Re: [Full-disclosure] Hacking Boot camps!

Interesting about the Intense thing... ( sory for your loss ) >Blackhat training camps sound pretty good and some of the people are >pretty damn skilled, but these others Zone-H, Vigilante and the likes >I would avoid. blind leading the blind if you ask me. I dont know about the others, but

Re: [Full-disclosure] another filename bypass vulnerability - fromcmd.exe

I think the OP was getting at this being an AV bypass vector for worms and other malware that can interact with cmd.exe . Theroy being that AV will scan by extention ( malware.exe vs malware.ext ) and thus evade detection but yet be executeable. In light, informal testing this appears to be a reali

Re: [Full-disclosure] FAO Mark Murtagh from Websense

>And you're blantant attenpt to turn Morning Wood against me in public was just pathetic. funny... as I replied first. I suggest you back up, sit down, and stfu. kthnx, mw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org

Re: [Full-disclosure] FAO Mark Murtagh from Websense

noid, meglomanic rants. http://www.biosmagazine.co.uk/op.php?id=314;okomgn3td3v%20rox%20 http://www.nccgroup.com/events/index.aspx >On 11/13/05, Morning Wood <[EMAIL PROTECTED]> wrote: > Content Query has failed - SELECT > opinion.body,opinion.author,opinion.auth_title,opinion

Re: [Full-disclosure] FAO Mark Murtagh from Websense

>Heres what Mark Murtagh had to say >http://www.biosmagazine.co.uk/op.php?id=314\ Maybe another ten minutes >of your life wasted ;-) Content Query has failed - SELECT opinion.body,opinion.author,opinion.auth_title,opinion.auth_comp, opinion.ptime,opinion.headline,opinion.category,opinion.active,op

Re: [Full-disclosure] Question about ethics when discovering a securityfault in system

Work with the company, coridinate an advisory release when they have the update avail. Chances are you will recieve some form of a credit, thanking you for finding the flaw, and brining it to the mfg's attention. cheers ___ Full-Disclosure - We believe

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well).

By prepending image headers you can often fool php/IE. This technique has been used successfully to bypass php checking and renders the php upon access. --- ÿØÿà JFIF --- or ---

[Full-disclosure] TYPSoft ftpd

EXPL-A-2005-016 exploitlabs.com Advisory 045 AFFECTED PRODUCTS TYPSoft FTP Server v1.11 and earlier http://www.typsoft.com/ OVERVIEW TYPSoft FTP Server is a fast and easy ftp server with support to Standard FTP Command, Clean interface, Virtual File System architecture, ability to resu

Re: [Full-disclosure] Call to participate: GNessUs security scanner

xscan from http://xfocus.org uses nessus plugins and the nasl library. I have used this tool for years, and the addition of nasl/nessus in 3.x is wonderfull. If you havent checked out this great tool, do so now. http://xfocus.org/programs/200507/18.html cheers, MW _

[Full-disclosure] Tellme 1.2

- EXPL-A-2005-015 exploitlabs.com Advisory 044 - - TellMe - AFFECTED PRODUCTS = TellMe v1.2 and earlier http://kimihia.org

Re: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 3

>Can you give me an example of a trojan, worm, or another program which has added the last USB device installed in the >Windows Registry, yes, see below >or how about a program, worm, trojan - some ASM code... ( edited ) any_key1 db "SYSTEM\CurrentControlSet\AnyKeyIWant", 0 another_key2

Re: [Full-disclosure] CORE-Impact license bypass

been known since at least v3.2 are you using a 3.x or a 4.x series? i belive the 4.x requires an auth from core before use - Original Message - From: "c0ntex" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 3:30 AM Subject: [Full-disclosure] CORE-Impact license bypass I seem t

Re: [Full-disclosure] RE: perldiver

the proposed fix is the vendors suggestion, not mine. Feel free to contact http://scriptsolutions.com/ and tell him yourself kthnx. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:58 AM Subject: [Full-disclosure] RE: perldiver > I believe mr

[Full-disclosure] perldiver

- EXPL-A-2005-014 exploitlabs.com Advisory 043 - -perldiver - AFFECTED PRODUCTS = Perldiver v1.x and 2.x http://scriptsolut

[Full-disclosure] mimicboard2

- EXPL-A-2005-013 exploitlabs.com Advisory 042 - - mimicboard2 - AFFECTED PRODUCTS mimicboard2 #086 < and lower http://www.chitta.com/nobu/download/#mimic2 OVERVIEW Mimic2 is a html open forum type of blog, tailored in particular to the Japaneese

Re: [Full-disclosure] Shell32.dll.124.config

sounds like an ADS ( alternate data stream ) http://www.sysinternals.com/Utilities/Streams.html I wrote this awhile back as notes on a project... this is a simple example... Create an executable ADS: - c:\>type c:\fullpath\exename.exe > somefile.ext:exename.exe ( or somefi

Re: Fwd: [Full-disclosure] Disk Cleaning Tools

http://www.sysinternals.com/Utilities/SDelete.html selectivly deletes files - Original Message - From: "Bob the Builder" <[EMAIL PROTECTED]> To: Sent: Wednesday, August 31, 2005 7:37 AM Subject: Re: Fwd: [Full-disclosure] Disk Cleaning Tools > Hmm, perhaps I should have clarified, I

Re: [Full-disclosure] Massive Enumeration Toolset

sorry ( it got chopped off in the cutnpaste ) C:\Python23\Scripts>python google web --key=obuffuscated test ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://sec

Re: [Full-disclosure] Massive Enumeration Toolset

works for me C:\Python23\Scripts>python google web --key=obuffuscated URL: http://www.ets.org/toefl/ URL: http://community.sparknotes.com/ URL: http://www.test.com/ URL: http://www.act.org/ URL: https://grc.com/x/ne.dll?bh0bkyd2 URL: http://www.sentex.net/~mmcadams/spelling.html URL: http://www.ba

Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?

>does is listen on port5000 to? 2 attempts we seen come from machines >nmap'd below - wonder if its what you talking about - we think they >being used as proxy to jump from port 5000 is open on only XP w/pnp enabled, however this helps identify XP from 2k and allows a good guess as to which OS is

Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?

> This has been going around since early Monday afternoon. Symantec > and other AV vendors have had code since then, and no details STILL. > I was under the impression that a "patch worm" had been released into the wild, effectivly rendering ms05-039 ineffective as an attack vector in the wild. (

Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions

> Aditya Deshmukh wrote: > > suppose we have VNC installed and that is used to take control of the > > computer and the actions show up as done by the user - would it not be > > caught by law enforcement ? > > > What about Metasploit, which will gladly inject a RAM-only WinVNC server > and give com

Re: [Full-disclosure] Disney Down?

>check cnn.com now. according to them, a new win2000 virus out now in >the wild and infecting at a rapid rate. this is soo last week ( gah! ) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.ht

Re: [Full-disclosure] Disney Down?

Has anyone noticed this all took place on Monday? 3 full days after the worm was released. Seems to me that theseCorps's were infected on Monday from ( proable ) users connecting to internal networks via laptop's brought in from home, after being connected to their home connections and their laptop

[Full-disclosure] Re: pnp worm unknown variant - post infection actions

> Does it install child pornographic malware, or have you confirmed that > all of the exposed genitalia are attached to a natural person who is > more than 18 years of age? > > Regards, > > Jason Coombs > [EMAIL PROTECTED] > i only noted the malware address 'http://install.xxxtoolbar.com"; i did n

[Full-disclosure] pnp worm unknown variant - post infection actions

pnp worm unknown variant - post infection actions Donnie Werner http://exploitlabs.com [ relevant info ] [08/16/2005] (out) NICK [00|USA|618452] [08/16/2005] (out) USER 2K-7566 * 0 :INFECTEDUSER [08/16/2005] (in) :hub.de NOTICE [00|USA|618452] :*** If you are having problems connecting due to p

[Full-disclosure] Apple Mac Tiger 10.4 weblog server

- EXPL-A-2005-010 exploitlabs.com Advisory 039 - - Mac OSX Server weblog - AFFECTED PRODUCTS = Mac OSX 10.4.0 Weblog Server ht

[Full-disclosure] OWA login redirection - Mitigation

I have recieved the following from MSRC ( Microsoft Security Response Center ) regarding my Advisory ( http://exploitlabs.com/files/advisories/EXPL-A-2005-001-owa.txt ) Exploitlabs is releasing this information to the public to help users protect their systems until the next version of Exchange Se

[Full-disclosure] PHPTopSites

- EXPL-A-2005-012 exploitlabs.com Advisory 041 - - PHP TopSites - AFFECTED PRODUCTS = PHP TopSites FREE ( all vers

Re: [Full-disclosure] Anonymous Web Attacks via Dedicated MobileServices

google's language translation also does this.. http://ipchicken.com http://translate.google.com/translate?u=http://ipchicken.com m.w - Original Message - From: "Petko Petkov" <[EMAIL PROTECTED]> To: Cc: Sent: Tuesday, July 19, 2005 4:05 AM Subject: [Full-disclosure] Anonymous Web Attac

[Full-disclosure] Quickblogger

- EXPL-A-2005-011 exploitlabs.com Advisory 040 - - QuickBlogger - AFFECTED PRODUCTS = QuickBlogger 1.4 ( and earlier

[Full-disclosure] odd Adobe Acrobat thing...

i noticed... simply rolling over a *.pdf on your desktop launches... C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe im guessing Explorer is doing some odd things ( preloading on a rollover ) ..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is exploitable you could cr

[Full-disclosure] CoolCafe Chat SQL injection

- EXPL-A-2005-009 exploitlabs.com Advisory 038 - - Cool Cafe - AFFECTED PRODUCTS = Cool Cafe Chat 1.2.1 http://coolcafe.c

