| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Nov 2011 09:22:19 +1100 From: xD 0x41 <secn3t@...il.com> To: Ryan Dewhurst <ryandewhurst@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) yer yer... everyone trys to shoot the messenger, when, i should have just stfu, and, not offered any insight, wich would probably have been better, sorry, ill makesure to keep this shit to myself, until the actual author, gives out shit.. .ok...thx. my mistake On 12 November 2011 03:43, Ryan Dewhurst <ryandewhurst@...il.com> wrote: > I think Jon just said what everyone else was thinking, he said what I > was thinking at least. > > On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@...il.com> wrote: >> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@...il.com> wrote: >>> About the PPS, i think thats a very bad summary of the exploit, 49days >>> to send a packet, my butt. >>> There is many people assuming wrong things, when it can be done with >>> seconds, syscanner would scan a -b class in minutes, remember it only >>> has to find the vulns, gather, then it would break scan, and trigger >>> vuln... so in real world botnet, yes then, with tcpip patchers, like >>> somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks... >>> and it is ONLY one wich actually works, when you maybe modify the src >>> so the sys file, is dropped from within a .cpp file, well thats up to >>> you but thats better way to make it work, this will open >>> sockets/threads, as i could, easily proove with one exe, but, the goal >>> is, to trigger the vuln then exploit it, less than 49days :P , so , >>> iguess if this exploit, in real form, gathered 2 million hosts over 3 >>> nights.. i guessing that the exploit, could possibly be triggered with >>> ONE properly setup packet.. people forget that, a packet is one thing, >>> and a crafted UDP packet, is quite another.. >> >> I'd really like to see you actually explain this bug with code. Either >> with a poc or with the disassembly. You seem to act like you know >> what's going on, but so far your description has been off base (from >> what I can make of your writing). >> >> No one cares about paragraphs of speculation and bragging, code or you >> are just another heavy breather in the perv closet of FD. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists