Interesting about the Intense thing... ( sory for your loss )
>Blackhat training camps sound pretty good and some of the people are
>pretty damn skilled, but these others Zone-H, Vigilante and the likes
>I would avoid. blind leading the blind if you ask me.
I dont know about the others,
but
I think the OP was getting at this being an AV bypass vector for worms and
other malware that can interact with cmd.exe .
Theroy being that AV will scan by extention ( malware.exe vs malware.ext )
and thus evade detection but yet be executeable.
In light, informal testing this appears to be a reali
>And you're blantant attenpt to turn Morning Wood against me in public was
just pathetic.
funny... as I replied first. I suggest you back up, sit down, and stfu.
kthnx,
mw
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org
noid, meglomanic rants.
http://www.biosmagazine.co.uk/op.php?id=314;okomgn3td3v%20rox%20
http://www.nccgroup.com/events/index.aspx
>On 11/13/05, Morning Wood <[EMAIL PROTECTED]> wrote:
> Content Query has failed - SELECT
> opinion.body,opinion.author,opinion.auth_title,opinion
>Heres what Mark Murtagh had to say
>http://www.biosmagazine.co.uk/op.php?id=314\ Maybe another ten minutes
>of your life wasted ;-)
Content Query has failed - SELECT
opinion.body,opinion.author,opinion.auth_title,opinion.auth_comp,
opinion.ptime,opinion.headline,opinion.category,opinion.active,op
Work with the company, coridinate an advisory release when they have the
update avail.
Chances are you will recieve some form of a credit, thanking you for finding
the flaw, and brining it to the mfg's attention.
cheers
___
Full-Disclosure - We believe
By prepending image headers you can often fool php/IE.
This technique has been used successfully to bypass php checking
and renders the php upon access.
---
ÿØÿà JFIF
---
or
---
EXPL-A-2005-016 exploitlabs.com Advisory 045
AFFECTED PRODUCTS
TYPSoft FTP Server v1.11 and earlier
http://www.typsoft.com/
OVERVIEW
TYPSoft FTP Server is a fast and easy ftp server
with support to Standard FTP Command,
Clean interface, Virtual File System architecture,
ability to resu
xscan from http://xfocus.org uses nessus plugins and the nasl library.
I have used this tool for years, and the addition of nasl/nessus in 3.x
is wonderfull. If you havent checked out this great tool, do so now.
http://xfocus.org/programs/200507/18.html
cheers,
MW
_
- EXPL-A-2005-015 exploitlabs.com Advisory 044 -
- TellMe -
AFFECTED PRODUCTS
=
TellMe v1.2 and earlier
http://kimihia.org
>Can you give me an example of a trojan, worm, or another program which has
added the last USB device installed in the >Windows Registry,
yes, see below
>or how about a program, worm, trojan -
some ASM code... ( edited )
any_key1 db "SYSTEM\CurrentControlSet\AnyKeyIWant", 0
another_key2
been known since at least v3.2
are you using a 3.x or a 4.x series?
i belive the 4.x requires an auth from core before use
- Original Message -
From: "c0ntex" <[EMAIL PROTECTED]>
To:
Sent: Monday, September 26, 2005 3:30 AM
Subject: [Full-disclosure] CORE-Impact license bypass
I seem t
the proposed fix is the vendors suggestion, not mine. Feel free to contact
http://scriptsolutions.com/ and tell him yourself kthnx.
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Wednesday, September 21, 2005 11:58 AM
Subject: [Full-disclosure] RE: perldiver
> I believe mr
- EXPL-A-2005-014 exploitlabs.com Advisory 043 -
-perldiver -
AFFECTED PRODUCTS
=
Perldiver v1.x and 2.x
http://scriptsolut
- EXPL-A-2005-013 exploitlabs.com Advisory 042 -
- mimicboard2 -
AFFECTED PRODUCTS
mimicboard2 #086 < and lower
http://www.chitta.com/nobu/download/#mimic2
OVERVIEW
Mimic2 is a html open forum type of blog, tailored in
particular to the Japaneese
sounds like an ADS ( alternate data stream )
http://www.sysinternals.com/Utilities/Streams.html
I wrote this awhile back as notes on a project...
this is a simple example...
Create an executable ADS:
-
c:\>type c:\fullpath\exename.exe > somefile.ext:exename.exe
( or somefi
http://www.sysinternals.com/Utilities/SDelete.html
selectivly deletes files
- Original Message -
From: "Bob the Builder" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, August 31, 2005 7:37 AM
Subject: Re: Fwd: [Full-disclosure] Disk Cleaning Tools
> Hmm, perhaps I should have clarified, I
sorry ( it got chopped off in the cutnpaste )
C:\Python23\Scripts>python google web --key=obuffuscated test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://sec
works for me
C:\Python23\Scripts>python google web --key=obuffuscated
URL: http://www.ets.org/toefl/
URL: http://community.sparknotes.com/
URL: http://www.test.com/
URL: http://www.act.org/
URL: https://grc.com/x/ne.dll?bh0bkyd2
URL: http://www.sentex.net/~mmcadams/spelling.html
URL: http://www.ba
>does is listen on port5000 to? 2 attempts we seen come from machines
>nmap'd below - wonder if its what you talking about - we think they
>being used as proxy to jump from
port 5000 is open on only XP w/pnp enabled, however this helps identify XP
from 2k and allows a good guess as to which OS is
> This has been going around since early Monday afternoon. Symantec
> and other AV vendors have had code since then, and no details STILL.
>
I was under the impression that a "patch worm" had been released into the
wild, effectivly rendering ms05-039 ineffective as an attack vector in the
wild. (
> Aditya Deshmukh wrote:
> > suppose we have VNC installed and that is used to take control of the
> > computer and the actions show up as done by the user - would it not be
> > caught by law enforcement ?
>
>
> What about Metasploit, which will gladly inject a RAM-only WinVNC server
> and give com
>check cnn.com now. according to them, a new win2000 virus out now in
>the wild and infecting at a rapid rate.
this is soo last week ( gah! )
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.ht
Has anyone noticed this all took place on Monday? 3 full days after the worm
was released.
Seems to me that theseCorps's were infected on Monday from ( proable ) users
connecting to internal networks via laptop's brought in from home, after
being connected to their home connections and their laptop
> Does it install child pornographic malware, or have you confirmed that
> all of the exposed genitalia are attached to a natural person who is
> more than 18 years of age?
>
> Regards,
>
> Jason Coombs
> [EMAIL PROTECTED]
>
i only noted the malware address 'http://install.xxxtoolbar.com";
i did n
pnp worm unknown variant - post infection actions
Donnie Werner
http://exploitlabs.com
[ relevant info ]
[08/16/2005] (out) NICK [00|USA|618452]
[08/16/2005] (out) USER 2K-7566 * 0 :INFECTEDUSER
[08/16/2005] (in) :hub.de NOTICE [00|USA|618452] :*** If you are having
problems connecting due to p
- EXPL-A-2005-010 exploitlabs.com Advisory 039 -
- Mac OSX Server weblog -
AFFECTED PRODUCTS
=
Mac OSX 10.4.0 Weblog Server
ht
I have recieved the following from MSRC ( Microsoft Security Response
Center )
regarding my Advisory (
http://exploitlabs.com/files/advisories/EXPL-A-2005-001-owa.txt )
Exploitlabs is releasing this information to the public to help users
protect their systems until the next version of Exchange Se
- EXPL-A-2005-012 exploitlabs.com Advisory 041 -
- PHP TopSites -
AFFECTED PRODUCTS
=
PHP TopSites FREE ( all vers
google's language translation also does this..
http://ipchicken.com
http://translate.google.com/translate?u=http://ipchicken.com
m.w
- Original Message -
From: "Petko Petkov" <[EMAIL PROTECTED]>
To:
Cc:
Sent: Tuesday, July 19, 2005 4:05 AM
Subject: [Full-disclosure] Anonymous Web Attac
- EXPL-A-2005-011 exploitlabs.com Advisory 040 -
- QuickBlogger -
AFFECTED PRODUCTS
=
QuickBlogger 1.4 ( and earlier
i noticed...
simply rolling over a *.pdf on your desktop launches...
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
im guessing Explorer is doing some odd things ( preloading on a rollover )
..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is
exploitable you could cr
- EXPL-A-2005-009 exploitlabs.com Advisory 038 -
- Cool Cafe -
AFFECTED PRODUCTS
=
Cool Cafe Chat 1.2.1
http://coolcafe.c
> = Advisory: Sophos doesn't recognize keylogger after string alteration =
>
this technique is not new, and is quite commonly used to fool AV engines,
not just Sophos.
