Full Disclosure mailing list archives
Re: ms12-020 PoC
From: Chris L <inchcombec () gmail com>
Date: Fri, 16 Mar 2012 11:32:59 -0700
That is the first time I've seen that specific one, so not sure if it is fake or not. The main one that I saw going around about 12 hours ago was this one: http://pastebin.com/fFWkezQH and it is the allegedly fake one. The fake that is was supposedly from "sabu () fbi com" kind of sent off some alarm bells right away. That is either someone trying to be funny or trying to trick some scripties into running something they really shouldn't by using a recognizable name. I've seen the BinaryNinja's one being talked about in a few different places now and the consensus seems to be that it is legit but that at the moment all it does is blue screen of death any vulnerable Windows machine that it is used against. I haven't seen any that actually have payloads yet. That said, I'm just passing on what seems to be the general consensus I've seen so far. I haven't had the chance to test out any of them yet as I don't have a spare windows box set up right now. I'm waiting for a working version to come out before I actually try to go through the shellcode for any backdoors and test it because who knows what some of these fakes might REALLY do. On Fri, Mar 16, 2012 at 10:50 AM, Exibar <exibar () thelair com> wrote:
Is that the same code from yesterday? I thought that code was a fake and didn'kt do anything? Anyone confirm this? Exibar Sent via BlackBerry by AT&T
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: ms12-020 PoC, (continued)
- Re: ms12-020 PoC root (Mar 16)
- Re: ms12-020 PoC Nahuel Grisolía (Mar 18)
- Re: ms12-020 PoC Thor (Hammer of God) (Mar 18)
- Re: ms12-020 PoC Thor (Hammer of God) (Mar 18)
- Re: ms12-020 PoC James Condron (Mar 18)
- Re: ms12-020 PoC Thor (Hammer of God) (Mar 18)
- Re: ms12-020 PoC Nahuel Grisolia (Mar 18)
- Re: ms12-020 PoC root (Mar 16)
- Re: ms12-020 PoC kyle kemmerer (Mar 16)
- Re: ms12-020 PoC Adrián (Mar 18)
- Re: ms12-020 PoC Exibar (Mar 16)