StenoPlasma @ ExploitDevelopment stenopla...@exploitdevelopment.com wrote:
Your MUA is defective, it strips the References: header!
Stefan,
For you information:
Cached domain accounts on a local system are not stored in the SAM. They
are stored in the SECURITY registry hive. When a
Andrea Lee and...@kattrap.net wrote:
I hope I'm not just feeding the troll...
No. You just made a complete fool of yourself.-P
Read the initial post again.
CAREFULLY.
Especially that part about unplugging from the network.
A local admin is an admin on one system. The domain admin is an admin
Maybe what some of us need to learn from this is that we should never think in
absolutes such as local VS domain users. There are numerous account types and
the overrides to take into account with any OS and they change.
This is more of a wakeup call to brush up on our understanding of
Can anyone confirm this vulnerabilty?
I don't have a MSA for testing at the moment.
Hi,
i just found out that there is a hidden user on every HP MSA2000 G3
SAN out there:
username: admin
password: !admin
this user doesnt show up in the user manager, and the password
cannot be changed
Everyone.
Please read my original post. I never claimed to gain access to
networked resources using the masqueraded account. My method merely
shows that you can modify the SAM and SECURITY hives without using DLL
injection or any other advanced technique that security Admins are
currently
The attack has some academically interesting details about how cached
credentials work, but I agree with Stefan. If you own the machine, you own
the machine. What's to stop you from, say, simply installing a rootkit?
Exactly. More importantly, even if you must make users local admins, there is
Hey Dan,
Freaking THANK YOU first and foremost. I've been waiting for someone to say
that for days now, and was just about to myself.
Just because everyone and their brother want's to show off that they can
compile run some software (herp a derp, good job) DOESN'T mean they should
But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.
--Ariel
fireb...@backtrack.com.br wrote:
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano full-nelson.c
[r...@localhost~]#gcc-o
On 12/13/2010 11:19 AM, Michael Bauer wrote:
An administrator is very different there are many levels of
administrative control in windows to say an admin is an admin is
absurd.
I disagree. There's only one level of pwned.
There is a big difference between a local admin and a domain
admin.
www.eVuln.com advisory:
post - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html
---Summary---
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross
Hi,
The OSSTMM has been released today at www.osstmm.org.
It's a big document so you may want to check out first some of the
reviews and commentary on it first. InfoSec Island is having an OSSTMM
week to spread the word:
https://www.infosecisland.com/osstmm.html
Some of the articles
iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer,
Hi folks,
Two minor things that do not deserve a lengthy discussion, but are
probably mildly interesting and worth mentioning for the record:
1) Chrome browser is an interesting example of the perils of using
minimalistic window chrome, allowing multiple windows to be spliced
seamlessly to
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-12-14-1
-
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02656471
Version: 1
HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of
Service (DoS), Gain Privileged Access
NOTICE: The information in this Security Bulletin should
1) Yup, pretty unconvincing. Though one could separate window shadows,
I'm guessing you have your window manager configured to render window
shadows. In this case, this is less plausible, yup, unless you do the
inverted gradient trick.
2) Where is here? :)
I tried to dig something up, but
iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer,
===
Ubuntu Security Notice USN-1024-2 December 13, 2010
openjdk-6 regression
https://launchpad.net/bugs/688522
===
A security issue affects the following Ubuntu releases:
Original e-mail is from Theo DeRaadt
http://marc.info/?l=openbsd-techm=129236621626462w=2
I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
www.eVuln.com advisory:
post - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html
---Summary---
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross
www.eVuln.com advisory:
BBCode CSS XSS in slickMsg
Summary: http://evuln.com/vulns/162/summary.html
Details: http://evuln.com/vulns/162/description.html
---Summary---
eVuln ID: EV0162
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Site
On Mon, 13 Dec 2010 hpdisclos...@anonmail.de wrote:
i just found out that there is a hidden user on every HP MSA2000 G3
SAN out there:
username: admin
password: !admin
Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us *so many* different reasons to hate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:254
http://www.mandriva.com/security/
On 12/14/10 8:35 PM, musnt live wrote:
Original e-mail is from Theo DeRaadt
http://marc.info/?l=openbsd-techm=129236621626462w=2
Then also read Jason Wright's response and clear denial:
http://marc.info/?l=openbsd-techm=129244045916861w=2
--
Michael Scheidell, CTO
o: 561-999-5000
d:
использовать свой мозг! Is we think with our brain and ask: how is
team OpenBSD lying to is public well then is the proof is in the
каша!
We has OpenBSD tell us:
We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code
We has OpenBSD tell us:
We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code
http://marc.info/?l=3Dopenbsd-techm=3D129237675106730w=3D2
That statement remains true.
IPSEC isn't 100% crypto; it is a complex layered subsystem with many
other elements
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02653973
Version: 1
HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux
and Windows, Remote Full Path Disclosure
NOTICE: The information in this Security Bulletin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02652463
Version: 1
HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on
Linux and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:255
http://www.mandriva.com/security/
29 matches
Mail list logo