Re: [Full-disclosure] NTLM Multiprotocol Replay attacks

smbrelay in origin was, some years ago, created by CDC. M$ smb signing do it historic. This tool is an evolution of this ? Regards On Fri, Nov 14, 2008 at 9:37 PM, Andres Tarasco [EMAIL PROTECTED] wrote: I have published a new proof of concept tool, named Smbrelay3, that is able to replay

Re: [Full-disclosure] NTLM Multiprotocol Replay attacks

Its a completely new tool as it does not share code with the old smbrelay however, as the main goal is to replay NTLM authentication challenges, i decided to name it smbrelay, like the great cdc tool. smbrelay3 have been tested against windows 2000/xp/2003 and works fine. Andres 2008/11/16

[Full-disclosure] [ GLSA 200811-05 ] PHP: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[Full-disclosure] ANNOUNCE: RFIDIOt release RFIDIOt-0.1u

Herewith a new release of RFIDIOt, which is very much a work in progress, but has some goodies that make it worth releasing now... From CHANGES: v0.u - November 2008 add testlahf.sh script for testing LAHF units fix -R reader type override in RFIDIOtconfig.py add RFIDIOtconfig.py checking for

[Full-disclosure] Microsoft Windows Server Service (MS08-067) Exploit

Having not found one (except msf) that reliably works against my own setup thought of writing my own MS08-067 exploit piece. Plugged the shellcode for win2k and win2k3[sp2]. No plans for updating the xp shellcode. Grab the python here: http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html -d

Re: [Full-disclosure] NTLM Multiprotocol Replay attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Andrea Tabasco, To be fair, the only great thing about the cdc is the appetites of the members, and the only great tools from the group would be the members themselves. Thank you for misunderstanding the word great. best regards, - -al ps:

Re: [Full-disclosure] Microsoft Windows Server Service (MS08-067) Exploit

Point taken! :) Actually I wanted to have separate section for putting the exploits I have published for vulnerabilities already discovered by someone else; but later thought of putting all in the same page with a note indicating highlighting those vulnerabilities which are not mine but the

Re: [Full-disclosure] IP-Adresses of German Secret Intelligence Agency supposedly leaked

Salut, James Matthews, On Fri, 14 Nov 2008 12:03:53 +0200, James Matthews wrote: HAHAHAH Now they are going to be pissed. They pass all these stupid surveillance laws and get away with it! L:et them have fun now... I'm afraid you got that one wrong. The surveillance laws in Germany are not