[Full-disclosure] Tool release: extract Windows credentials from registry hives

CredDump is a new tool implemented entirely in Python that is capable of extracting: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It has no dependencies on any part of Windows, and operates directly on registry hive files. It is licensed under

Re: [Full-disclosure] Firefox 2.0.x: tracking unsuspecting users using TLS client certificates

It occurs to me that this could be used to good effect to track someone using Tor across various domains you control. Most Tor users know to kill JS, Flash, and are more than normally paranoid about cookies, but may not think twice about accepting a client certificate. I'm CC'ing the Tor mailing

Re: [Full-disclosure] Rapid integer factorization = end of RSA?

If you have, in fact, come up with a fast method of integer factorization, the currently unfactored challenges (RSA-704 and above) would be better proof, no? Are you by any chance related to James Harris? http://www.crank.net/harris.html -Brendan On 4/26/07, [EMAIL PROTECTED] [EMAIL PROTECTED]

Re: [Full-disclosure] 0trace - traceroute on established connections

A much easier way is to write your own usleep and drop it in /bin: ---usleep.c--- #include stdio.h #include stdlib.h #include unistd.h int main (int argc, char **argv) { usleep(atoi(argv[1])); return 0; } ---usleep.c--- [note: doesn't check error conditions] 0trace worked brilliantly

[Full-disclosure] Fire and forget exploits?

working on some new methods to deliver exploits at once while minimizing recon. Thanks, Brendan Dolan-Gavitt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

Re: [Full-disclosure] Secure OWA

On 8/30/06, Renshaw, Rick (C.) [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dude VanWinkle Sent: Saturday, August 26, 2006 2:30 PM To: Adriel Desautels Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure]

Re: [Full-disclosure] George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment

Cute XSS demo... -Brendan On 8/27/06, Valery Marchuk [EMAIL PROTECTED] wrote: On Friday night, George Bush made an official announcement saying that Michael Antipov (http://michael.antipov.name), a 9 year old talented security specialist was to be the chairperson of the Information Security

Re: [Full-disclosure] Secure OWA

One possibility is to consider doing a two-stage authentication scheme, where the user first authenticates with (say) an RSA SecurID token, and then after authenticating there gets forwarded to the usual OWA login page (all SSL encrypted of course!). I've seen this used with good results.

Re: [Full-disclosure] Exploit for MS06-040 Out?

Is there any technical reason that an exploit cannot be developed against XP SP2 and Server 2003 SP1? Or is this only a limitation of the current Metasploit exploit? Thanks, Brendan On 8/10/06, H D Moore [EMAIL PROTECTED] wrote: On Wednesday 09 August 2006 13:10, Matt Davis wrote: Did I

Re: [Full-disclosure] about PROC Vulnerability

It's not enough to just change the kernel config file. That file just says what the configuration used to *build* the kernel was. To actually make the change you should recompile the kernel using the modified config file. -Brendan On 7/28/06, cyberfox2002 [EMAIL PROTECTED] wrote: Hello.

Re: [Full-disclosure] Bindiffing Patches

Perhaps bsdiff, from FreeBSD? http://www.daemonology.net/bsdiff/ On 7/19/06, Ivan Stroks [EMAIL PROTECTED] wrote: Does someone know about a non-commercial tool to perform binary diffing over patches? Something like SABRE BinDiff, but free? Regards, IvaN! Send instant messages to your

Re: Using Magic Values along with filetype to find malicious files (was RE: [Full-disclosure] Google Malware Search)

Not that strange--they're archived attachments sent to mailing lists... -Brendan On 7/17/06, Dude VanWinkle [EMAIL PROTECTED] wrote: top 2 weird malware distribution sites: http://lists.w3.org/Archives/Public/site-comments/2003Aug/att-0008/movie0045.pif

[Full-disclosure] Re: Is there a way to trace back Tor user

On 6/16/06, Bruno Wolff III [EMAIL PROTECTED] wrote: On Thu, Jun 15, 2006 at 09:33:12 -0400,Brendan Dolan-Gavitt [EMAIL PROTECTED] wrote: This is covered in the Tor FAQ: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c The best attack that I know

Re: [Full-disclosure] Is there a way to trace back Tor user

This is covered in the Tor FAQ:http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a79d22244cc04ca5472832cbcc315198b875f34c The best attack that I know of right know involves measuring latency to each Tor node and correlating that with transmissions at the destination server. The latency

Re: [Full-disclosure] MiTM with https there are any tools ?

Alehandro Dias wrote: Hi, I need to conduct a test to get the unencrypted https traffic from a source, but dont know if there are any tools to do that. I am able to fake a dns entry, so he thinks i am www.hotmail.com (example). There are tools to setup a fake weserver (or proxy) that will

[Full-disclosure] Implementation of CoreST mysql vulnerability?

on their website, but I haven't been able to unearth it if it's there at all. Does anyone have a copy or know where it might be found? Thanks, Brendan Dolan-Gavitt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure

[Full-disclosure] Summer security internships for undergrads?

Hullo, I realize this is a bit off-topic, but I thought that people here would likely know better than most--does anyone have recommendations for places that an undergrad CS/Math major could spend the summer doing security-related work? I've looked at Mitre's summer program