[Full-disclosure] Trusteer Rapport and anti-keylogging

2011-09-21 Thread mu-b
off.c - switches off anti-keylogger protections on OSX allowing your already existing keylogger to function correctly once again. http://.digit-security.com/files/exploits/rapport-listen.c - uses Trusteer's own functionality to 'decrypt' keys directly. -- mu-b (m...@digit-lab

[Full-disclosure] NovaStor NovaNet <= 13.0 issues

2010-04-26 Thread mu-b
3.0, but sadly the most useless :( http://digit-labs.org/files/exploits/novanet-dos.c - - null deref remote DoS <= 13.0 - -- mu-b (m...@digit-labs.org) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct."

[Full-disclosure] un-SafeCentral

2010-01-15 Thread mu-b
ose that aren't idiots would not really find it all that hard to break.. http://www.digit-labs.org/files/otherstuff/unsafecentral/ - -- mu-b (m...@digit-labs.org) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct.

Re: [Full-disclosure] VMSA-2009-0013 VMware Fusion resolves two security issues

2009-10-02 Thread mu-b
hable locations within the driver, one of which is called immediately after initialization. http://www.digit-labs.org/files/exploits/vmware-fission.c - -- mu-b (m...@digit-labs.org) "Only a few people will follow the proof. Whoever does will spend the rest of his life

Re: [Full-disclosure] FreeBSD/OS X kernel bug dump

2009-03-24 Thread mu-b
s.org/files/exploits/bsd-ktimer.c > > other random stuff.. > > http://www.digit-labs.org/files/exploits/xnu-macfsstat-leak.c > http://www.digit-labs.org/files/exploits/xnu-profil-leak.c > http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c > > all the above are old now, bu

[Full-disclosure] FreeBSD/OS X kernel bug dump

2009-03-23 Thread mu-b
letalk-zip.c all the above are old now, but still exist today... christer/mu-b -- mu-b (m...@digit-labs.org) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct." - Ano

[Full-disclosure] eXtremail(ly easy) remote roots

2007-10-15 Thread mu-b
reallocated and a remote heap overflow in a call to memcpy(). PoC: http://www.digit-labs.org/files/exploits/extremail-v8.pl - -- mu-b ([EMAIL PROTECTED]) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct."

[Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS

2007-06-08 Thread mu-b
remote with IPv6. PoC: http://www.digit-labs.org/files/exploits/safenet-dos.c hmmm, I wonder how SafeNET think they can charge for such a half-baked, crufty, god-awful implementation -- mu-b ([EMAIL PROTECTED]) "Only a few people will follow the proof. Whoever does will spend the re

[Full-disclosure] mydns-1.1.0 remote heap overflow

2007-04-27 Thread mu-b
i),%es:(%edi) PoC: http://www.digit-labs.org/files/exploits/mydns-rr-smash.c Patch: http://www.digit-labs.org/files/patches/mydns-update.c.diff -- mu-b ([EMAIL PROTECTED]) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it

[Full-disclosure] eXtremail-v9

2007-04-20 Thread mu-b
ult. 0xdeadbeef in ?? () (gdb) bt #0 0xdeadbeef in ?? () #1 0x3031002e in ?? () #2 0x3634 in ?? () #3 0x in ?? () (gdb) POC: http://www.digit-labs.org/files/exploits/extremail-v9.c -- mu-b ([EMAIL PROTECTED]) "Only a few people will follow the proof. Whoever does will s

Re: [Full-disclosure] dproxy - arbitrary code execution through stack buffer overflow vulnerability

2007-03-23 Thread mu-b
105,7 @@ >/* child process only here */ >signal(SIGCHLD, SIG_IGN); > > - strcpy( query_string, pkt.buf ); > + strncpy( query_string, pkt.buf, sizeof(query_string) ); >decode_domain_name( query_string ); >debug("query: %s\n", query_string ); > >

[Full-disclosure] Mercur SP4 IMAPD

2007-03-20 Thread mu-b
ep movs dword ptr es:[edi],dword ptr [esi] es:0023:0210f4e4= ds:0023:0211=??? PoC: http://www.digit-labs.org/files/exploits/mercur-v1.pl -- mu-b ([EMAIL PROTECTED]) "Only a few people will follow the proof. Whoever does will spend the rest of his life convincing peopl

[Full-disclosure] Mercury/32 4.01b

2007-03-06 Thread mu-b
56d6dc ebp=0456d6ec iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010246 mercuryi!miconfig_proc_3+0xbacd: 0346ed48 8807mov byte ptr [edi],al ds:0023:0457=?? (note this may be the same as BID 21110). -- mu-b ([EMAIL

[Full-disclosure] MailEnable v2.37 APPEND exploit

2007-03-02 Thread mu-b
TED]) #!/usr/bin/perl # # maildisable-v4.pl # # Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit # by mu-b - Wed Nov 29 2006 # # - Tested on: Mail Enable Professional v2.32 (win32) - with HOTFIX # Mail Enable Professional v2.33 (win32) # Mail Enable Professio

[Full-disclosure] More MailEnable exploits..

2007-02-16 Thread mu-b
ildisable-v6.pl) --- ([EMAIL PROTECTED]) #!/usr/bin/perl # # maildisable-v3.pl # # Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit # by mu-b - Thu Nov 23 2006 # # - Tested on: Mail Enable Professional v2.32 (win32) - with HOTFIX # Mail Enable Profession

[Full-disclosure] MailEnable DoS POC-2

2007-02-14 Thread mu-b
# # maildisable-v7.pl # # Mail Enable Professional/Enterprise v2.32-7 (win32) # by mu-b - Wed Feb 14 2007 # # - Tested on: Mail Enable Professional v2.37 (win32) # use Getopt::Std; getopts('t:', \%arg); use Socket; use MIME::Base64; &print_header; my $target; if (d

[Full-disclosure] MailEnable DoS POC

2007-02-14 Thread mu-b
3:8146920b= --- ([EMAIL PROTECTED]) #!/usr/bin/perl # # maildisable-v5.pl # # Mail Enable Professional/Enterprise <=v2.35 (win32) # by mu-b - Wed Nov 29 2006 # # - Tested on: Mail Enable Professional v2.32 (win32) - with HOTFIX # Mail Enable Profe