( and yes, Morphine works as well as commercial "executable packers")
If I recall, a certain trojan group ( now defunct ) used a s
wtf??? - - - - this HAS BEEN PATCHED
no "heads-up" needed ( you missed the boat by a week )
BUT THANKS FOR PLAYING!
- Original Message -
From: "P Ellison" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 10, 2005 9:21 AM
Subject: [Full-disclosure] Firefox & Mozilla Advisory
__
- EXPL-A-2005-008 exploitlabs.com Advisory 037 -
- Site Studio -
AFFECTED PRODUCTS
=
Site Studio
Positive Software Corporation
- EXPL-A-2005-007 exploitlabs.com Advisory 036 -
- H-Sphere -
AFFECTED PRODUCTS
=
H-Sphere Winbox
Positive Software Corporati
> Today I received a fake message pretending to be from PayPal Security
> Center. The most intersting thing is that I don't even have a PayPal
> account.
>
quite common. i am supprised its your first one.
___
Full-Disclosure - We believe in it.
Charter:
you are looking for this...
http://www.oisafety.org/guidelines/Guidelines%20for%20Security%20Vulnerability%20Reporting%20and%20Response%20V2.0.pdf
http://www.oisafety.org
cheers,
Donnie Werner
> Hey All,
>
> Couple of questions on reporting vulnerabilities:
>
> 1) Is there a damn template somewh
i used to have my UA set to a basic xss script...
many sites are vulnerable to this.
The most troubling is the fact that many web based reporting / log tools
are in html format, thus rendering the UA injection in the browser of the
person reading the logs ( most likely an admin behind the corporate
toss this one in...
http://www.myspace.com/index.cfm?fuseaction=find&circuitaction=search&searchType=network&interesttype=&f_first_name=http://whatismyip.com";>&Submit=Find
i think redirects are more effective in showing xss, but cookies are nice
too
or other xss like alert(document.cookie);
wood
[EMAIL PROTECTED]
<[EMAIL PROTECTED]>
http://netwinsite.com/surgemail/infoq.htm
- Original Message -
From:
jamie fisher
To: full-disclosure@lists.grok.org.uk
Sent: Monday, April 18, 2005 3:21
PM
Subject: [Full-disclosure] Security
contacts for Sambar server a
- EXPL-A-2005-005 exploitlabs.com Advisory 034 -
- WebcamXP -
OVERVIEW
webcamXP is one of the most popular webcam software for private
- EXPL-A-2005-006 exploitlabs.com Advisory 034 -
- XAMPP -
OVERVIEW
XAMPP is an easy to install Apache distribution containing
> On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response
Center wrote:
> > If you believe you have found a security vulnerability affecting a
> > Microsoft product, we would like to work with you to investigate it.
> >
>
> hahahahahaha
>
> m$ doing social engineering on fd, this is a
good try, but its just nice xss on news.com
http://news.com.com/1320-52-36.html?path=";>NVIDIA%20and%20Zdnet.de%20vs%20MicrosoftNews.com%20reports%20that%20the%20world%20biggest%20hardware%20vendor%20Nvidia%20and%20online%20German%20news%20site%20ZDnet%20conspired%20against%20Microsoft.%20The%20bu
- EXPL-A-2005-003 exploitlabs.com Advisory 032 -
- E-Data -
OVERVIEW
E-Data 2.0 is a powerful e-mail directory and managem
- EXPL-A-2005-003 exploitlabs.com Advisory 032 -
- Adventia Chat -
OVERVIEW
Adventia Chat Server Pro 3.0 is an ASP program that allows
y
for clarity.. all items are available via WAN by default
updated Advisory at
http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt
- Original Message -
From: "Morning Wood" <[EMAIL PROTECTED]>
To:
Sent: Monday, March 21, 2005 12:51 PM
Subject:
- EXPL-A-2005-002 exploitlabs.com Advisory 031 -
- Samsung ADSL Modem -
AFFECTED PRODUCTS
=
Samsung ADSL Modem
Samgsung Eletro
since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt
rule to prevent OWA redirect phishing.
D.W
/ start /
https://mymail.com/exchange*"/>
-- / end / --
101 - 151 of 151 matches
Mail list logo