Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: QR code and the jester
From: Sanguinarious Rose <SanguineRose () OccultusTerra com>
Date: Tue, 13 Mar 2012 12:03:11 -0600

There is a lot of issues that don't make sense and problems with his
write up. I asked him about it and he couldn't say much about it
besides a single admission of one of my points I outlined about usage
of netcat. My talk with him regarding the issues I noticed in his blog
post here http://pastebin.com/XbUTmjsp .

Rather then re-posting all my thoughts on it, you can find it here:
http://reapersec.wordpress.com/2012/03/13/th3j35t3r-and-qr-exploits-exposed/

Basic summary as follows:

He is using a 2 year old exploit with apparently no compensation for
iOS or Android shellcodes. He then goes on to explain that he used
netcat which is a very inefficient tool to use for mass exploitation.
Then there is the issue of how he extracted the data off the phones
using a reverse shell, which I point out should optimally have been
done with a native executable. I am honestly not that familiar with
what exactly is installed on iOS and Androids but I would imagine it
would require the 'strings' command at the very least.

If any other information comes to light or he responds to any
criticisms so far reasonably I would say it's a complete fabrication.
I, of course, can admit if I am wrong but so far I just don't see
anything validating what he claimed to have done.

On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop <fatherlaptop () gmail com> wrote:
So, anyone read the jesters "exploit" usage with QR code and netcat to catch bad guys?

From: Randy

It's an iPhone Thang!
Was learning cursive necessary?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]