[Full-disclosure] Hashdays, Lucerne?

Hey, who all is going to Hashdays at the end of the month? I'm wondering what kind of attendance we'll see from the FD crowd... t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponso

Re: [Full-disclosure] Full-Disclosure - sick of your nonsense

Shut. The. Fuck. Up. -- Douglas Huff On Oct 5, 2011, at 10:14 PM, mitchell wrote: > Personally, if I dislike a product i do not use it. However, I > understand that there are people that need to share their likes and > dislikes with as many people as possible. The usefulness of this is > arguabl

Re: [Full-disclosure] Strange Lenovo x121e

Perhaps the disk contains some new tools > that allow to reset broken hardware/firmware internals to any state > you like, e.g. perhaps the imei of your modem I have (repeating) seen this, (ONLY on a laptop...), but it is very possible... but 13gig of it :S thats abit much... On 6 October 2011 1

Re: [Full-disclosure] New open source Security Framework

I would say, this code would require better, like Creative Commons, perhaps lisencing on 3rd party code, then it can be named exactly what is and isnt added in as a 'paper' to the commons, it is better for his project, i think... GPLv3 , i have not studied but, i am considering the use of 3rd partr

Re: [Full-disclosure] Full-Disclosure - sick of your nonsense

Eh for someone who claims they dont like nnsense, then why make a thread, i will not be a[part of this thread btw, my problem with n3td3v, was NOT instigated by me eitherand btw when u pick on my grammer, take a look @ your own ones.. Luckily, there are mail filters, so i your me So, luckily,

Re: [Full-disclosure] Full-Disclosure - sick of your nonsense

Personally, if I dislike a product i do not use it. However, I understand that there are people that need to share their likes and dislikes with as many people as possible. The usefulness of this is arguable at best. Luckily, there are mail filters, so i your messages take more CPU seconds than re

Re: [Full-disclosure] New open source Security Framework

Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software busine

Re: [Full-disclosure] Strange Lenovo x121e

On Wed, Oct 5, 2011 at 6:05 PM, halfdog wrote: >... > It seems, that the machine contains at least 13G of windows-OS and > testing software > What could be interesting: Although I found some tools via google, > e.g. rw-everything, a "hardware configuration reader/dumper", there > are also some

Re: [Full-disclosure] Strange Lenovo x121e

hrm... I have known of this structure aplied, usually when a user is a 'newbie' and, it is usually still done by shops or, workers at them... and, i was originally thinking, maybe since i have also got blade IBM,but, I bought it FROM MS directly and, nothing on it but empiness, and this is 2 machin

Re: [Full-disclosure] Strange Lenovo x121e

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 xD 0x41 wrote: > Hrm this one is tricky, but smells so bad of preuse, specially when > you said this; > > * Inside seal on plastic bag also intact, but glue is suboptimal, > I opened the bag without damaging the seal > > Thats a clear sign of tampera

Re: [Full-disclosure] New open source Security Framework

Yes, i will join. http://exploitpack.com/mailing-list i will try and contribute actually.. i see now why you removed abit of the author name but... kinda handy to know it is always same author to ;p but, we will discuss this on that list :) i will look forward to trying to make it, abit nicer ...

Re: [Full-disclosure] New open source Security Framework

OK, now that is out of way, i would be very happy to help, and contribute even, and will join that list, i dont have address offhand, but i will look for it if i have to,...and, i will suggest things there, and, i am not nasty, I just, respect authors. I appreciate this change..and, i understand, t

Re: [Full-disclosure] New open source Security Framework

as i said again stop the lies.' Take a look if you want: Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could

Re: [Full-disclosure] New open source Security Framework

Juan, why lie dude, i looked at your github LATEST pull/commit, what is this then Exploit Pack/exploits/Free Float FTP Server - copia.xml - View file @ e17cc4d

Re: [Full-disclosure] Strange Lenovo x121e

Hrm this one is tricky, but smells so bad of preuse, specially when you said this; * Inside seal on plastic bag also intact, but glue is suboptimal, I opened the bag without damaging the seal Thats a clear sign of tamperage...thats when they tell you "do not buy" ... so i wonder :s I know it coul

Re: [Full-disclosure] New open source Security Framework

Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modif

Re: [Full-disclosure] New open source Security Framework

Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, wi

Re: [Full-disclosure] Strange Lenovo x121e

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 xD 0x41 wrote: > Looks like a pre used box... specially with that name, am assuming > THINK (thinkcentre/thinkpad - ibm) so in there it might be preused > IBM/Lenovo, but strange those files..should never be on the hd on a > clean sale. Pre-use is str

Re: [Full-disclosure] Full-Disclosure - sick of your nonsense

Starting fights... because i dislike one product, and question ITsec... is hardly what your trying to make me out to be. Think, and do as you like. cheers. xd On 6 October 2011 10:31, Sam Goody wrote: > Dude, I think many people including myself are sick of your > nonsense on top of trying to p

Re: [Full-disclosure] New open source Security Framework

i know eh, coders dream :P Iits only 2bux per sploit you add.. so even from PoC code, to scanner, wow! Thats a bargain, a day code per scanner, unfortunately tho this is good money for some countrys, and people, and thats who the targets are for this.. lower level skilled coders... nasty . On 6 O

Re: [Full-disclosure] New open source Security Framework

On 10/05/2011 06:39 PM, xD 0x41 wrote: > You will inmediately recieve $2 (US Dollars) in your PayPal account for > each approved exploit. > > > This is IT dream, 2bux for one 0day or, 100 = 200bux :P I have verified your calculations. ___ Full-Disclo

Re: [Full-disclosure] New open source Security Framework

Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, i

Re: [Full-disclosure] New open source Security Framework

Dont be angry about it, but, you could atleast give credit to those, your paying a whole 2$ to, or even if NOT paid, you should leave AUTHOR name INSIDE the exploit, maybe thats why it is being molested ? GPL is fine, but, you are seen as a bad dude, simply coz you dont give simple credit, and rath

Re: [Full-disclosure] New open source Security Framework

On Wed, Oct 5, 2011 at 5:32 AM, root wrote: > - * @author Stefan Zeiger (szei...@novocode.com) > - print "   Written by Blake  " > - > > +#Exploit Pack - Security Framework for Exploit Developers > +#Copyright 2011 Juan Sacco http://exploitpack.com > +# > +#This program is free software: you can

Re: [Full-disclosure] VPN providers and any providers in general...

Oh just on ThepirateBay thing, I am kind of laughing, look at this... and this shows how easily they bypassed, and still have fine hosting it seems. The Pirate Bay Adds Domain to Bypass Court Order - http://feed.torrentfreak.com/~r/Torrentfreak/~3/ueTghMyUIbE/ You guys are right about that whole

Re: [Full-disclosure] New open source Security Framework

Out of interest, I was considering asking - what is all your opinions on using Metasploit (via RPC) as the "shell handler" in an exploitation framework? I was considering writing a fork of Fimap that used one. Well here, i can say, I have recoded theyre whole fingerprinter for rpc/smb and it r0x.

Re: [Full-disclosure] New open source Security Framework

You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. This is IT dream, 2bux for one 0day or, 100 = 200bux :P dang nabbit thats just to good an offer! what is sad, some people will actually 'do it' until they maybe find some people selling one 0day, for sa

Re: [Full-disclosure] New open source Security Framework

wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root wrote: > - * @author Stefan Zeiger (szei...@novocode.com) > - prin

Re: [Full-disclosure] VPN providers and any providers in general...

Really, at this stage yes, your right, at this moment with the legal ways as they are, then for sure it is as you say.. this can be said another way: don't be stupid :) This seems to be a general consensus I see.. I guess this is fd..cheers. xd On 5 October 2011 16:26, coderman wrote: > On Tu

Re: [Full-disclosure] Strange Lenovo x121e

Looks like a pre used box... specially with that name, am assuming THINK (thinkcentre/thinkpad - ibm) so in there it might be preused IBM/Lenovo, but strange those files..should never be on the hd on a clean sale. On 6 October 2011 06:57, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Ha

Re: [Full-disclosure] Strange Lenovo x121e

On Wed, Oct 05, 2011 at 07:57:03PM +, halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello List, > > I just puchased a Lenovo x121e and just before init with random data > and setting up the crypto disks, I found that the disk was not > completely clean. It seems that >

[Full-disclosure] [SECURITY] [DSA 2317-1] icedove security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2317-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff October 05, 2011

[Full-disclosure] Strange Lenovo x121e

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello List, I just puchased a Lenovo x121e and just before init with random data and setting up the crypto disks, I found that the disk was not completely clean. It seems that a) X121 ships with a dirty disk or b) machine was used before purchase Af

[Full-disclosure] [ MDVSA-2011:143 ] rpm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:143 http://www.mandriva.com/security/ _

[Full-disclosure] [SECURITY] [DSA 2316-1] quagga security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2316-1 secur...@debian.org http://www.debian.org/security/Florian Weimer October 05, 2011

[Full-disclosure] Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager Advisory ID: cisco-sa-20111005-nac Revision 1.0 For Public Release 2011 October 05 1600 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20111005-fwsm Revision 1.0 For Public Release 2011 October 05 1600 UTC (GMT

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20111005-asa Revision 1.0 For Public Release 2011 October 05 1600 UTC

[Full-disclosure] Apache HTTP Server: mod_proxy reverse proxy exposure (CVE-2011-3368)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apache HTTP Server Security Advisory Title: mod_proxy reverse proxy exposure CVE: CVE-2011-3368 Date:20111005 Product: Apache HTTP Server Versions:httpd 1.3 all versions, httpd 2.x

[Full-disclosure] [SECURITY] [DSA 2315-1] openoffice.org security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2315-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano October 05, 2011

Re: [Full-disclosure] VPN providers and any providers in general...

Attrition stopped making their lists of defaced sites years ago, and it was pretty damn accurate - it was *kind* of like a Zone-H of sorts. (I quite like Attrition). Sony incident is interesting, how badly they handled it. They should have just fessed up right away, and apologised, bringing networ

Re: [Full-disclosure] New open source Security Framework

When I saw this I too thought "Insect". Though still, I dont recall Insect having an exploit editor or ANY way to add modules (insect used a Metasploit install IIRC), but it DOES remind me (scarily) of CANVAS. Might check it out later. Out of interest, I was considering asking - what is all your o

[Full-disclosure] Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability

== Secunia Research 05/10/2011 - Cyrus IMAPd NTTP Authentication Bypass Vulnerability - == Table of Contents Affected Software.

Re: [Full-disclosure] New open source Security Framework

I grab a bag of popcorn whenever Juan sends an email. On Wed, Oct 5, 2011 at 4:25 AM, wrote: > On Wed, 05 Oct 2011 06:49:40 -0300, root said: >> How can I earn money by migrating exploits? >> You will inmediately recieve $2 (US Dollars) in your PayPal account for >> each approved exploit. > > At

Re: [Full-disclosure] New open source Security Framework

On Wed, 05 Oct 2011 06:49:40 -0300, root said: > How can I earn money by migrating exploits? > You will inmediately recieve $2 (US Dollars) in your PayPal account for > each approved exploit. At $2 per pop, you're going to see a lot of exploits that look like they were mass-migrated by a Perl scri

Re: [Full-disclosure] VPN providers and any providers in general...

On Wed, 05 Oct 2011 17:25:20 +0900, Robert Kim App and Facebook Marketing said: > Guys... i can't stand sites like Attrition > it's all based on total heresay and feed off mob stupidity. AND it ruins > perfectly good reputations. OK, I'll bite. What percent of Attrition listings are of sites that

[Full-disclosure] vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability

vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability 1. OVERVIEW The vTiger CRM 5.2.1 and lower versions are vulnerable to Blind SQL Injection. No fixed version has been released as of 2011-10-05. 2. BACKGROUND vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for sma

[Full-disclosure] vTiger CRM 5.2.x <= Remote Code Execution Vulnerability

vTiger CRM 5.2.x <= Remote Code Execution Vulnerability 1. OVERVIEW The vTiger CRM 5.2.1 and lower versions are vulnerable to Remote Code Execution. No fixed version has been released as of 2011-10-05. 2. BACKGROUND vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for

Re: [Full-disclosure] New open source Security Framework

Wait there is more: http://exploitpack.com/faq How can I earn money by migrating exploits? You will inmediately recieve $2 (US Dollars) in your PayPal account for each approved exploit. Juan Sacco, infosec needs people like you. You make me happy, Juan. Thank you. On 10/04/2011 12:42 PM,

Re: [Full-disclosure] Canadian ISP Website - SQL Injection Vulnerability

Maybe we will post 20-40 pages per day in which we find critical vulnerabilities ? MG Wiadomość napisana przez resea...@vulnerability-lab.com w dniu 4 paź 2011, o godz. 16:46: > Title: > == > Canadian ISP Website - SQL Injection Vulnerability > > > Date: > = > 2011-09-23 > >

Re: [Full-disclosure] New open source Security Framework

- * @author Stefan Zeiger (szei...@novocode.com) - print " Written by Blake " - +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GN

Re: [Full-disclosure] VPN providers and any providers in general...

Guys... i can't stand sites like Attrition it's all based on total heresay and feed off mob stupidity. AND it ruins perfectly good reputations. >> ... >> This is where, as i was saying... a shell owner/employee, could easily make >> any police run in circles simply trying to get a decent tap on so