Full Disclosure mailing list archives
Re: CORE-Impact license bypass
From: "sk" <sk () groundzero-security com>
Date: Wed, 28 Sep 2005 10:45:34 +0200
what i criticize is that *lots* of companies (at least here in my vicinity) are selling cheap "vulnerability assessments" which actually are nothing more than automated security scans. this leads to the customer feeling safe when he's really wide open to attacks. often, these people's networks can be rooted in no time. sure, you don't have to be uber-31337 to do penetration tests (i'm certainly not), but it should definitely go beyond the "scan--+--google-for-exploit" approach.
i totally agree on that. another thing i have to say is that you can sell your auto penetration tests, but those which advertise with *professional* pen-tests should actually know how to exploit a bug and understand the concept and not just run an automated tool as thats simply a rip off of the customer. too many of those consultants just do the bullshit talking to convince the customer to keep buying their services. they dont need to know much.. and certainly dont. every real professional can't do his job without manual work. that includes auditing custom php/cgi scripts which where written specific for the target system for example and such things wont be spotted by the automated tools. this could lead to undetected command execution,sql injection or info leak bugs on the customer system, which a hacker will easily spot if he does his usual manual work. so a pen test is way more reliable and professional if its done with real hacking or do you think real hackers only use automated tools ? script kiddies do, but those are unprofessional cluless kids and its the same compared to penetration tests. real pen testers know how to hack a system and lame ones just run automated tools. -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas <sk () groundzero-security com> sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -----END PGP PUBLIC KEY BLOCK----- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ----- Original Message ----- From: "Bernhard Mueller" <research () sec-consult com> To: "Full Disclosure" <full-disclosure () lists grok org uk> Sent: Wednesday, September 28, 2005 8:58 AM Subject: Re: [Full-disclosure] CORE-Impact license bypass
Valdis.Kletnieks () vt edu wrote:On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said: And note also that "finding a hole" and "be talented enough to create an exploit" are *totally* distinct. I found a rather nasty rootable hole
in
Sendmail a while back (read the release notes for 8.10.1 and the
relevant
manpages for the system linker - that gives enough info to figure out
what the
bug was). Never did create a working exploit for it - I fooled with it
for an
afternoon and only got as far as proving that if somebody were to spend
more
than an afternoon on it, they *could* produce a working exploit.i agree with this. it's often much easier to find a bug than to exploit it (see strange heap overflows and the like), and i also don't have the time to spend days on disassembling and looking for attack vectors (and i'm sure that other people will have more fun doing just that). what i criticize is that *lots* of companies (at least here in my vicinity) are selling cheap "vulnerability assessments" which actually are nothing more than automated security scans. this leads to the customer feeling safe when he's really wide open to attacks. often, these people's networks can be rooted in no time. sure, you don't have to be uber-31337 to do penetration tests (i'm certainly not), but it should definitely go beyond the "scan--+--google-for-exploit" approach. regards, -- _____________________________________________________ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 ______________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: CORE-Impact license bypass, (continued)
- Re: CORE-Impact license bypass Exibar (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- RE: CORE-Impact license bypass Marc Maiffret (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass fd (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 26)