Re: [FD] pydio vulnerabilities
https://github.com/pydio/pydio-core/commits/develop https://github.com/pydio/pydio-core/commit/2049254e7a215491019d2646a274a8fb1cf29e3b 2015-05-07 1:32 GMT+03:00 Just A Fake : > Does anyone have any info on the two pydio vulnerabilities announced today? > > They have been given CVE-2015-3431 and CVE-2015-3432 but a search on mitre > just says those are reserved. > > There is no information or explanation about what the issues are. > > > https://pyd.io/pydio-core-6-0-7/?utm_source=Pydio+Releases&utm_campaign=85ba0d8870-Pydio_6_0_7_Community > > Thanks for any info anyone has. > > > Robot > > ___ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
Even though deleting everything is kind of a big deal, it still does not get you anywhere near that CVSS score. Here's my very generous calculator inputs: http://puu.sh/fQVB5/76c526ed5d.png ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Lizard Stresser rekt
ayy lmao //Julius Kivimäki, leader of Lizard Squad 2015-01-12 10:29 GMT+00:00 Robert Cavanaugh : > Hi FD, > > I'm sure you're all sick to death of hearing about Lizard Squad and the > skid marks they're leaving all over the place, so we'll make this brief: > Lizard Squad has been rekt and the source code for their bots is now > available for your viewing pleasure. > > https://github.com/pop-pop-ret/lizkebab > > 0wned by: Chippy1337, @packetprophet > > If you lulz'd, send BTC to 129UQoB3JvZg3iDERYZiXeHPkwT1iJF8u4 > <https://blockchain.info/address/129UQoB3JvZg3iDERYZiXeHPkwT1iJF8u4> > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Um, this is well documented behavior that's been around for decades. * expands to all files in the dir as arguments to whatever, if the filename is "--no-preserve-root -rf .." why shouldn't that be returned? 2014-06-26 11:40 GMT+03:00 defensecode : > Hi, > > We wanted to inform all major *nix distributions via our responsible > disclosure policy about this problem before posting it, because it is > highly likely that this problem could lead to local root access on many > distributions. But, since part of this research contained in the document > was mentioned on some blog entries, we are forced to release it in a > full version. > > Download URL: > http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt > > Regards, > Leon Juranic > > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] What do you think of Trollc?
If you actually know weev then you know that he isn't capable of running a business. 2014-05-27 21:49 GMT+03:00 Philip Cheong : > From https://www.startjoin.com/trollc > > *Right now if you're a software exploit developer and you want to monetize > your craft to pay your rent, there's only one consistent way to do so: sell > your software exploits. The major customer for these are oppressive > governments, chiefly that of the United States. We know what the United > States does with software exploits: it uses them to illegally spy on its > own citizens, and attack peaceful nations around the world.* > > *I need your help to create a company that will ethically disclose software > vulnerabilities to the public. For this I need help getting the filing fees > necessary to incorporate a hedge fund. I want to continue bringing issues > in companies that put you at risk to light, and short the stocks of those > companies when I do so. I will only get paid when large corporations being > negligent get punished. This will create a structure by which security > researchers including myself will still make a living, only now by > disclosing problems instead of selling them in secret to criminal > governments.* > > What say you? Is this brilliant? Or stupid? Awesome? But never going to > work? > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] OpenSSH Vulnerabilities
PAM, how does it work? 2014-05-07 1:08 GMT+03:00 : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > http://pastebin.com/raw.?i=gjkivAf3 > > > - -- CUT -- > #exploit #openssh > ░░▓▓ > ░░░ ▓▓▓ > ░ ▓ >░▓ > ░░░▓▓▓ >░░ ▓▓ > ░▓ > ░█▒▓ > ██░ ▓▒▒ > █ ▒ >░▓▓▓█░░▓▓▒░░░▓ > █░░░ ▓▓▓▒ > ░▓█░░ ▓▓▒▓▓ > ░░░▓▓▓█░░ ▓▓▒░▓ > ▓▓▓░░░ ▓▓▓░░ ░░░▓ > ▓▓▓╔╕░▓▓ > ░║OpenSSH sshd - memory leak │▓ >░░║ 5.1-6.X │▓▓ > ░░░║ (priv8, still unfixed) │▓▓▓ > ░░░╙┘▓▓▓ > > u mad Heartbleed ? ... > > > Release date: 04/30/2014 > Product: OpenSSH > Vendor: http://www.openssh.com/ > CVE candidate number: CVE-2018- (maybe 2020+...) > > > We found two years ago a memory disclosure vulnerability in the OpenSSH > server > which allows to remotely extract data from the sshd server's children > processes > memory zones. > > This vulnerability exploits a bad check on the network layer of the sshd > server > that we trigger to retrieve all children processes memory sections thereby > allowing us to dump: > - - system users hashes > - - keys > - - many random things ;) > > This exploit was tested on: > - - SSH-2.0-OpenSSH_5.1p1 Debian-5 > - - SSH-2.0-OpenSSH_5.1p1 DragonFly-20080927 > - - SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522 > - - SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3 > - - SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 > - - SSH-2.0-OpenSSH_6.1p1 Debian-4 > - - SSH-2.0-OpenSSH_6.2p2-hpn13v14 FreeBSD-openssh-portable-6.2.p2_3,1 > - - SSH-2.0-OpenSSH_6.4p1 Debian-1~bpo70+1 > - - SSH-2.0-OpenSSH_6.4p1 FreeBSD-openssh-portable-6.4.p1,1 > - - SSH-2.0-OpenSSH_6.5p1 CentOS RHEL > - - SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1 > - - ... many more > > Enough bullshit, POC TIME ! > > = > > $> ls -lh > total 227K > drwxr-xr-x 2 vjn vjn 4.0K Apr 30 01:53 . > drwxrwxrwt 32 root root 4.0K Apr 30 01:53 .. > - -rw-r--r-- 1 vjn vjn 236K Apr 30 01:53 icanhaze.c > > $ sha1sum icanhaze.c > d7faeb46f10ea6b7058a116043c1f0ce7a158c7f icanhaze.c > > $> gcc icanhaze.c -O3 -lcrypto -lopenbsd-compat -lssl -lssh -lpam -o > icanhaze > $> ./icanhaze > +--+ > | OpenSSH 5.1-6.X - infoleak | > | don't evar fuckin release it | > +--+ > > Usage: ./icanhaze [OPTIONS] > -h, --host > Hostname or IP > -p, --port > Port number (default: 22) > -d, --dump > Dump output file > -H, --hashes > User hashes dump file (john) > -v, --verbose > Verbose mode > -D, --debug > Debug mode > > Supported architectures: x86, x86_64, armv7 > Supported operating systems: Linux, *BSD > > $> ./icanhaze -v -h 192.168.10.5 -p 22 -d output.dump -H > +--+ > | OpenSSH 5.1-6.X - infoleak | > | don't evar fuckin release it | > +--+ > [I] - connecting to target 192.168.10.5 on port 22 > [I] - sshd banner: SSH-2.0-OpenSSH_6.4p1 Debian-1~bpo70+1 > [I] - let magic happenz > [W] - bad luck... retrying > [W] - bad luck... retrying > [W] - bad luck... retrying > [W] - bad luck... retrying > [W] - bad luck... retrying > [W] - bad luck... retrying > [I] - STAGE_1: OK > [I] - mode: x86_64 > [I] - pointerz fuckery > [I] - STAGE_2: OK > [I] - fingerprinted child sectionz table > 7f863100f000-7f863101 > 7f8631213000-7f8631214000 > 7f8631418000-7f8631419000 > 7f863161b000-7f863161c000 > 7f863181e000-7f863181f000 > 7f8631a22000-7f8631a23000 > 7f8631c68000-7f8631c69000 > 7f8631e6b000-7f8631e6c000 > 7f863206d000-7f863206e000 > 7f8632272000-7f8632273000 > 7f8632475000-7f8632476000 > 7f863267a000-7f863267b000 > 7f863287e000-7f863287f000 > 7f8632a8-7f8632a81000 > 7f8632c82000-7f8632c83000 > 7f8632e84000-7f8632e85000 > 7f8633092000-7f8633093000 > 7f8633093000-7f863309f000 > 7f86332a4000-7f86332a5000 > 7f86334b-7f86334b1000 > 7f8
