eh, you got the wrong w0rmie. and i dont kno what a HF is even. have a nice day dude, but you have the wrong person.. my nickname has never been that. either way, show me some proof of this dll hijacking thats useful , ?? and you would then 'know more', than me.. tell me something i dont know. xd
and kid, growup. On 3 September 2011 21:16, Tomm Foo <[email protected]> wrote: > what the..? gl0w0rm you dont know shiit bout nothin. keep hollerin at yo > boys at HF, cause them cats is legit leet, bra. > On Sep 3, 2011 4:00 AM, <[email protected]> wrote: > > Send Full-Disclosure mailing list submissions to > > [email protected] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > or, via email, send a message with subject or body 'help' to > > [email protected] > > > > You can reach the person managing the list at > > [email protected] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Full-Disclosure digest..." > > > > > > Note to digest recipients - when replying to digest posts, please trim > your post appropriately. Thank you. > > > > > > Today's Topics: > > > > 1. Re: Cybsec Advisory 2011 0901 Windows Script Host DLL > > Hijacking (GloW - XD) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Sat, 3 Sep 2011 11:15:50 +1000 > > From: GloW - XD <[email protected]> > > Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows > > Script Host DLL Hijacking > > To: Mario Vilas <[email protected]> > > Cc: [email protected] > > Message-ID: > > <CALCvwp7VqDQ-9wzuSNSFF6QgaDgTPRh=FXU47RUsj987NT2w=a...@mail.gmail.com> > > Content-Type: text/plain; charset="windows-1252" > > > > I must agree, considering i have yet to see it used in even botnet > circles, > > who would surely have used a decent local exploit if it was 'decent'... I > > know this dll hijacking, has gone unpassed to the community in general > > because of its useless ness. > > I agree completely, i never have seen this actively exploited, nor part > of a > > decent framework where it can be used in a remote or local session > > Basically, it is something to wich i read the PDF on, and thought "here > is > > the most useless 'exploit' as it was being called , i have ever, laid > eyes > > on" , my opinion still has yet to be changed by any factor, there could > be > > many factors, ie: exploitation even in the wild reported, or just someone > > saying "hey dont forget blah.c!" , but this aint happened, nor will... > "hey > > wanna read msdn and look and see how a lib is loaded" would make more > sense. > > I still dont see anything 'good' in this whole fiasco of the dll > hijacking. > > no active code/poc. etc etc etc.... as i said, many factors id reconsider > my > > stance on... > > anyhow, enjoyable topic. > > xd > > > > > > On 3 September 2011 11:03, Mario Vilas <[email protected]> wrote: > > > >> I disagree. If this so called "vulnerability" had any added value in > terms > >> of social engineering, it would actually make sense to report it. Social > >> engineering isn't "bad", I really don't care how "leet" it is. My claim > is > >> simpler: this advisory makes no sense at all, because it replaces an > easy > >> way of exploitation for a hard way of exploitation, so its added value > is > >> actually *negative* for the attacker. > >> > >> Most likely whoever found this is new in the infosec world and never > >> stopped to consider this details - he/she just blindly repeated what the > dll > >> injection crowd was doing and posted whatever results were found, > without > >> understanding really well what was going on. > >> > >> And THAT is the state of infosec today. People who report stuff for the > >> sake of reporting, without really understanding how things work or why. > >> > >> On Fri, Sep 2, 2011 at 11:46 PM, <[email protected]> wrote: > >> > >>> On Fri, 02 Sep 2011 20:55:35 -0000, "Thor (Hammer of God)" said: > >>> > >>> > LOL. "Warning, if you get the user to execute code, then it is > possible > >>> to > >>> > get the user to execute code!! All you have to do is get files on > their > >>> > system, and then get them to execute those files! Note that once you > >>> get the > >>> > user to execute the code, it will actually run in the context of that > >>> user!! > >>> > This is remote code execution vulnerability!" > >>> > >>> > Welcome to today's Infosec! > >>> > >>> The sad part is that this is the future of infosec as well. Microsoft > got > >>> the > >>> security religion a few years back, and even I have to admit their > current > >>> stuff > >>> isn't that bad at all. The various Linux distros are (slowly) getting > >>> their > >>> acts together, and maybe even Apple and Adobe will see the light > sometime > >>> reasonably soon. Yes, there will still be software failures - but once > the > >>> effort > >>> of finding a new 0-day reaches a certain point, the economics > change.... > >>> > >>> And once that happens, social engineering will become an even bigger > part > >>> of > >>> both the attack and defense sides of infosec. For the black hats, the > >>> cost/ > >>> benefit of looking for effective 0-day holes will continue to drop, > while > >>> the > >>> cost/benefit of phishing a user will remain steady - so that's a push > >>> towards > >>> more social engineering. Why go to the effort of spending 3 months > finding > >>> a > >>> browser bug that allows you to push malware to the victim's machine, > when > >>> you > >>> can just spend 45 minutes creating a "Your machine is infected - click > >>> here to > >>> fix it" pop-up that will catch 80% of the people? > >>> > >>> Meanwhile, as the software gets more hardened and patching is more > >>> automated, > >>> the white hats will find a bigger percent of their time is spent > defending > >>> their systems from attacks triggered by their own users. Because the > >>> failure > >>> rate of people's brains is already about 4.7*10**9 times as high as the > >>> software failure rate, and the ratio is only getting worse - software > is > >>> improving, people aren't. > >>> > >>> Prediction 1: 10 years from now, organized crime will be hiring > cognitive > >>> psychologists to help design more effective phish the way they > currently > >>> hire > >>> programmers to write better spambots. > >>> > >>> Prediction 2: It ain't gonna get better till the average IQ starts > going > >>> up faster > >>> than the software improves. > >>> > >>> > >> > >> > >> -- > >> ?There's a reason we separate military and the police: one fights the > enemy > >> of the state, the other serves and protects the people. When the > military > >> becomes both, then the enemies of the state tend to become the people.? > >> > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: > http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110903/c457282e/attachment-0001.html > > > > ------------------------------ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > End of Full-Disclosure Digest, Vol 79, Issue 6 > > ********************************************** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
