Re: [Full-disclosure] Fuckloads...

i will destroy FD this year, mark these words. On 26 January 2012 10:19, Richard Golodner wrote: > On Thu, 2012-01-26 at 08:24 +1100, xD 0x41 wrote: >> you all thought im some fuckwit called n3td3v > >        Not me my brother, I know the real nutdumb. >        I also r

Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins

in the world. > > Andrew > > ____ > From: xD 0x41 > To: andrew.wallace > Cc: full-disclosure@lists.grok.org.uk > Sent: Wednesday, January 25, 2012 10:20 PM > Subject: Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, > nobody wins > > yea...wel

Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins

> > I take a tough approach these days to anyone using the list in this way. > > You are not anonymous, you are reachable anywhere in the world. > > Andrew > > ____ > From: xD 0x41 > To: andrew.wallace > Cc: full-disclosure@lists.grok

Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins

n3td3v organisation. > > --- > > Andrew Wallace > > Independent consultant > > www.n3td3v.org.uk > > ____ > From: xD 0x41 > To: Levente Peres > Cc: full-disclosure@lists.grok.org.uk > Sent: Wednesday, January 25, 2012 9:24 PM > Subject

Re: [Full-disclosure] Megaupload Anonymous hacker retaliation, nobody wins

stfu idiot. they can do wtf they want, think about that! now, go fuck yaself...and enjoy mailing on FD and secunia is like, got smtp problems now ;) tc. GLOW you all thought im some fuckwit called n3td3v ,for this, you all pay! I, single fucking handedly, will destroy secunia , and this bs lis

Re: [Full-disclosure] Using HTTP referer for phishing attacks

yea yea, we got it now, ill say one thing to FD, your all putting, one really cool thing i was doing, to a halt. enjoy, ask zx2c4 about it. On 25 January 2012 21:09, Jerome Athias wrote: > This could be also used in some cases to Refer requests from "paypal" or > such payment systems when th

Re: [Full-disclosure] Using HTTP referer for phishing attacks

hrm now thats indeed of interest... good to point out...thx. On 25 January 2012 21:09, Jerome Athias wrote: > This could be also used in some cases to Refer requests from "paypal" or > such payment systems when there is no/bad validation checks on an > e-commerce website. > > ie: > if(Referer.Co

Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it

Trojan > > > On Jan 19, 2012, at 11:10 PM, xD 0x41 wrote: > >> +1 >> >> this was the first and biggest hack ever done on myspace, wich simply, >> pretended you needed the 'java flash' plugin, to view the 'wall' of >> your friend..now, t

Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it

If it happens again, I'd try a different machine and different account and see if you have the same issue. Thats spoton! and, people said i wasted time on the listsheshus, if this guy had posted this email i guess from start, there would not be 10 emails, regarding a modified mozilla, and FB'

Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it

+1 On 21 January 2012 08:29, Gage Bystrom wrote: > Yeah good luck with reproducing it cause it REALLY sounds like a mitm or a > phishing attack trying to get people to download fake av. I would do a dns > lookup and then compare those results to that of a public web service, and > save the link

Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it

+1 this was the first and biggest hack ever done on myspace, wich simply, pretended you needed the 'java flash' plugin, to view the 'wall' of your friend..now, they killed it but by then, it was suicide...and, they had no idea for many months... this, is known, and also that FB has added new featu

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service

I release it because it worked for me INSIDE TWO VM's, I had no clue about the checksum error. I didnt cripple it. It worked in my tests because I bet the vmware please... dude, it does not work without it, so, there is one person thats already come forward, howmany more, before you just admit th

Re: [Full-disclosure] Avast Antivirus

Here is your post taken from the forum, it was not really taken to wellbut, nomatter, im just stating the facts as i see them, and hope you understand this, but, i also giving you the chance to please try a real sandboxie, then load some bot.exe into it, and watch what it does... would maybe e

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service

much time for me. > Did I offend you in any way ? > It's just a PoC for people to test their systems nothing else... > I cannot check each every system if it works, I just checked two boxes > and thats enough for me. > > Regards, > > Kc > > Am 19. Januar 2012 04:5

Re: [Full-disclosure] Exploit Pack - Happy new year!

logon counter i womder.. you bring something interesting though to something wich that guy said... yea, i wonder how he is counting and, i know that shit, dont have 20k, more like 20 if luky... it has what, 10 ftp bsitty 10ftp in the world b0f,all from the same kid to... hes happy todo it but.. the

Re: [Full-disclosure] Reflection Scan: an Off-Path Attack on TCP

e, he will soon... On 19 January 2012 17:18, Robert Kim App and Facebook Marketing wrote: > Is there a diagram or a video? I'm not a professional IT guy so I'm gunna > need something of a tutorial! HAHA! > > On Thu, Jan 19, 2012 at 11:22 AM, xD 0x41 wrote: >> >&g

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service

Here, maybe handy, for anyone wishing to completely 'fix this thing.. i will perhaps, fix it so it only sends out the once, it doesnt need half of that code there...so, i guess i will update this or the ICMP v3 membership bug from windows... http://pastebin.com/Xq6e10ab Now, i hope 95% of you, al

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service

Now, heres the one wich works, without in_chksum bug ;) http://pastebin.com/x1ShKAUT now, sorry but, had to try it remotely, sheesh, and, you dont cripple, code of old bugs and, half of this code is from an old bug anyhow, so why the heck not leave it... i guess now your starting to look like Jo

Re: [Full-disclosure] Reflection Scan: an Off-Path Attack on TCP

On 18 January 2012 09:45, Jan Wrobel wrote: > Hi, > > This TCP session hijacking technique might be of interest to some of you. > > Abstract: > The paper demonstrates how traffic load of a shared packet queue can > be exploited as a side channel through which protected information > leaks to an of

Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service

On 18 January 2012 09:38, HI-TECH . wrote: > Tested and vulnerable against: > * Linux kernels above or equal to 2.6.36 (local network) > > Untested > * Your iPhone > * I heard of rumours that the bug is triggerable using unicast > addresses across the internet > > Am 17. Januar 2012 22:14 schrieb

Re: [Full-disclosure] Mobile Prank Hacktool

hi Larry! Hope your doing well mate ;) , anyhow, here.. i did manage to get it via windows..maybe megaupload.com has blocks for lynx or other linux ? notsure and, not caring to test,..lol...anyhow, sanme file..enjoy, cheers. (Oh, id always run this with atleast a basic Sandbox, like sanboxie ,w

Re: [Full-disclosure] New awstats.pl vulnerability?

I am really curious as to the motivation of the parties deploying these types of scans. I understand that they would like to find vulnerable systems to compromise... but for what purpose? S dor what ? Mainly the smarter ones, are, not malign, non botters, and dont use these shit systems to make

Re: [Full-disclosure] vsFTPd remote code execution

There is guides, like; http://blog.up-link.ro/how-to-set-up-vsftpd-virtual-users-berkeley-db-pam/ wich is folwing this trend...to create a var/ftp/public or var/ftp/user , wich is great...if your not running vsftpd... On 16 December 2011 00:39, HI-TECH . wrote: > Hi Chris, > > Am 14. Dezember

Re: [Full-disclosure] silly PoCs continue: X-Frame-Options give you less than expected

Its awesome ... and works, but, yes conditions must be met for firefox8 still... this is 2011 ;s almost 12! this is, i guess a great PoC and info but, only some ppl realise the potentiall to this anyhow, thanks Mike,thats a GREAT job mate :) /xd On 11 December 2011 09:39, Michal Zalewski wro

Re: [Full-disclosure] Minimum Syslog Level Needed for Court Trial

THAT NMAP HAS...AND BELIEVE ME CNET IS WATCHING THIS INTENTLY... BECAUSE THEYRE WAITING FO THE 'OFFER' TO SETTLE ;) WHEN IM WRONG, THEN SLAP ME, UNTIL THEN STFU. On 9 December 2011 20:39, tc wrote: > I bet Gordon was glad to get that email. > > On Fri, Dec 9, 2011 at 5:13 PM,

Re: [Full-disclosure] Minimum Syslog Level Needed for Court Trial

As i told Fy0d0r , in a case where, the actual breaching of a contract occurs, this == compensation for having ie: name trashed hard coz, who knows howmany new to nmap users are using it, and, "wish i had not installed it but...ohwell, ill just have to reinstall.." And, thats it most ppl s

Re: [Full-disclosure] PenTest mag

>>> >>> Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. 00:04: >>> >>> Nice, but is it stored? Or at least reflective? >>> >>> On Dec 7, 2011 2:59 PM, "Tomy" wrote: >>>> >>>> >>>> still v

Re: [Full-disclosure] PenTest mag

M, "Tomy" wrote: >>> >>> >>> still vulnerable: >>> >>> sample: >>> http://pentestmag.com:80/wp-login.php?action=register (XSS) >>> >>> e-mail: >>> john@somewhere.comalert(87118) >>> >>> >

Re: [Full-disclosure] PenTest mag

ulnerable: >> >> sample: >> http://pentestmag.com:80/wp-login.php?action=register (XSS) >> >> e-mail: >> john@somewhere.comalert(87118) >> >> >> LOL >> >> >> >> Wiadomość napisana przez xD 0x41 w dniu 7 gru 2011, o go

Re: [Full-disclosure] PenTest mag

es i agree, 1005 it is misleading. a. you must submit a 'real' email b. it is 23 'snippets' not pages/full pentest kit like stated... its another Insect pro, only, in a different form.. On 8 December 2011 08:37, Dave wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: S

Re: [Full-disclosure] PenTest mag

> > content in the teaser 23 pages? >> > >> > If it is, then they weren't misleading in the email. Otherwise, they are >> > being rude. >> > >> > On Dec 7, 2011 12:46 PM, "xD 0x41" wrote: >> >> >> >> umm, its

Re: [Full-disclosure] PenTest mag

umm, its not misleading atall.. this is the first look and, i understood well, if you bother to visit the address... theyre 'teasers' so, you dont get a FULL magazine or, kit, you opnly get the first like chapter/pages, thats similar to many other *products* , not freebies... On 8 December 2011 0

Re: [Full-disclosure] prosec

hehe ye better watch out guyzzz... sheeet im patching my boxes now... the day i see this done to AB is the day id probably giveup on any hax tc ps: ph33r the whitehats On 7 December 2011 07:14, Ac1d B1tch3z wrote: > > > On Tue, Dec 6, 2011 at 9:54 PM, Ac1d B1tch3z wrote: >> >> LMFAO >> >> On T

Re: [Full-disclosure] Large password list

Any specific dictionary file/collection work best for you,and was wpa involved, ifso, wich list was best there.. just, somuch to download there..like 15gig :s i would rather hone in on the effective one :) thanks mate! drew On 5 December 2011 19:28, Alessandro Tagliapietra wrote: > Get g0tmi1k's

Re: [Full-disclosure] fast and somewhat reliable cache timing

hey! OK tested THIS variant, and it seems to gather *some* info, so it is working, altho, this is using Private-browsing,, the other one by the other person failed completely (visipi).. Interesting is what results it gathered... Flickr and Newegg , but no ebay or paypal :s i guess they have a higg

Re: [Full-disclosure] fast and somewhat reliable cache timing

. On 4 December 2011 09:25, Veeraganesh Reddy Thondapu wrote: > Sorry for my ignorance but the book you were mentioning is that his Old book > or the new one titled > > The Tangled Web: A Guide to Securing Modern Web Applications > > regards > > > > On Saturday, 3

Re: [Full-disclosure] fast and somewhat reliable cache timing

Yea, is interesting, i tested it on Firefox v8 windowsXP platform and it did not find anything, mind you i use 'private browsing' for *all* browsing... so i am wondering if that maybe helps keeping my cache secure... i also noticed that it returned no results, when in fact i had just been redirecte

Re: [Full-disclosure] Large password list

14:14 +1100, xD 0x41 wrote: >> needs to b shudown...if it can be... >> cheers, always happy to speak to you :) > >        Always happy to speak with you as well my friend. We can shut the > fucker down. Can you give me his domain name. I think that a shitty php > bug would g

Re: [Full-disclosure] New FREE security tool!

> The only one who has daily updates Thats total crap... look like 3 posts away, he had to apologise for "playing with his new MMORPG game" , instead of doing as he had said, wich was, porting the latest freebsd PoC/exploit code, to his py, he made even, exe installer, wich led nowhere... then, he

Re: [Full-disclosure] New FREE security tool!

Thats not the main one :P Checkout INSECTPro tool ;) but, thats metasploit v2 nd v3 i believe...and alot nicer than this,...same author... i have a copy, but he wont let me know, if i can use my copy, to pull updates from git ;'( I assume that means, the pirated copy i have, must work fine, aslong

Re: [Full-disclosure] Large password list

Or simply, use openwal.com who atleast do something and have an oyutstanding os... they do not charge on that basis, and also the socalled hash, if you look in the 3 offered fiiles, theyre all same length of digits, i am not even sure what hes offering, because, i assume that is a decrypted list...

Re: [Full-disclosure] New FREE security tool!

> On Thu, Dec 1, 2011 at 3:47 PM, ghost wrote: >> >> I saw your site got defaced today, mr "your meant to be PRO." >> >> Maybe time for less posting and more edumacation ? >> >> >> &g

Re: [Full-disclosure] Large password list

22033538 whats this hash for nothin. hes a f00l. altho, i dont like you, atleast, you see a fool as i do. unfortunately, your not much better. On 2 December 2011 13:05, adam wrote: > Also, not to beat a dead horse, but.. > >>>- cover cost of upstream bandwidth, the list is currently at  64

Re: [Full-disclosure] Large password list

This is what whitehats would probably class as a 'blackhat' , the sad thing is, i bet NO blackhats, really like this.. not serious ones. Its sad, your a pathetic person, resorting to online theft, to cover your bs demands, as pointed out, what 'costs', for keeping, stolen data... ? ONLY the cost, Y

Re: [Full-disclosure] FreeBSD ftpd & ProFTPd on FreeBSD exploit in Action [HACKTRO] :>

Awesome stuff =) On 2 December 2011 09:17, HI-TECH . wrote: > Hi lists, > this is Kingcope > btw this exploit does not depend on the ProFTPd version > as illustrated in the youtube video below it will unlock > ProFTPd 1.3.4a too. > > enjoy the hacktro!! > http://youtu.be/10uedlgNEJA > >

Re: [Full-disclosure] New FREE security tool!

dude, your meant to be PRO, i also tried to use your it to pull the latest files, and nothing there mate.not since, awhile ago... I also now have a copy of insectPRO , and am wondering, is your git able to update this for me.. am alittle worried ;p Altho on exploitpack.com/downloads/ there seems

Re: [Full-disclosure] CodeV discovers 31 vulnerabilitys on 5 OS softwares

t with 250 lines of code and is available at Oh awesome disclosure there dude.. mad stuff, mad poc... cmion, now where is the fucking code then ??? On 24 November 2011 08:59, Javier Bassi wrote: > On Wed, Nov 23, 2011 at 8:11 AM, Press - Dognædis wrote: >> Dear FullDisclosure, >> >> CodeV is

Re: [Full-disclosure] NEVER AGAIN

You fucking pieces of shit forget when it was once me who was asking, for help in regards to mutiple things, and when offered NONE, in regards to code i later had to find thanks to fucking blakhatz, why the fuck would i want or care for this list now, forget any competition i ever started, you clea

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

and yeas, that was indeed me on the phone, go ask your boss how it went.. err, maybe not :) hehe.. On 22 November 2011 18:21, xD 0x41 wrote: > no really whats most interesting about you, is your botnet your > running, from the isp. > i wonder if your the boss.. or just, using a boss

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

0x41 wrote: > -l ***malek -pw jty2ah -P 22 > > hehe... isnt this fun,... your shits so insecure > > > On 22 November 2011 17:50, xD 0x41 wrote: >> yes i know that would be full nelson.. right... not coded same as my >> version, and dan rosenbergs version, is about a

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

ye, it has been there for what, 4months... anyhow, i dun care much for the website.. so better it stays down, less apm for me =d byez On 22 November 2011 14:27, Matthew Harlum wrote: > On 22/11/11 2:16 PM, xD 0x41 wrote: >> >> quarter-nelson.c ... yes, the code is there, w

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Well, i will give u an example when my website is up.. this is sad to, as i rewrote econet exploit, and named it quarter-nelson.c ,now this has been rooting your damn Ubuntus, for months.. and, it is a modified version, and public. sorry but, thats just, 3 boxes i tested *today* of different secure

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

3> > "The mask of anonymity is not intensely constructive." >-- Andrew "weev" Auernheimer > > > On Mon, 2011-11-21 at 09:51 +1100, xD 0x41 wrote: > > haha you are a looser. > Why then are you a

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

459111CEF01F9923> > "The mask of anonymity is not intensely constructive." >-- Andrew "weev" Auernheimer > ======== > > On Mon, 2011-11-21 at 09:44 +1100, xD 0x41 wrote: > > yes, and i see gnaa is so wond

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

E > F01F9923<http://pgp.mit.edu:11371/pks/lookup?op=vindex&fingerprint=on&search=0x459111CEF01F9923> > "The mask of anonymity is not intensely constructive." >-- Andrew "weev" Auernheimer > > > On

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

dex&fingerprint=on&search=0x459111CEF01F9923> > "The mask of anonymity is not intensely constructive." >-- Andrew "weev" Auernheimer > > > On Mon, 2011-11-21 at 09:39 +1100, xD 0x41 wrote: &

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

ose the weakest of the 10, silence the doubters and keep the > other 9 to yourself? There seem to be a lot of people on this list who doubt > your skills. Why not give them something small and repair your reputation? > > On 20 Nov 2011 00:32, "xD 0x41" wrote: >> >>

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

... I wont open my arse for Valdis or his nerd squad,... ill help those who sincerely ask it. bye now chump. On 20 November 2011 18:01, Memory Vandal wrote: > > >> On Sun, Nov 20, 2011 at 2:46 AM, xD 0x41 wrote: >> Ok well how about lets put it simply... >> >> MS ha

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

at i tried to say, idiot. On 20 November 2011 18:01, Memory Vandal wrote: > > >> On Sun, Nov 20, 2011 at 2:46 AM, xD 0x41 wrote: >> Ok well how about lets put it simply... >> >> MS have had a Guest user, i believe it is MSUSER***  since what, 1970 >> ? I k

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

I have said what I wanted to say... i wikll not disclose exploits on fd... sorry Just think of the MS issue, compared to Ubuntu user issue.. forget the rest :-) On 20 November 2011 11:23, root wrote: > what you say, main binary of ubuntu is suid? > > That enough, I'm switching to freebsd no

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

DESCRIPTION: Ubuntu has issued an update for librsvg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. It just does not stop with ubuntu.. really, everyday i see another problem l

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Already 2 conflicting answers,abit of confusion i might say this is exactly why it should be ONE flippin binary. On 20 November 2011 06:54, Dan Kaminsky wrote: > Er, sudo bash gives you /dev/kmem, access to the hard drive block device... > > Sent from my iPhone > > On Nov 19, 2011, at 11:

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Ok, what happens then if we have a bug in sudo binary, and the box has both su and sudo binarys available... again, ill use sudo -g bug as example. why are both needed, why not make one secure method to have sudoers... this is one area on linux i never have liked. On 20 November 2011 06:44,

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

Ok well how about lets put it simply... MS have had a Guest user, i believe it is MSUSER*** since what, 1970 ? I know locally, i could possibly manipulate registry keys and make this user 'login' ready... but at this point i have local ax, so a. we know ms guest user cannot be touched remotely ,

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

I think T is right about you mate, you do a hell alot of talking crap, without actually moving.. like, do you ever move away from your inbox ? Your a shame on linux worls valdis, picking on ubuntu, go pick on Owl OS , a 'security' based os...Ubuntu is for beginners, nuff said. useless mofo. XD O

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

. On 12 November 2011 16:02, Jon Kertz wrote: > On Fri, Nov 11, 2011 at 6:26 PM, xD 0x41 wrote: >> i should never have even said anything, again, i wont make that >> mistake again, the proof, will as always be n the pudding... >> later. > > Yes, it is. The only problem

Re: [Full-disclosure] Even worse

u wanted to burn him, but you > just told everyone, on a list called "Full Disclosure" no less, the address > of your login page. Does that really strike you as a good idea? > > https://cpanel.crazycoders.com:2083/ > > On Fri, Nov 11, 2011 at 8:18 PM, xD 0x41 wrote: >&

Re: [Full-disclosure] Even worse

ood idea to advertise it. > > Maybe one idiot was trying to break in, and you wanted to burn him, but you > just told everyone, on a list called "Full Disclosure" no less, the address > of your login page. Does that really strike you as a good idea? > > https://cpa

Re: [Full-disclosure] Even worse

     2001:470:d:10e8::6 > > > mail.crazycoders.com.   60      IN      CNAME   crazycoders.com. > > > webdisk.crazycoders.com. 14400  IN      A       173.224.214.202 > > > webmail.crazycoders.com. 14400  IN      A       173.224.214.202 > > > whm.crazycoders.

Re: [Full-disclosure] Even worse

razycoders.com. 14400  IN      A       173.224.214.202 > > > whm.crazycoders.com.    14400   IN      A       173.224.214.202 > > > www.crazycoders.com.    60      IN      CNAME   crazycoders.com. > > > crazycoders.com.        300     IN      SOA >   ns2.psychz.net. ufo

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

xs) as your mommy. > face it lol > > Now please, stfu son, you're sounding like a total tardlump; otherwise we > will have to unleash the dragons and let you see what a 10k botnet feels > like. > > > On 11/11/2011 23:26, xD 0x41 wrote: >> >> Indeeed. >&g

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

tfu son, you're sounding like a total tardlump; otherwise we > will have to unleash the dragons and let you see what a 10k botnet feels > like. > > > On 11/11/2011 23:26, xD 0x41 wrote: >> >> Indeeed. >> Seeing how the wolves are, i ceertainly would bnot release

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

you have about > as much chance of having 0-day (yes, that is including xxs) as your mommy. > face it lol > > Now please, stfu son, you're sounding like a total tardlump; otherwise we > will have to unleash the dragons and let you see what a 10k botnet feels > like. > >

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

mommy. > face it lol > > Now please, stfu son, you're sounding like a total tardlump; otherwise we > will have to unleash the dragons and let you see what a 10k botnet feels > like. > > > On 11/11/2011 23:26, xD 0x41 wrote: >> >> Indeeed. >> Seeing h

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Indeeed. Seeing how the wolves are, i ceertainly would bnot release it. i am only saying, I am using cpp, and windows, and, the exploit bypasses all protections, but, since you guys dont have the actual real poc for it, i guess, i would not be saying anything more, and, ill be leaving it, for the p

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

November 2011 09:58, wrote: > On Sat, 12 Nov 2011 09:36:21 +1100, xD 0x41 said: >> well look at that :P >> not same author but , nice coding predelka! good one, i will add you >> to crazycoders.com coderslist... i guess there is a few codes you have >> now done wich might b

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

TCP/IP >> Could Allow Remote Code Execution (2588516) >> >> >> >> I liked the "heavy breather in the perv closet" bit. >> >> On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst >> wrote: >> >> I think Jon just said what everyone else wa

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

: >>> >>> I think Jon just said what everyone else was thinking, he said what I >>> was thinking at least. >>> >>> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: >>> > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >>> >> A

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

indeed cheap! > > Gary B > > On 11/11/2011 11:43 AM, Ryan Dewhurst wrote: >> I think Jon just said what everyone else was thinking, he said what I >> was thinking at least. >> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: >>> On Thu, Nov 10, 2011 at 2:

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

n just said what everyone else was thinking, he said what I >> was thinking at least. >> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: >> > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >> >> About the PPS, i think thats a very bad summary of the ex

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Dewhurst wrote: > I think Jon just said what everyone else was thinking, he said what I > was thinking at least. > > On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz wrote: >> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >>> About the PPS, i think thats a very bad summary of

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

I have said, when the author wants to, and when hes ready to, i am sure he will. On 12 November 2011 00:54, Jon Kertz wrote: > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 wrote: >> About the PPS, i think thats a very bad summary of the exploit, 49days >> to send a packet, my bu

Re: [Full-disclosure] Steam defaced

2009 anymore. Hope this will bring some people fun and, all donates will be saton, tomakesure theyre NOT illegit,so dont even waste time if your a carder :) On 11 Noember 2011 22:32, Sam Johnston wrote: > On Fri, Nov 11, 2011 at 12:54 AM, xD 0x41 wrote: >> >> about the clo

Re: [Full-disclosure] Steam defaced

this is starting to remind me of that time when everyone has like 30game valid steam lisences he is dead, Jim! On 11 November 2011 20:52, Jacqui Caren wrote: > On 10/11/2011 23:25, Henri Salo wrote: >> As I usually have good news.. Here is some more: >> http://forums.steampowered.com/forums

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

btw, you do realise, it is doing exactly what it is meant to , right >? it is called a honeypot sir... try figure out WHY it is looping... then maybe, the code is nicer yes... i dont really care for it... i am, making the proper.cpp scanner. nothing more interests me about it, and, nothing else, i

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

not my code dude. i just offered it, for anyone who was interested... again, people bashing the user, who does nothing but inform :s ghood one. On 11 November 2011 19:17, Tillmann Werner wrote: >>     def callback(self, hdr, data): >>         # Parse the Ethernet packet >>         decoder = Im

Re: [Full-disclosure] Steam defaced

ha...well ill be... @Henri A friend of mine, used to be able to shell steam, using sql but, he failed to be able to keep the shell uploaded, they were running some kind of 'cleaner' every 2minutes or so checking for any inclusions, wich then would delete, or simply had a good sigs list , but this w

[Full-disclosure] psyb0t ... seems to be rather nifty!

http://www.irc-junkie.org/2009-03-22/psyb0t-a-stealthy-router-based-botnet-discovered/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

m you is talk >> about how stupid everyone else is, but I've never once actually seen you do >> anything constructive. >> >> t >> >> -Original Message- >> From: full-disclosure-boun...@lists.grok.org.uk >> [mailto:full-disclosure-boun...@l

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

sage- >> From: full-disclosure-boun...@lists.grok.org.uk >> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Georgi >> Guninski >> Sent: Thursday, November 10, 2011 8:48 AM >> To: xD 0x41 >> Cc: full-disclosure@lists.grok.org.uk >> Subje

Re: [Full-disclosure] SploitCloud: exploiting cloud brokers for fun and profit

Lame. Sorry but, it just is. Your a lamer dude. Ill makesure to blog this for you. On 10 November 2011 06:25, Sam Johnston wrote: > Apologies for the HTML — too many inline links. > > Sam > SploitCloud: exploiting cloud brokers for fun and > profit >

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

You could just google for IRC packs of win2k src ;) I know i have a copy of it somewhere... acvtually tho, would not be helpful tho, as it does not affect win2k.. so i guess there would be some code there but not the code you want. @george and, ideally if 'years' ago existed for this exploit but,

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

at wich the port opens, but this is undisclosed. cheers. On 9 November 2011 22:46, Darren Martyn wrote: > xD, does this mean you HAVE exploit code for this? Care to share that? > > On Wed, Nov 9, 2011 at 11:42 AM, xD 0x41 wrote: >> >> Is awesome exploit yes! >> I h

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Is awesome exploit yes! I have looked at this and, you dont need to be udp... only... it is TCP-IP. ... wich, i was luckily given a copy early than release date so have had time,... this whole thing reopens the old idlescan and, simly one tcp scanner, even a udp one, all you have todo is send a req

Re: [Full-disclosure] Researchers Uncover 'Massive Security Flaws' In Amazon Cloud

I know for my Access, i use a key ... i do not keep my cloud active, thats about the only thing disabled actually... service with them on EC2 is great to, VPS has no plain text pass, all of those have keyfile, then you have to convert the keyfile using putty , i guess the key could maybe be grabbed

Re: [Full-disclosure] Symlink vulnerabilities

lways succeed on my Dual-core. > > Cheers, > vladz. > > > On Fri, Oct 28, 2011 at 11:43:56AM +1100, xD 0x41 wrote: >> I just did a quick write of it , i think this is right anyhow.. i aint >> the greatest of bash/exploit coders in bash but i did try, and, i >> kinda had i

Re: [Full-disclosure] How not to deal with a vulnerability in your code

Good move. Luckily i did not find even one copy of the calibre on any of my boxen so the fix wasnt needed... i did a quick look around tho and there seems to be plenty of other simpler readers even.. heres a cpl liks to FBreader and another 'simple ebook reader'... both for Ubuntu as googled for bu

Re: [Full-disclosure] How not to deal with a vulnerability in your code

I am appalled with the maker, Kovid Goyal , what a jerk... I just went to check any of my boxes for the binary, luckily i do not suffer from e-reader syndrome, thankfully this jerk doesnt touch the important stuff... thats tho, typical of launchpad, they dont like bugs being shoved up theyre proveb

Re: [Full-disclosure] Secunia jumps on vuln reward bandwagon

Their 'rewards' do not seem to justify the vulnerability/exploit research time. This is what ive been saying for uh, 3months now... but, do they ever? And also, is it better to have even one more payer, than have nothing atall... or sell to blackhat sites only ? i guess this is atleast an alternat

Re: [Full-disclosure] Secunia jumps on vuln reward bandwagon

good call. On 4 November 2011 04:57, Georgi Guninski wrote: > On Thu, Nov 03, 2011 at 05:46:15PM +0100, Michele Orru wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> It seems that even XSS, XSRF and SQLi are accepted... >> Interesting. >> >> Cheers >> antisnatchor >> >> Georgi Gu

  1   2   3   >