Full Disclosure mailing list archives
[HAT-SQUAD][Release] Tiny MSN fuzzer (passwd demo)
From: <ad () class101 org>
Date: Sun, 7 Aug 2005 18:29:52 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /* C:\>msn_fuzzer test () mail com testpasswd [.] Resolving.....: messenger.hotmail.com = 65.54.239.140 [.] Connected.....: 207.46.4.25:1863 [.] HTTPS.........: unauthorized (login/passwd) [.] Disconnection.. C:\>msn_fuzzer test () mail com testpasswd -v [.] Resolving.....: messenger.hotmail.com [.] Resolving.....: messenger.hotmail.com = 65.54.239.140 [.] Connecting....: 65.54.239.140:1863 [.] Connected.....: logging (test () mail com) [.] Connected.....: 207.46.4.33:1863 [.] Connected.....: logging (test () mail com) [.] Connected.....: challenge string OK [.] HTTPS.........: unauthorized (login/passwd) [.] Disconnection.. C:\>msn_fuzzer test () mail com testpasswd -vv [.] Resolving.....: messenger.hotmail.com [.] Resolving.....: messenger.hotmail.com = 65.54.239.140 [.] Connecting....: 65.54.239.140:1863 [.] Connected.....: 65.54.239.140:1863 [.] Connected.....: logging (test () mail com) [.] Connected.....: buffer #1 [.] Connected.....: buffer #2 [.] Connected.....: buffer #3 [.] Transferred...: 207.46.4.92:1863 [.] Connected.....: 207.46.4.92:1863 [.] Connected.....: logging (test () mail com) [.] Connected.....: buffer #1 [.] Connected.....: buffer #2 [.] Connected.....: buffer #3 [.] Connected.....: challenge string OK [.] HTTPS.........: subconnection #1 (nexus.passport.com) [.] HTTPS.........: retrieving login server [.] HTTPS.........: retrieving login server (success) [.] HTTPS.........: subconnection #2 (loginnet.passport.com) [.] HTTPS.........: retrieving hash ticket [.] HTTPS.........: unauthorized (login/passwd) [.] Disconnection.. C:\>msn_fuzzer 207.46.4.92 1863 test () mail com testpasswd -vv [.] Connecting....: 207.46.4.92:1863 [.] Connected.....: 207.46.4.92:1863 [.] Connected.....: logging (test () mail com) [.] Connected.....: buffer #1 [.] Connected.....: buffer #2 [.] Connected.....: buffer #3 [.] Connected.....: challenge string OK [.] HTTPS.........: subconnection #1 (nexus.passport.com) [.] HTTPS.........: retrieving login server [.] HTTPS.........: retrieving login server (success) [.] HTTPS.........: subconnection #2 (loginnet.passport.com) [.] HTTPS.........: retrieving hash ticket [.] HTTPS.........: unauthorized (login/passwd) [.] Disconnection.. etc,etc.. The C code might be used to fuzze some MSN clients, bruteforce, etc, etc... demonstration: http://class101.org/MSN_fuzzer.zip */ #include <stdio.h> #include <string.h> #include <io.h> #include <afxext.h> #include <afxinet.h> #include <winsock2.h> #pragma comment(lib, "ws2_32") #pragma comment(lib, "mpr") #pragma comment(lib, "wininet") void ver(),usage(),error(),foot(),done(SOCKET s); int vb1=0,vb2=0,port,i,j,l00p=0; char *ar0,*ar1,*ar2,*ar3,*ar4,*ar5,*one,*pwd,*mail,mail_[128],mail__[128],newip[1 5],newport[5]; hostent* one_; WSADATA wsadata; int engine1(char *one,int port,char *mail,int argc); int main(int argc,char *argv[]) { ver(); ar0=argv[0],ar1=argv[1],ar2=argv[2],ar3=argv[3],ar4=argv[4],ar5=argv[5]; if (argc==1){usage();return 0;} [......sniipppppppped......] probably much infos where you know =] **************************************************************** KEY: 0xA7C69C5F PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F **************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2rc2 (MingW32) - GPGOE 0.4.1 iQIVAwUBQvY28q+LRXunxpxfAQJ76A/+IyBcK0oDBYUi739FYBsg7BE5uu6cJjod /wz7RiQfFr8ylfZ+TnWwt73orhak26fCVyZ+2E0KDZnuuyA9C7/RxQHyGcA1PEJe fjVEu6qwG74boR2QVEdoYQvJSTz9lpCpt8tu3XCm3O7Ne68uZLtluEnyyEL0wvc0 Y805tzn5X+ha/tCAEtClGe0opNocRZ7MI1v2lq4JkvVbuMphBfXakVWJZHCCciT8 6U1Iwf2gqU6u0INhpuubTZzKHGiUqL2UpiqudfCoEI/w1uLRvje3syi4bpJovN1w yXHoKvQkdSzbSSbADOl4LSi/mXFLfez7oSBbephtXlTVTgFBMgqWyUoQiJmfter/ xs6HtYW0KJOh6BhxSAgedF/UlAb3QxVea5NWPriSBJlkznjwfO7ZuSngS6xocjKe jomHnlIjyJZrlS24WDHXn4vFvHDvLjaNj+dIjhvlvgtl6LkNCFLChUYN9PvWEj9S ntvWTDTJMQKYQo8c1XWNlYQghxFawJpfNyNsqxpZDAIHU4kYVwYRMOf6YVsVkw2L KuSJtHHgzSOC8UgBur/MH07P8/e2HmyZiIrtSI90DNq6uHpWVH//5TSVTHd8QVWl vzrBH1jE/VKbtf0HX8ThQNrmtCoherPJiB1E55ZNcEmaUHSs6SLufyOCGP0+r0uK bR1mANKpGQo= =owt+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [HAT-SQUAD][Release] Tiny MSN fuzzer (passwd demo) ad (Aug 07)