Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ms12-020 PoC
From: Chris L <inchcombec () gmail com>
Date: Fri, 16 Mar 2012 11:32:59 -0700

That is the first time I've seen that specific one, so not sure if it is
fake or not. The main one that I saw going around about 12 hours ago was
this one: http://pastebin.com/fFWkezQH and it is the allegedly fake one.
The fake that is was supposedly from "sabu () fbi com" kind of sent off some
alarm bells right away. That is either someone trying to be funny or trying
to trick some scripties into running something they really shouldn't by
using a recognizable name.

I've seen the BinaryNinja's one being talked about in a few different
places now and the consensus seems to be that it is legit but that at the
moment all it does is blue screen of death any vulnerable Windows machine
that it is used against. I haven't seen any that actually have payloads
yet. That said, I'm just passing on what seems to be the general consensus
I've seen so far. I haven't had the chance to test out any of them yet as I
don't have a spare windows box set up right now. I'm waiting for a working
version to come out before I actually try to go through the shellcode for
any backdoors and test it because who knows what some of these fakes might

On Fri, Mar 16, 2012 at 10:50 AM, Exibar <exibar () thelair com> wrote:

Is that the same code from yesterday?  I thought that code was a fake and
didn'kt do anything?

 Anyone confirm this?

Sent via BlackBerry by AT&T

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]