Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New open source Security Framework

From: xD 0x41 <secn3t () gmail com>
Date: Thu, 6 Oct 2011 11:27:24 +1100
Yes, i will join.
http://exploitpack.com/mailing-list

i will try and contribute actually.. i see now why you removed abit of the
author name but... kinda handy to know it is always same author to ;p but,
we will discuss this on that list :)
i will look forward to trying to make it, abit nicer ... specially, could
get some friendly help, wich would be nice.. thats what it needs, some deent
codes..to be really looked at, and used, then, you would want to get it
added to like BT or BackBox etc...so, i can try help , sure :)
Im glad you offered that ,.hehe.
cheers,
xd

On 6 October 2011 11:23, Juan Sacco <juansacco () gmail com> wrote:


Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!!
( Please do me a favor and read the license first )

Wanna keep talking about your personal opinion?

Please.. As it was told stop doing it here, this is not a chatroom. We have
a forum and a mailing list for that.

It would be nice to see you there... Believe me.

I invite you all to the new forum! :-)
http://exploitpack.com

Cheers!


On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 <secn3t () gmail com> wrote:


Juan,
I have not created any opinion (yet) but, is it rally fair, to give people
who code, 2 frigging dollars, for sometimes what would be 0day , or is it
nice, to remove the REAL auithors name, and add your own.
Thats the only grips i see, without having to look at it yet.
The whole look of it, without 'using' it tho, looks alot like canvas ;p
but, thats not bad thing and, i personally, dont mind that, coz canvas, is
not open and, this one is, wich would be great to bring that feel into it..
so, your reading tomuch into things, when i mean giving credit to author, i
dont mean putting in his email/greetings and notes, i mean, simply one line
to give credit, so people who are using the pack, could atleastfeel sure
with some coders,that the code will be very nice, and not painful to read or
, modify even to make it nicer.. that is why i like to always makesure
authors get some credit, however it may be, it only needbe a nick/name, but
you are using theyre things, but on your people who your paying, i guess you
should maybe put in place then rules that, all exploits paid for, would not
recieve credits, other than, part of devteam or part of exploit-pack
codepack.
It aint hard to keep people happy. Whilst still producing quality, or, non
quality.
i will run your pack, using ONE well know exploit, and if that fails, i
will have results here, compared to backbox scan or, another vuln scan,
then, i will comment further. How does that sound?
Ok. I will do my research, but, i aint angry at you, nor the product,
altho i dislike Insect, this one, seems to have some good features. So yea,
ill take an open look, i only think, if code is NOT paid for, then you
should put authors name or handle in there somwhere, maybe even something
for paid exploits... people do appreciate a 'thanks to' sometimes...
especially you it seems.
xd


On 6 October 2011 10:47, Juan Sacco <juansacco () gmail com> wrote:


Hey,
Its really a shame that you didn't even take like 2 minutes to watch the
source code of Exploit Pack before create an opinion.
This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
JAVA. See the diference? Also, please take a look at the interface design,
both are really different. Show me where Exploit Pack is similar to Canvas!
I think you spent too much time looking for Waldo :-D

We respect the exploit author and that is why I add them at the first
line of the XML file
You should run the program before creating this crappy post with your
nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )

Take a look if you want:

<?xml version="1.0" encoding="UTF-8"?>
<Module>

<Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"  Platform="windows" Service="ftp" 
Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
</Exploit>

<Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
Free Float FTP Server USER Command Remote Buffer Overflow Exploit
when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote 
anonymous login by default
exploiting these issues could allow an attacker to compromise the application, access or modify data.
</Information>

JSacco

On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t () gmail com> wrote:


Heya jeff,
The author is clearly not smart.
He is copying other codes, this is a plain rip off of canvas...hehe...
and same with his insect pro... he stole metasplit for tht one, then he
wants repect, when we see him removing simplly one line wich would atleast
say a ty and, show [ppl who writes, is maybe sometimes stabler than other
authors, it would be better to have this in, not out.. he should be able to
see thats how it works with exploit code/pocs in general... sometimes, if i
see php code from one person, i will tend to look, but if it was from an
unknown person, i prolly wouldnt.
But this (open sauce) project, i will download and waste 5minutes on.
Then illm go back to Backbox and BT5 and things wich work :)
hehe
(this guy is really mad about his app... and i mean, dang mad angry! I
will buy some tissues and send to him, that is my donation for his app)
:))
xd


On 6 October 2011 08:59, Jeffrey Walton <noloader () gmail com> wrote:


On Wed, Oct 5, 2011 at 5:32 AM, root <root_ () fibertel com ar> wrote:

- * @author Stefan Zeiger (szeiger () novocode com)
- print "   Written by Blake  "
- <Information Author="Blake" Date="August 23 2011"

Vulnerability="N/A">


+#Exploit Pack - Security Framework for Exploit Developers
+#Copyright 2011 Juan Sacco http://exploitpack.com
+#
+#This program is free software: you can redistribute it and/or

modify

it under the terms of the
+#GNU General Public License as published by the Free Software
Foundation, either version 3
+#or any later version.
+#
+#This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY;
+#without even the implied warranty of MERCHANTABILITY or FITNESS FOR

A

PARTICULAR
+#PURPOSE. See the GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
along with this program.
+#If not, see http://www.gnu.org/licenses/

GPL V3 - they had to encumber it to set it free?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
_________________________________________________
Insecurity Research - Security auditing and testing software
Web: http://www.insecurityresearch.com
Insect Pro 2.5 was released stay tunned








--
_________________________________________________
Insecurity Research - Security auditing and testing software
Web: http://www.insecurityresearch.com
Insect Pro 2.5 was released stay tunned




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: