Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Julius Kivimäki
What's the payload? 16. maaliskuuta 2012 18.01 kyle kemmerer krkemme...@gmail.com kirjoitti: Not my code, just sharing it here. http://pastebin.com/UzDKcCQy ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Nahuel Grisolía
: kyle kemmerer krkemme...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Fri, 16 Mar 2012 12:01:16 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe in it. Charter

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Thomas Richards
The original researcher has released his advisory: http://www.exploit-db.com/exploits/18606/ On Fri, Mar 16, 2012 at 2:06 PM, Ian Hayes cthulhucall...@gmail.com wrote: On Fri, Mar 16, 2012 at 10:50 AM, Exibar exi...@thelair.com wrote: Is that the same code from yesterday? I thought that

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Chris L
That is the first time I've seen that specific one, so not sure if it is fake or not. The main one that I saw going around about 12 hours ago was this one: http://pastebin.com/fFWkezQH and it is the allegedly fake one. The fake that is was supposedly from s...@fbi.com kind of sent off some alarm

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Nahuel Grisolía
- From: kyle kemmerer krkemme...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Fri, 16 Mar 2012 12:01:16 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe in it. Charter

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Adrián
-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Shawn
On Sat, Mar 17, 2012 at 1:50 AM, Exibar exi...@thelair.com wrote: Is that the same code from yesterday?  I thought that code was a fake and didn'kt do anything?  Anyone confirm this? I tested it on win-xp sp3 machine but it didn't work. According to the post[1] on slashdot, the correct

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Thor (Hammer of God)
11:41 AM To: root Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] ms12-020 PoC Guys, What about TS Gateway? which is actually listening on port 443 (by def)... thanks! Nahu. On 16 March 2012 15:12, root ro...@fibertel.com.ar wrote: The SABU code is fake (go figure

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Thor (Hammer of God)
: [Full-disclosure] ms12-020 PoC You establish a connection to TSGateway via RPC over HTTP in an SSL tunnel. Once you are authenticated and authorized, the TSGateway server will establish a connection via RDP to the target server, tunneling the RDP connection back to you within the RPC/HTTP(S

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread James Condron
-disclosure@lists.grok.org.ukfull-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] ms12-020 PoC P.S. Before someone starts accusing me of spamming for the book, (one asshat tried to compare me to Juan whats-his-face once) note you can actually view most of the RDP chapter (and others

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Thor (Hammer of God)
Subject: Re: [Full-disclosure] ms12-020 PoC Nobody said a word. Relax more and you might live long enough to write your next book. Sent using BlackBerry® from Orange -Original Message- From: Thor (Hammer of God) t...@hammerofgod.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Sun

Re: [Full-disclosure] ms12-020 PoC

2012-03-18 Thread Nahuel Grisolia
[mailto:ja...@zero-internet.org.uk] Sent: Sunday, March 18, 2012 10:06 AM To: Thor (Hammer of God); full-disclosure-boun...@lists.grok.org.uk; full- disclos...@lists.grok.org.uk Subject: Re: [Full-disclosure] ms12-020 PoC Nobody said a word. Relax more and you might live long enough

[Full-disclosure] ms12-020 PoC

2012-03-16 Thread kyle kemmerer
Not my code, just sharing it here. http://pastebin.com/UzDKcCQy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] ms12-020 PoC

2012-03-16 Thread Exibar
12:01:16 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com

Re: [Full-disclosure] ms12-020 PoC

2012-03-16 Thread Ian Hayes
On Fri, Mar 16, 2012 at 10:50 AM, Exibar exi...@thelair.com wrote: Is that the same code from yesterday?  I thought that code was a fake and didn'kt do anything?  Anyone confirm this?  Exibar Sent via BlackBerry by ATT I haven't run this one, but there is a Ruby script on at

Re: [Full-disclosure] ms12-020 PoC

2012-03-16 Thread root
@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com

Re: [Full-disclosure] ms12-020 PoC

2012-03-16 Thread Exibar
-disclosure-boun...@lists.grok.org.uk; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] ms12-020 PoC That is the first time I've seen that specific one, so not sure if it is fake or not. The main one that I saw going around about 12 hours ago was this one: http://pastebin.com/fFWkezQH

Re: [Full-disclosure] ms12-020 PoC

2012-03-16 Thread kyle kemmerer
- From: kyle kemmerer krkemme...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Fri, 16 Mar 2012 12:01:16 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ms12-020 PoC ___ Full-Disclosure - We believe