lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Mar 2008 14:27:17 +0100 From: Tim Kunschke <tim@...mey.homelinux.com> To: "zwell.nosec" <zwell.nosec@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: What's going on about Pangolin I have also tested, and with the UPX packer unpacked. Nothing. Nothing dangerous. ;) ------------------------------------------------------------------------------------------------------------------- C:\>C:\upx302w\upx.exe -d C:\pangolin_bin\out\pangolin.exe Ultimate Packer for eXecutables Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007 UPX 3.02w Markus Oberhumer, Laszlo Molnar & John Reiser Dec 16th 2007 File size Ratio Format Name -------------------- ------ ----------- ----------- 2834944 <- 879616 31.03% win32/pe pangolin.exe Unpacked 1 file. ------------------------------------------------------------------------------------------------------------------- Antivirus programs work with signatures. Matched the signature on the upx packed programs we have a problem. A false-positive. °°°°snake°°°° zwell.nosec schrieb: > > Hi, everyone: > > A friend told me that modify offset at 0x000D6BDF from 0x00 to 0xff, > then the world will be quiet. ; ) > > ------------------------------------------------------------------------ > > *From:* full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *Nemes > *Sent:* Saturday, March 29, 2008 1:18 AM > *To:* full-disclosure@...ts.grok.org.uk > *Subject:* [Full-disclosure] Fwd: What's going on about Pangolin > > This is not anykind of trojan or has it got anykind of backdoor in it. > > I've been using it for a few days now and its fine. > > I had a process monitor running and aTCP/IP UDP connections monitor > running when i unpacked the rar and ran pangolin for the first time, > NOTHING HAPPENED except for the application starting. > > I did an "upx.exe -d pangolin.exe" on my copy and I got 1 FILE UNPACKED.. > > No trojans no abckdoors, no virus nothing! > Its fine! > > N > > ---------- Forwarded message ---------- > From: *Tremaine Lea* <tremaine@...il.com <mailto:tremaine@...il.com>> > Date: 28 Mar 2008 17:20 > Subject: Re: [Full-disclosure] What's going on about Pangolin > To: mastahflank@...il.com <mailto:mastahflank@...il.com> > Cc: full-disclosure@...ts.grok.org.uk > <mailto:full-disclosure@...ts.grok.org.uk>, > full-disclosure-bounces@...ts.grok.org.uk > <mailto:full-disclosure-bounces@...ts.grok.org.uk> > > Why should he show the source to his work? > > To allay valid concerns of the intended users. > > With some of the discussion at this point, it would certainly benefit > the author if he wants to gain wider usage and discourage uninformed > opinion. > > --- > > Tremaine Lea > Network Security Consultant > Intrepid ACL > "Paranoia for hire" > > > > On 28-Mar-08, at 10:38 AM, josh wrote: > > Why should he show the source to his work. I don't see him selling > > it, he isn't twisting your arm to use it. He released it for free. > > Either use it or don't. > > Sent from my BlackBerry® smartphone with SprintSpeed > > > > -----Original Message----- > > From: "Andreas Selvicki" <drsynack@...il.com <mailto:drsynack@...il.com>> > > > > Date: Fri, 28 Mar 2008 10:25:25 > > To:full-disclosure@...ts.grok.org.uk > <mailto:To:full-disclosure@...ts.grok.org.uk> > > Subject: Re: [Full-disclosure] What's going on about Pangolin > > > > > > Let's see the source please. > > > > > > On 3/26/08, zwell@...u.com <mailto:zwell@...u.com> > <mailto:zwell@...u.com <mailto:zwell@...u.com>> <zwell@...u.com > <mailto:zwell@...u.com> <mailto:zwell@...u.com <mailto:zwell@...u.com> > > > > wrote: > > I've just read the discussion from here, seriously, I don't know > > what's going on. > > I've coded it since 2005 and never release it until this year. And I > > really do not know why it be treated as a backdoor. > > > > If you think it is a backdoor, so please do a reverse engineering on > > it. You can capture the network packet, you can list all the strings > > in it, even you can hook APIs in it. Do anything you like to make > > sure whether it's backdoor or not. > > > > BTW, I packeted it through UPX to reduce the size. And some people > > focused on "http://www.nosec.org/web/index.txt > <http://www.nosec.org/web/index.txt > > > ", which is used in ORACLE injection mode when the target database > > is in intranet so we can use some store-procs to make the target to > > visit our website then we can receive the internet address that is > > mapped to outside. Anybody who is good at oracle injection should > > know this. > > > > Really, I wanna know why!!! > > > > > > > > < div class="w134"> > > > > > > > > > > > > > > > > > > > > ---------------- > > > > 2008年薪水翻倍技巧 <http://doc.go.sohu.com/200802/5e1b674ab8183f3db8baba > > 8ee4c6dd53.php> > > *用搜狗拼音写邮件,体验更流畅的中文输入>> <http://goto.m > > ail.sohu.com/goto.php3?code=mailadt-ta > <http://ail.sohu.com/goto.php3?code=mailadt-ta>> > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > <http://lists.grok.org.uk/full-disclosure-charter.html > > > > > Hosted and sponsored by Secunia - http://secunia.com/ > <http://secunia.com/ > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists