Bravo!
On Wed, 2004-04-14 at 23:04, KF (lists) wrote:
http://classes.weber.edu/wireless/
-KF
Jeff Schreiner wrote
*snipped**
--
Save yourself from the 'Gates' of hell, use Linux. -- The_Kind @
LinuxNet
signature.asc
Description: This is a digitally signed message part
id3nt You must be another subscriber with a huge dangly bit or giant
baps. Only those with large attributes can post quality like that below:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 12:41 PM
To: [EMAIL PROTECTED]
Subject:
From: [EMAIL PROTECTED]
ahh nevermind, it's clear neither of you have the
desire to learn
mabey they need this...
- snip -
#!/usr/bin/perl
#
# the perl of security ( gettn' a clue )
# by m.wood
#
# version 1.03
#
use CommonSense; # you do have this module...
Jeff Schreiner wrote:
7 miles away is stretching it a bit far considering that all 802.11g
wireless transmissions range between 2.4 - 2.4835 Ghz 802.11a/h/j range
between 5.47 - 5.725 Ghz not only are the frequencies prone to scatter...the
radio waves bounce off everything. All wireless routers
From: Geoincidents [EMAIL PROTECTED]
That's retarded. Immunity is releasing a universal, repeatable, lsass
exploit in about 5 minutes to our CANVAS customers, for example, and
we're sure everyone else is done as well. For bonus credit we're
including a working ASN.1 exploit that owns IIS,
On Apr 14, 2004, at 19:43, Aditya, ALD [Aditya Lalit Deshmukh] wrote:
Well, that really depends, doesn't it. We're doing IPSEC using AES
for
wireless on a test network. It's a good deal more secure than our
wired
network, which is still plain text.
this sure is plain text but when combined
For God's sake people GET OVER IT!
For whatever reason MS have patched these Vulns in condensed patches, yes it
suits some people (myself included I'll admit) and doesn't suit others. It
does suit the majority of home users for example (which hang on happens to
be MS's bread-and-butter market).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated Subversion packages fix security vulnerability in neon
Advisory ID: RHSA-2004:159-01
Issue date:
Von: Andrew Aris [mailto:[EMAIL PROTECTED]
For God's sake people GET OVER IT!
For whatever reason MS have patched these Vulns in condensed patches, yes
it
suits some people (myself included I'll admit) and doesn't suit others. It
does suit the majority of home users for example (which hang on
hi fd,
i'm trying to exploit some overflows to see how it works. i can exploit a
normal stack overflow without problem, but now i'm
trying to exploit an off by one overflow and have some questions, first see
what i did:
vulnerable program:
#include stdio.h
#include unistd.h
#include
| Geo wrote:
|
| I think you seriously underestimate the hacking skills of eeye,
| there are very few who could turn the bugs they find into
full blow
| root level exploits.
|
| Geo.
Dave Aitel wrote:
That's retarded. Immunity is releasing a universal,
repeatable, lsass
I can see that you don't know anything about finding vulnerabilities or
writing exploits. What you just said is Hey d3wd, there's like a
vulnerability in windows man, and h3h see if you can find it d00d!.
Isn't that exactly the assumption that eeye proceeds under?
The original statement to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, my point is this: There isn't anyone who can say for sure how
many people could have found and exploited the LSASS hole. For sure
geo can't say how many people there are. He thinks it's maybe a
handfull, but more than that, he feels he has to
Hi Joe,
I don't think the value in ebp is being used by main's caller. As you know,
the calling convention requires the called procedure to preserve the state
of ebp, but that is no guarantee that the caller will use ebp to restore
esp.
Looking at a disassembled version of your code, I can see
Here is the difference: eEye reports the problems to Microsoft. Truely evil
guys use the exploits to break into banks and keep very quite about the
vulnerabilities.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dkr. Armand
Geddyn
Sent: Thursday, April 15,
- Original Message -
From: bob sagart
Date: Wed, 14 Apr 2004 14:22:37 +1200
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Which worm?
Heres the capture file I got, I started sending this to individual people
but I decided to send it to the whole list so sorry if your one
Edward W. Ray wrote:
If you are confident that no one else will discover those
vulnerabilities the next time that MS waits to provide a solution, I
wish you good luck
These OSes have been around for years, running in hostile labs by evil
geniuses, and the source code has been examined by
Same thing for me :)
Here are some dumps i got if someone would like
to study them :
http://maxon.homeip.net/3127dumps/
login : mydoom
pass : 3127
Archive pass : 3127dumps
If you do any analysis, please cc me i'm interested.
Have a nice day
Maxime Ducharme Programmeur / Spécialiste en
If you do any analysis, please cc me i'm interested.
doomjuice.dump17911 : W32/Doomjuice.A
doomjuice.dump18149 : W32/Doomjuice.B
doomjuice.dump.9v9L7v : W32/Agobot.JZ
doomjuice.dump.hw3eqf : W32/Agobot.KO
doomjuice.dump.JgUBbm : W32/Agobot.JZ
doomjuice.dump.kzTsZd : W32/Agobot.KO
Microsoft Windows Utility Manager Vulnerability
April 13, 2004
Risk Level: High
Summary:
A local elevation of privileges vulnerability exists on the Windows Utility
Manager that allows to any user to take complete control over the operating
system.
Versions Affected:
All products in the Windows
Amaury Jacquot wrote:
To get a 2.4 Ghz signal to travel 7 miles you would have to
install an
amplifier to boost the output to somewhere between 5 to 10
watts
not exactly
in fact, you don't need amplifiers in most cases.
you don't even need 1 watt
in fact, the trick lies in the antenna
Vendor : SCT
URL :
http://www.sct.com/Education/Products/Connected_Learning/CampusPipeline.html
Version : CampusPipeline
Risk: javascript execution
Description: SCT Campus Pipeline is the Web platform of choice at over 175
institutions. It improves efficiency, builds community, and
On Thu, 2004-04-15 at 13:50, Geoincidents wrote:
Clearly the motivation is there, the flaws are there, it's the
skill set that is missing.
The security world isn't composed of only talented and whitehats guys
like (insert you prefered haker) and worm writers. There's some people
who has really
[EMAIL PROTECTED] wrote:
Dear Dave and what was it ... jeff, Curt and exhibar, your in
here too,
and I'll throw Fitzgerled on just for fun
Neither one of you know what the
snip ugly
Have you ever properly setup a 2.4 ghz wireless link longer
than 7 miles?
If not, don't post what
://www.securityfocus.com/archive/1/347351.
This notice will be posted at
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml.
Details
Proof of Concept code now exists for:
* Recovering the Group Password - The Group Password used by the Cisco
Internet Protocol
RealNetworks Helix Universal Server Denial of Service Vulnerability
iDEFENSE Security Advisory 04.15.04
http://www.idefense.com/application/poi/display?type=vulnerabilities
February 15, 2004
I. BACKGROUND
RealNetworks Helix Universal Server is a universal digital media
delivery platform with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-04:07.cvsSecurity Advisory
The FreeBSD Project
Topic:
Exibar wrote:
You might have a point there with your box Curt ;-)
But, Windows has a nice little utility that will patch you system for you
Uh...sounds a bit like
emerge sync emerge -u world.
(Gentoo GNU/Linux)
Or like
apt-get update apt-get upgrade
(Debian GNU/Linux)
I was almost
Hi,
I'm currently in the process of learning how to analyse worms ... here
are some things I learned/guessed/newbied so far:
1) So far, the recent notorious port-scans/exploitation-attempts appear
to come from AGOBOT-Variants. These are complex trojans acting as
IRC-Bots. Look for
On Thu, 15 Apr 2004 00:59:33 EDT, Byron Copeland [EMAIL PROTECTED] said:
hmm. A yagi the size of a cannon mounted on a pick 'em up truck?
Just wondering,
No - snag yourself a old 18 satellite TV dish, you can toss a signal 10 miles
with those pretty easily. I'm told by people who do that
Another question: Is there a quick way to find out which tool compressed
an executable? A tool maybe?
PEiD
http://peid.has.it/
m.wood
http://exploitlabs.com
___
Full-Disclosure - We believe in it.
Charter:
From: Wolfram Schroeder [EMAIL PROTECTED]
2) The easiest way is to get a sample is to netcat -l -p 3127 sample. The
port 3127 was the original MYDOOM-backdoor port. You have to remove the
first 5 bytes to get a working executable, I use vi for this. Many of the
samples you get with netcat are
Well, which is it? 3, 21, 20, over 30, at least 20?
As we've learned in CVE, there are legitimate reasons for any of these
numbers, such as:
1) The role of the person viewing the numbers. For example, an
IDS person may care about each individual attack vector; a
sysadmin may only
Ok, I see I need to clarify that statement. I was not disputing the fact
that an RF transmission could not be extended to cover greater distances by
using a yagi, beam or parabolic antenna I know this and yes I also read that
section on point-to-point power limits.
The situation I was thinking
This is a xploit wich adds a superadministrator user to the mambo database.
saludos
Yo_Soy - [EMAIL PROTECTED]
?php
/*
|| Mambo OS v4.5 y v4.6 xploit
||
|| This script will insert a superadministrator user to the mambo database.
|| Change the variables bellow and upload this script to
/*
rpcdcom 5 remote LOCALSYSTEM exploit for winnt, 2k, xp, 2k3
2004.04.15
(C) northern snowfall SUPERrell
targets for EN, DE, EE, CN locales
*/
#include winsock2.h
#include stdio.h
#include windows.h
#include process.h
#include string.h
#include winbase.h
unsigned char requestBind[] = {
'L',
No! I am not releasing code that isn't mine! you homos. I was simply
making a point that I had the code and that it's out. That's it.
Christ
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Wed, 14 Apr 2004, Jeff Schreiner wrote:
Even a perfectly tuned directional antenna would not be able to pick up that
miniscule of a signal from 7 miles away 1/2 mile maybe with a good preamp to
amplify the incoming signal and you'd still have to dig it out of all the
other RF noise.
Bzzt.
38 matches
Mail list logo
