Full Disclosure mailing list archives
Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
From: Antony widmal <antony.widmal () gmail com>
Date: Sun, 13 Nov 2011 22:19:28 -0800
Is this thread about a sk who talk about shit he doesnt know, or impacket, or about an actual vuln ? Not sure here Le 14 nov. 2011 00:56, "Dan Tulovsky" <dant () wetsnow com> a écrit :
http://www.secdev.org/projects/scapy/build_your_own_tools.html Seems to be what you want. On Sat, Nov 12, 2011 at 12:27 PM, Darren Martyn <d.martyn.fulldisclosure () gmail com> wrote:Off topic (kinda) but with all this talk on SCAPY, has anyone a good reference on using it IN a python script for crafting/reading packets? Me and a friend wanted to write a python version of Ettercap/dsniff usingtheSCAPY libraries as a challenge and as a learning experience. Even if wecanjust get some reliable ARP poisoning to work with it we will be pretty happy, and will have learned something. Any good literature? Also, ON topic - http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt On Sat, Nov 12, 2011 at 11:39 AM, Mario Vilas <mvilas () gmail com> wrote:I've used Impacket to craft raw packets of all kinds. Then again I don't know if that counts - used to work at Core at the time, so it was pretty much the only choice due to licensing issues with other libraries. I don't mean to say it's a bad tool to work with, not at all. I happentoprefer the newer Scapy, but it's just a matter of personal taste. :) On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal <antony.widmal () gmail comwrote:Dear Dan, Impacket was at first a Pysmb copy/update from Core Security in ordertoplay with RPC. (look at the source) They've done some work on pysmb library in order to implement DCE/RPC functionality in this dinosaurus lib. Saying that we should use Impacket in order to craft *raw* UDP packet is definitively the dumbest thing I've heard today. Seriously. Anyonecanconfirm that ? Mario ? Carlos ? .... Anyways, This guy doesn't understand shit, talks a lot about shit he doesn't know about, why would you even spend time reading his shit ? This vulnerability is about sending a *huge fucking* stream of UDP packets on a closed port in order to trigger a int overflow via a refcount.Most of the people here didn't even understand what we are talking about/dealing with. Anyways, it's probably time for you to unsubscribe since you don'tfollowand S-K's like secn3t () gmail com are trying to act like they know. Yeah right, a UDP int overflow triggered via a refcount UDP overflowthatyou can trigger with 1 single TCP (with the right ACK) packet is theway togo. This mailing list is getting gay, seriously. Cheers, Antony. On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance <tzewang.dorje () gmail comwrote:Okay, now I'm confused! From http://oss.coresecurity.com/projects/impacket.html "Impacket is a collection of Python classes focused on providingaccessto network packets. Impacket allows Python developers to craft anddecodenetwork packets in simple and consistent manner. It includes supportforlow-level protocols such as IP, UDP and TCP, as well as higher-level protocols such as NMB and SMB. Impacket is highly effective when usedinconjunction with a packet capture utility or package such as Pcapy.Packetscan be constructed from scratch, as well as parsed from raw data. Furthermore, the object oriented API makes it simple to work with deep protocol hierarchies." Thanks for your input Antony. Can you explain why impacket has nothing to do with crafting UDP packets? Fascinating thread this. Thanks to all!! dan :) On 11 November 2011 22:42, Antony widmal <antony.widmal () gmail com> wrote:You are definitely a lamer secn3t. Also for you little brain, impacket has nothing to do with craftingUDPpackets.. Thanks for proving this again and again. On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <secn3t () gmail com> wrote:well look at that :P not same author but , nice coding predelka! good one, i will add you to crazycoders.com coderslist... i guess there is a few codes youhavenow done wich might be useful... cheers. xd On 12 November 2011 05:43, Ryan Dewhurst <ryandewhurst () gmail com> wrote:An attempt at a possible MS11-083 DoS/PoC exploit, by @hackerfantastic: http://pastebin.com/fjZ1k0fi On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) <thor () hammerofgod com> wrote:Yeah, I gotta say, I’m going to use it at some point ;) From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Mario Vilas Sent: Friday, November 11, 2011 9:02 AM To: Ryan Dewhurst Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) I liked the "heavy breather in the perv closet" bit. On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst <ryandewhurst () gmail com> wrote: I think Jon just said what everyone else was thinking, he saidwhatI was thinking at least. On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz () gmail com> wrote:On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t () gmail com>wrote:About the PPS, i think thats a very bad summary of the exploit, 49days to send a packet, my butt. There is many people assuming wrong things, when it can be done with seconds, syscanner would scan a -b class in minutes, rememberitonly has to find the vulns, gather, then it would break scan, and trigger vuln... so in real world botnet, yes then, with tcpip patchers, like somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks... and it is ONLY one wich actually works, when you maybe modifythesrc so the sys file, is dropped from within a .cpp file, well thats up to you but thats better way to make it work, this will open sockets/threads, as i could, easily proove with one exe, but,thegoal is, to trigger the vuln then exploit it, less than 49days :P ,so, iguess if this exploit, in real form, gathered 2 million hosts over 3 nights.. i guessing that the exploit, could possibly betriggeredwith ONE properly setup packet.. people forget that, a packet is one thing, and a crafted UDP packet, is quite another..I'd really like to see you actually explain this bug with code. Either with a poc or with the disassembly. You seem to act like youknowwhat's going on, but so far your description has been off base (from what I can make of your writing). No one cares about paragraphs of speculation and bragging, codeoryou are just another heavy breather in the perv closet of FD. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend tobecome thepeople.” _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- My Homepage :D _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), (continued)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Jeffrey Walton (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 12)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Darren Martyn (Nov 12)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) dave bl (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Tulovsky (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Antony widmal (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Valdis . Kletnieks (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Ian Hayes (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Chris L (Nov 13)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Dan Ballance (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Mario Vilas (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Gary Baribault (Nov 11)
- Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) xD 0x41 (Nov 11)