I'd definately recommend capturing some of this traffic to see what is
being transmitted. (Harlan is right on.) It's one of the few things
that would great;y help know what is going on.
Something else you can try - make sure your shell command hasn't been
modified in the registry. Also, double
Ron, PLEASE STFU KTHNX ( you too Larry S. )
Who the f*ck cares, they hired him, if you dont like the company, dont
patronize them for business.
But please shutthefuckup. Why?
1. You have nothing to contribute.
2. you bitch and moan about things that are truly insignifigant.
3. you are a Media
Guys,
thanks for all the help. It was a veriant og the Korgo worm
plus the KLP key logger. Finally got rid of both!
Cheers,
-- Giuseppe
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Wed, 2004-09-22 at 00:33, Ron DuFresne wrote:
We might as well tell the lamers to just insert then
resumes into their bits of nasty code so they can be sought out directly.
Been done Ron, see mydoom for an example.
--
Barrie Dempster (zeedo) - Fortiter et Strenue
http://www.bsrf.org.uk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
there we go
there's some fuckin punctuation for you
may not be right
but as this mail client likes pissing around with my line feeds
i guess it should go in as you are obviously having difficulty without it
how do you cope with our bl4ckh47 fr13nd5zzz?
who seem to have little respect for
On Tue, 21 Sep 2004 23:29:31 -0700
morning_wood [EMAIL PROTECTED] wrote:
Ron, PLEASE STFU KTHNX ( you too Larry S. )
Who the f*ck cares, they hired him, if you dont like the company, dont
patronize them for business.
But please shutthefuckup. Why?
1. You have nothing to contribute.
2. you
On Tue, 21 Sep 2004 18:33:47 -0500 (CDT)
Ron DuFresne [EMAIL PROTECTED] wrote:
cool, another proponent of hiring criminals for security, might as
well have reduced it to two words, Kevin Mitnick, at least then folks
would have gotten a chuckle out of your reply! gryn.
If we are going to
Larry... free your mind. NOW...
But it's nice to see that not just completly newcomers with no mind are
here *looks to brad*.
Sometimes I ask myself why this list isn't moderated... ;)
vh
On Wed, 22 Sep 2004 12:14:56 +1000
Brad Griffin [EMAIL PROTECTED] wrote:
C'mon Larry, you and I know
Dear 'van Helsing',
Dear Ron...
The name Ron is very public in america, canada and some other english
countries so I exspect you're from such a country...
We must be dealing with a mastermind here.
Please imagine that the autor of Sasser is NO criminal in germany.
... it isn't hard to do?
He
Hi,
you could work with this:
--START--
#!/bin/sh
#
# The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw
# The crafted JPEG header makes Windows crash a couple of different ways
# 1) First, it crashes when the image is opened.
# 2) Second, it crashes when hovering the
Though Sven could face some jail time his crime is not a big deal in Sweden. In
many countries there are no laws or extradition for computer fraud crimes.
Amazingly this makes it ok or legal, so you want to be a big time criminal go to
Beleize or Sweden or Isle of Jersey and id theft away.
Thanks for participating in the list, and even more
thanks to those individuals and companies who believe
in the concept of full disclosure.
On another note please try and avoid the type of exchanges
that are best suited for direct email as the world doesn't
really need to see alot of what
On Tue, 21 Sep 2004 23:29:31 PDT, morning_wood said:
note: Item 4 is also applicable to Nick F. and Valdis K.
And I didn't even post anything in this thread until now - so here's
a test posting so you can tune your procmail filters accordingly... :)
pgpOHBj7oljYU.pgp
Description: PGP
That was
released on to exploitwatch.org
http://www.k-otik.com/exploits/09222004.ms04-28.sh.php
Has this guy
found a way to escape the heap cleanly? Comments?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Tuesday, September 21, 2004 11:39
PMTo:
Poc for recently reported vuln,(not buffer overflow)
--
__
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
sharexploit.c
Description: Binary data
On Wed, 22 Sep 2004, Barrie Dempster wrote:
On Wed, 2004-09-22 at 00:33, Ron DuFresne wrote:
We might as well tell the lamers to just insert then
resumes into their bits of nasty code so they can be sought out directly.
Been done Ron, see mydoom for an example.
Ahh yes, but, do you
Van,
Fine, let them hire him in Germany, as long as the hiring companies
clients are not from France or the US or various oter countries with
stricter laws.
Thanks,
Ron DuFresne
On Wed, 22 Sep 2004, van Helsing wrote:
On Tue, 21 Sep 2004 18:33:47 -0500 (CDT)
Ron DuFresne [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 552-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 22nd, 2004
Awesome. Glad you got it solved! Now, you should take some
preventative measures to ensure it doesn't happen again. I would
recommend getting yourself some anti-keylogger software for a start.
(Google it - there's plenty to choose from for all budgets.)
Also, if your AV didn't detect either of
Being that this is full disclosure it seems only appropriate. I wrote a
paper making fun of the many drug and sexual terms and references found in
the computer security industry. I thought someone here might get a kick of
out it. BE WARNED - it is probably offensive to mild mannered types,
Hmm, I think you've just managed to capture most self-proclaimed
experts in I.T. and security. Gather up a bit of buzzword follow with
some acronyms, and top it off with how k3wl it is to be a hacker. :-)
old-school and CISSP shouldn't be in the same sentence ;-)
[EMAIL PROTECTED] wrote:
Being
Game over...
So the exploit is out that will open a local command prompt on the
machine exploiting the GDI library..
This thing allows 2500 bytes of shellcode..
How long before this turns nasty?
Seems easy to me to make it reverse shell...
The problem I have is patching with SMS.
wode.jpg it has a vulnerability jpg MS04-28
http://www.theinquirer.net/?article=18585
news.htm it has a vulnerability object data
http://www.securityfocus.com/archive/1/358862
On Mon, 20 Sep 2004 17:59:30 -0400, Aaron Horst [EMAIL PROTECTED] wrote:
Interesting. It would appear to not be a JPEG
And anyone who trusts him with their computers is an idiot.
Larry Seltzer
eWEEK.com Security Center Editor
That neatly sums it up. Gee I wonder if his pointy haired boss will spot
the backdoors in their code? Naah, he wouldn't write in a backdoor, that
would be wrong.
I want to know what
Buffer overflow in MDaemon 6.5.1 in SAML, SOML, SEND, MAIl command in SMTP
server and in LIST command in IMAP server.
Exploit:
http://www.securitylab.ru/_Exploits/2004/09/mdaemon_rcpt.c
http://www.securitylab.ru/_Exploits/2004/09/mdaemon_imap.c
More information (In Russian!):
On Wed, 22 Sep 2004 12:05:27 PDT, Daniel Sichel said:
I want to know what financial institutions are clients of the firm that
hired him so I can close my accounts now, before its too late.
Would you do so even if it turns out that almost *all* financial institutions
buy at least *some*
http://www.c-enter.hu/center/0230779.html
I do have some good news.. Seems some AV companies already have some
sigs to spot the .jpg vuln.
Symantec picks it up as bloodhound so email propagation may become less viable.
It does this with the local and remote shellcodes.
JP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
reverse successfull...
m.wood
Game over...
So the exploit is out that will open a local command prompt on the
machine exploiting the GDI library..
This thing allows 2500 bytes of shellcode..
How long before this turns nasty?
Seems easy to me to make it reverse shell...
MS04-028 Exploit
Launches local cmd.exe (not port bound)
http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.php
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Josh L.
Perrymon
Sent: Wednesday, September 22, 2004 1:48 PM
To: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: webmin
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: mpg123
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: ImageMagick
Advisory
As promissed before, the C sources for ALPHA 2: Zero tolerance, a shellcode encoder
that produces alphanumeric code, optionally uppercase-only and unicode-proof.
Happy hacking,
SkyLined
alpha2.tar.gz
Description: Binary data
Microsoft Windows MS04-028 JPEG Overflow Shellcoed Exploit
// Sample shellcode is provided// You can put approx. 2500 bytes of shellcode...who needs that much anyway// Tested on an unpatched WinXP SP1
http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.php
Hi list,
this is my final work for MS04-028 bug.it works,
after many suggestions and a deep look inside the heap overflow.
It uses shellcode (from metasploit) to add user X into Admin
group and works on different versions of GDI+.
No script-kiddies, no lamers: modify the right bytes in the
game over !
Microsoft Windows MS04-028 JPEG Overflow Shellcoed Exploit
// Sample shellcode is provided// You can put approx. 2500 bytes of shellcode...who needs that much anyway// Tested on an unpatched WinXP SP1
http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.php
Wed, 22 Sep 2004 23:57:57 +0200 Berend-Jan Wever
[EMAIL PROTECTED]:
As promissed before, the C sources for ALPHA 2: Zero tolerance, a
shellcode encoder that produces alphanumeric code, optionally
uppercase-only and unicode-proof.
Happy hacking,
SkyLined
thanks :)
as promises, below the
Does anyone know the order of displaying images and saving them to cache?
I tested the cmd.exe jpg and it is detected by McAfee as Exploit MS04-028.
So does internet explorer write the image to cache first before it
displays it or does it display the image then write it to cache. I don't
have a
I recieved this in my inbox today:
how long do you think this company will last?
Date: Wed, 22 Sep 2004 19:02:44 -0400
From: Jacques Tremblay [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Hide your adware from all Adware removers
and Anti-viruses
To: Business development manager
Interesting indeed. Although, I imagine this was a spam email, and I
never believe (nor buy) anything from spam. I wondr how credible this
really is. If there was such a way to do what they claim, don't you
think it would have been big news? One would think you wouldn't first
hear about it through
GuidoZ wrote:
Interesting indeed. Although, I imagine this was a spam email, and I
never believe (nor buy) anything from spam. I wondr how credible this
really is. If there was such a way to do what they claim, don't you
think it would have been big news? One would think you wouldn't first
hear
43 matches
Mail list logo