Full Disclosure mailing list archives
Re: New open source Security Framework
From: xD 0x41 <secn3t () gmail com>
Date: Thu, 6 Oct 2011 11:17:01 +1100
Juan, why lie dude, i looked at your github LATEST pull/commit, what is this then Exploit Pack/exploits/Free Float FTP Server - copia.xml - View file @ e17cc4d<https://github.com/exploitpack/trunk/blob/e17cc4d5ee893ce93d2e56deccd7595e944210ee/Exploit%20Pack/exploits/Free%20Float%20FTP%20Server%20-%20copia.xml> @@ -1,17 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<Module> - -<Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py" Platform="linux" Service="ftp" Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs=""> -</Exploit> - -<Information Author="Blake" Date="August 23 2011" Vulnerability="N/A"> -Free Float FTP Server USER Command Remote Buffer Overflow Exploit -when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default -exploiting these issues could allow an attacker to compromise the application, access or modify data. -</Information> - -<Targets> -Microsoft Windows XP SP2 - Microsoft Windows XP SP3 -</Targets> - -</Module> exposed! and it is rubbish. 5 exploits, i even pointed him, (in pvt) to a million py files he can now deface... and he acting like, hes all for the author being in the sploit..right..ye.. and nice use of xml ... this is worse thing, i have seen, i have seen better made bash exploit packs. sorry, again your stuff is a complete fail. not even the main exploits, who the heck cares about ftpds like, 10 students use.. you are maybe in need of guidance, wich, i doubt anyone will give after these lies your pulling... telling ppl, your doing the RIGHT thing, when your git pull says different! i alsio have a giot hub, and understanmd how it works,. so stop trying to stooge people dude, your stuff sux. and when i tried to seperate links, into different downloads, like your download page specifies.. it does not work and always gives the base, wich is linux. only. i believe...unless osme, small tweaking/batfile made for win32..but, you advertise the win32 binarys..so, your just fake. ....pls explain..why your acting like, i am a liar, when, your removing the author, from even the exploits now... cheeky,and very rude to me personally. screw u and ur pathetic crap, open or closed,it is a waste of time. xd On 6 October 2011 10:47, Juan Sacco <juansacco () gmail com> wrote:
Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: <?xml version="1.0" encoding="UTF-8"?> <Module> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py" Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs=""> </Exploit> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A"> Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. </Information> JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t () gmail com> wrote:Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton <noloader () gmail com> wrote:On Wed, Oct 5, 2011 at 5:32 AM, root <root_ () fibertel com ar> wrote:- * @author Stefan Zeiger (szeiger () novocode com) - print " Written by Blake " - <Information Author="Blake" Date="August 23 2011"Vulnerability="N/A">+#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/GPL V3 - they had to encumber it to set it free? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- _________________________________________________ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: New open source Security Framework, (continued)
- Re: New open source Security Framework Juan Sacco (Oct 06)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework Juan Sacco (Oct 06)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework Juan Sacco (Oct 06)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework PsychoBilly (Oct 06)
- Re: New open source Security Framework root (Oct 06)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Re: New open source Security Framework root (Oct 05)
- Re: New open source Security Framework xD 0x41 (Oct 05)
- Message not available
- Re: New open source Security Framework xD 0x41 (Oct 06)