hello
The claim that he makes is surely interesting. I tried running the md5crack
on my system which is a linux6.1 Intel pentium 3 733 MHz and I was able to
get around 1/100 of what he claims. Although he uses a 1GHz AMD can the
performances be so different ???
try without -v/-V (verbose), it
if he wishes to open it anyway. Guess what should be a typical user
behavior ? ;)
this script need the useful arptool from Cristiano Lincoln Mattos and our
favorite web server (for hotmail spoofing and fake messenger update)
use it for educationnal purpose only.
cheers,
Gregory Duchemin
hello
This is the exact same thing APOP does - server sends a string, client
appends password to string, takes MD5 hash and sends back. If your
cracker is what you say it is (I haven't checked) then APOP should be
just as vulnerable.
Greetz, Peter
yep,
looking briefly at the rfc 1939, i found
based free accounts for
you very own mails.
Gregory Duchemin
Security Consultant
NEUROCOM CANADA
1001 Bd Maisonneuve Ouest, Suite 200
Montreal Quebec
H3A 3C8 Canada
phone: 514 908 6800
Email: [EMAIL PROTECTED]
_
Get
hello,
know if the TCP silly window syndrome might be used too ?
Uploading/downloading files byte per byte to/from a remote ftp server with a
stupid window size of one byte may generate a very high overhead.
My tanenbaum book say that Clark solution consists in avoiding sender
(attacker) from
===
Gregory Duchemin - Security Consultant -
NEUROCOM CANADA
1001 bd Maisonneuve Ouest - suite 200
H3A 3C8 Montreal - Quebec - CANADA
[EMAIL PROTECTED]
_
Get Your Private, Free E-mail from MSN Hotmail at http
Microsoft has finally patched today the css/div hole in hotmail.
Absolute positionning in 'style' is now filtered with static.
Others web based mailers, sites with bookmark, forum etc ... should quickly
do the same.
Above, the original mail from wouter Westerveld who informed me.
Cheers,
Gregory
abuse and copyright violation.
did work fine with MSIE, would need some little changes to work on Netscape.
Be warnned when hotmail ask u next time ;)
Cheers,
Gregory Duchemin
html
!-- H0RSEM4IL.c0m , trojanized mail to catch users password.
A proof of concept for most of web based mailer
he IP address your really need !.
Have a nice day,
=======
Gregory Duchemin -- Security consultant
NEUROCOM CANADA
1001 bd maisonneuve Ouest, suite 200
Montreal, Quebec, H3A 3C8 Canada
[EMAIL PROTECTED]
===
hi bugtraqers
wingate 4.1.1 is once again v
and admin
workstation. But that 's not enough, they may use session id concept for
cgi access too.
regards,
======
Gregory Duchemin
Network and security engineer
http://www.securite-internet.com
NEUROCOM
==
in a possible denial of service
attack.
Have a nice day
******
Gregory Duchemin
Security networks Engineer
Email: [EMAIL PROTECTED]
http://www.securite-internet.com
the remote printer to
execute code with the target web server priviledge.
I don't have, now, all the required informations to gain
server priviledge but u may find it here very soon :)
Attacker form example:
HTML
HEAD
TITLENashuadeath/TITLE
/HEAD
!-- Gregory Duchemin Aka c3rber --
!-- NEUROCOM -
i'm going to write an exploit.
Have a nice day
---
Gregory Duchemin - [EMAIL PROTECTED]
Security Engineer
NEUROCOMhttp://www.neurocom.com/
179/181 avenue Charles de Gaulle 92200 Neuilly Sur Seine
Tel: 01.41.43.84.84 Fax: 01.41.43.84.80
13 matches
Mail list logo