Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: xD 0x41 <secn3t () gmail com>
Date: Sat, 12 Nov 2011 09:29:58 +1100

Would scapy be a suitable tool to attempt this kind of packet
manipulation with? I'm a programmer, but I'm new to this kind of
network/packet-level/security scripting.


Yes, scapy + impacket./..would probably help u with the python side...


On 12 November 2011 04:04, Dan Ballance <tzewang.dorje () gmail com> wrote:
Would scapy be a suitable tool to attempt this kind of packet manipulation
with? I'm a programmer, but I'm new to this kind of
network/packet-level/security scripting.
What tools / frameworks / languages etc do you guys use to write these kinds
of exploit scripts?
cheers,
dan :)
(keep forgetting I need to reply-all on this list)
On 11 November 2011 17:01, Mario Vilas <mvilas () gmail com> wrote:

I liked the "heavy breather in the perv closet" bit.

On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst <ryandewhurst () gmail com>
wrote:

I think Jon just said what everyone else was thinking, he said what I
was thinking at least.

On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz () gmail com> wrote:
On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t () gmail com> wrote:
About the PPS, i think thats a very bad summary of the exploit, 49days
to send a packet, my butt.
There is many people assuming wrong things, when it can be done with
seconds, syscanner would scan a -b class in minutes, remember it only
has to find the vulns, gather, then it would break scan, and trigger
vuln... so in real world botnet, yes then, with tcpip patchers, like
somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks...
and it is ONLY one wich actually works, when you maybe modify the src
so the sys file, is dropped from within a .cpp file, well thats up to
you but thats better way to make it work, this will open
sockets/threads, as i could, easily proove with one exe, but, the goal
is, to trigger the vuln then exploit it, less than 49days :P , so ,
iguess if this exploit, in real form, gathered 2 million hosts over 3
nights.. i guessing that the exploit, could possibly be triggered with
ONE properly setup packet.. people forget that, a packet is one thing,
and a crafted UDP packet, is quite another..

I'd really like to see you actually explain this bug with code. Either
with a poc or with the disassembly. You seem to act like you know
what's going on, but so far your description has been off base (from
what I can make of your writing).

No one cares about paragraphs of speculation and bragging, code or you
are just another heavy breather in the perv closet of FD.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
“There's a reason we separate military and the police: one fights
the enemy of the state, the other serves and protects the people. When
the military becomes both, then the enemies of the state tend to become the
people.”


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault