mailing list archives
Re: ms12-020 PoC
From: Chris L <inchcombec () gmail com>
Date: Fri, 16 Mar 2012 11:32:59 -0700
That is the first time I've seen that specific one, so not sure if it is
fake or not. The main one that I saw going around about 12 hours ago was
this one: http://pastebin.com/fFWkezQH and it is the allegedly fake one.
The fake that is was supposedly from "sabu () fbi com" kind of sent off some
alarm bells right away. That is either someone trying to be funny or trying
to trick some scripties into running something they really shouldn't by
using a recognizable name.
I've seen the BinaryNinja's one being talked about in a few different
places now and the consensus seems to be that it is legit but that at the
moment all it does is blue screen of death any vulnerable Windows machine
that it is used against. I haven't seen any that actually have payloads
yet. That said, I'm just passing on what seems to be the general consensus
I've seen so far. I haven't had the chance to test out any of them yet as I
don't have a spare windows box set up right now. I'm waiting for a working
version to come out before I actually try to go through the shellcode for
any backdoors and test it because who knows what some of these fakes might
On Fri, Mar 16, 2012 at 10:50 AM, Exibar <exibar () thelair com> wrote:
Is that the same code from yesterday? I thought that code was a fake and
didn'kt do anything?
Anyone confirm this?
Sent via BlackBerry by AT&T
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: ms12-020 PoC Nahuel Grisolía (Mar 18)
Re: ms12-020 PoC Chris L (Mar 18)
Re: ms12-020 PoC Shawn (Mar 18)
Re: ms12-020 PoC Julius Kivimäki (Mar 18)
- Re: ms12-020 PoC, (continued)