>> About the PPS,

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

I liked the "heavy breather in the perv closet" bit. On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst wrote: > I think Jon just said what everyone else was thinking, he said what I > was thinking at least. > > On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: > > On Thu, Nov 10, 2011 at 2:59 PM, x

[Full-disclosure] [ MDVSA-2011:170 ] java-1.6.0-openjdk

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:170 http://www.mandriva.com/security/ _

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

I think Jon just said what everyone else was thinking, he said what I was thinking at least. On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >> About the PPS, i think thats a very bad summary of the exploit, 49days >> to send a packet, my butt.

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: > About the PPS, i think thats a very bad summary of the exploit, 49days > to send a packet, my butt. > There is many people assuming wrong things, when it can be done with > seconds, syscanner would scan a -b class in minutes, remember it only > has

Re: [Full-disclosure] Steam defaced

Hi! Hrm, well, i guess the best thing then is to maybe re tell them abit about it... maybe I should try adding in a report of report :s , as Im a amazon user, and, it is so big, that somany could be affected for nothing, and really, i am free user so, id loose nothing but, i know my family, has use

Re: [Full-disclosure] Steam defaced

On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 wrote: > > about the clouds, dude, i found the whole attacking of amazon as rude, So did I, which is why I came to Amazon's defense in pointing out that those in glass houses shouldn't be throwing stones. The company (Enomaly) abusing Amazon over a comple

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

PoC ? http://www.youtube.com/watch?v=4aBE6o0oDlo []'s Sergito 2011/11/10 Thor (Hammer of God) > So, I've looked about on the web to see what software of any consequence > you have written, but I can't find any. Can you point me to anything that >

Re: [Full-disclosure] Steam defaced

this is starting to remind me of that time when everyone has like 30game valid steam lisences he is dead, Jim! On 11 November 2011 20:52, Jacqui Caren wrote: > On 10/11/2011 23:25, Henri Salo wrote: >> As I usually have good news.. Here is some more: >> http://forums.steampowered.com/forums

Re: [Full-disclosure] Steam defaced

On 10/11/2011 23:25, Henri Salo wrote: > As I usually have good news.. Here is some more: > http://forums.steampowered.com/forums/ > > Steam joins the failboat. Its worse than that Jim, he's dead! from another mailing list... On 11/11/11 00:29, Paul M wrote: > > Did you get journalism training

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

btw, you do realise, it is doing exactly what it is meant to , right >? it is called a honeypot sir... try figure out WHY it is looping... then maybe, the code is nicer yes... i dont really care for it... i am, making the proper.cpp scanner. nothing more interests me about it, and, nothing else, i

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

not my code dude. i just offered it, for anyone who was interested... again, people bashing the user, who does nothing but inform :s ghood one. On 11 November 2011 19:17, Tillmann Werner wrote: >>     def callback(self, hdr, data): >>         # Parse the Ethernet packet >>         decoder = Im

[Full-disclosure] [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities

FOREGROUND SECURITY, SECURITY ADVISORY 2011-004 - Original release date: November 10, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security - Contact: (jcarriba (at) foregroundsecurity (dot) com, da

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

> def callback(self, hdr, data): > # Parse the Ethernet packet > decoder = ImpactDecoder.EthDecoder() > ether = decoder.decode(data) > # Parse the IP packet inside the Ethernet packet, typep > iphdr = ether.child() > udphdr = iphdr.child() > >