Re: [Full-disclosure] Sophos Antivirus Advisory

> = Advisory: Sophos doesn't recognize keylogger after string alteration = > this technique is not new, and is quite commonly used to fool AV engines, not just Sophos. ( and yes, Morphine works as well as commercial "executable packers") If I recall, a certain trojan group ( now defunct ) used a s

Re: [Full-disclosure] Firefox & Mozilla Advisory

wtf??? - - - - this HAS BEEN PATCHED no "heads-up" needed ( you missed the boat by a week ) BUT THANKS FOR PLAYING! - Original Message - From: "P Ellison" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 10, 2005 9:21 AM Subject: [Full-disclosure] Firefox & Mozilla Advisory __

[Full-disclosure] SiteStudio

- EXPL-A-2005-008 exploitlabs.com Advisory 037 - - Site Studio - AFFECTED PRODUCTS = Site Studio Positive Software Corporation

[Full-disclosure] H-Sphere

- EXPL-A-2005-007 exploitlabs.com Advisory 036 - - H-Sphere - AFFECTED PRODUCTS = H-Sphere Winbox Positive Software Corporati

Re: [Full-disclosure] Another PayPal phishing scam

> Today I received a fake message pretending to be from PayPal Security > Center. The most intersting thing is that I don't even have a PayPal > account. > quite common. i am supprised its your first one. ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] Questions about reporting a vulnerability

you are looking for this... http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf http://www.oisafety.org cheers, Donnie Werner > Hey All, > > Couple of questions on reporting vulnerabilities: > > 1) Is there a damn template somewh

Re: [Full-disclosure] Some Web-programmer flaw 'may' result in codeexecution in server side!

i used to have my UA set to a basic xss script... many sites are vulnerable to this. The most troubling is the fact that many web based reporting / log tools are in html format, thus rendering the UA injection in the browser of the person reading the logs ( most likely an admin behind the corporate

Re: [Full-disclosure] Big Sites That Are Vulnerable To XSS

toss this one in... http://www.myspace.com/index.cfm?fuseaction=find&circuitaction=search&searchType=network&interesttype=&f_first_name=http://whatismyip.com";>&Submit=Find i think redirects are more effective in showing xss, but cookies are nice too or other xss like alert(document.cookie); wood

Re: [Full-disclosure] Security contacts for Sambar server and Surgemail

[EMAIL PROTECTED] <[EMAIL PROTECTED]>   http://netwinsite.com/surgemail/infoq.htm   - Original Message - From: jamie fisher To: full-disclosure@lists.grok.org.uk Sent: Monday, April 18, 2005 3:21 PM Subject: [Full-disclosure] Security contacts for Sambar server a

[Full-disclosure] WebcamXP

- EXPL-A-2005-005 exploitlabs.com Advisory 034 - - WebcamXP - OVERVIEW webcamXP is one of the most popular webcam software for private

[Full-disclosure] XAMPP

- EXPL-A-2005-006 exploitlabs.com Advisory 034 - - XAMPP - OVERVIEW XAMPP is an easy to install Apache distribution containing

Re: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft

> On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote: > > If you believe you have found a security vulnerability affecting a > > Microsoft product, we would like to work with you to investigate it. > > > > hahahahahaha > > m$ doing social engineering on fd, this is a

Re: [Full-disclosure] NVIDIA and Zdnet.de vs Microsoft

good try, but its just nice xss on news.com http://news.com.com/1320-52-36.html?path=";>NVIDIA%20and%20Zdnet.de%20vs%20MicrosoftNews.com%20reports%20that%20the%20world%20biggest%20hardware%20vendor%20Nvidia%20and%20online%20German%20news%20site%20ZDnet%20conspired%20against%20Microsoft.%20The%20bu

[Full-disclosure] E-Data

- EXPL-A-2005-003 exploitlabs.com Advisory 032 - - E-Data - OVERVIEW E-Data 2.0 is a powerful e-mail directory and managem

[Full-disclosure] Adventia Chat

- EXPL-A-2005-003 exploitlabs.com Advisory 032 - - Adventia Chat - OVERVIEW Adventia Chat Server Pro 3.0 is an ASP program that allows y

Re: [Full-disclosure] Samsung ADSL Modem Vulnerability

for clarity.. all items are available via WAN by default updated Advisory at http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt - Original Message - From: "Morning Wood" <[EMAIL PROTECTED]> To: Sent: Monday, March 21, 2005 12:51 PM Subject:

[Full-disclosure] Samsung ADSL Modem Vulnerability

- EXPL-A-2005-002 exploitlabs.com Advisory 031 - - Samsung ADSL Modem - AFFECTED PRODUCTS = Samsung ADSL Modem Samgsung Eletro

[Full-disclosure] Blocks OWA Redirect Attempts

since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt rule to prevent OWA redirect phishing. D.W / start / https://mymail.com/exchange*"/> -- / end / --

<    1   2