| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2011 11:29:12 +0100 From: Jacqui Caren-home <jacqui.caren@...world.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Unbelivable, Pangolin 3.2.3 free edition released On 25/04/2011 06:51, Beatyou Man wrote: > I tried Pangolin 2.5.2 and the latest one. No data will be transfered to the server you mentioned in "http://laramies.blogspot.com/2009/05/pangolin-and-your-data.html" > > Why don't you trust your eyes and try this one? OK let have a bash - literally. [jacqui@...ter free_edition]$ strings * | grep nosec support@...ec.org www.nosec-inc.com www.nosec-inc.com support@...ec.org http://www.nosec.org/product/oracle_data.php?id= http://www.nosec.org/product/oracle_info.txt http://www.nosec.org/files/swf/datadumper/datadumper.html http://www.nosec.org/files/swf/md5crack/pangolin_md5crack.html http://www.nosec.org/files/swf/injection_digger/pangolin_injection_digger.html zwell@...ec.org http://www.nosec-inc.com/ www.nosec-inc.com http://www.nosec-inc.com 6http://www.nosec.org/product/oracle_data.php?id=[INFO] ,http://www.nosec.org/product/oracle_info.txt [jacqui@...ter free_edition]$ Hmm this shows the URLs used to pass data and call SWF apps used to run md5 cracks etc. A trace from a vm shows DNS request and a post to oracle_data and a get from oracle_info etc. I mean how clueless do you have to be to not encode the URL's so even a dumbass strings can find them? OK, anyone who actually uses a tool like this (in a windows box) is pretty dumb anyway especially as the data seems to end up in shenzhen,Guangdong - deffo not omewhere to trust your data goign to. Thankfully work blocks all incoming and outgoing .cn traffic! It seems the app tries to crack local password files as well - via a remote (chineese) system - not exactly nice... Jacqui _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists