lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 12 Nov 2011 10:13:44 +1100
From: xD 0x41 <secn3t@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
 Could Allow Remote Code Execution (2588516)

lol... yea... no idea, dont care.... this is just for those ppl who
*had* to see something :)
now let them, worry why theyre box is executing ping fkloods and
crap..or, maybe causing, even worse things ;)
I know prdelka, is verry good with backdoors :P lol... i hope he got
every fucker who was breaking ballz.
also, ofcourse, if it takes 49days then...why would ms even woprry..
hehe... just ignore me, until the real author comes forward, and, then
the ppl who abused me, can see for themselfs, how this works.
and not until then, or, until i make my own scanner, will i even share
one bit more of actual info, because, it was always a stack based
overflow, NOT off-by-one :)
anyhow... it doesnty take, 49days, atall..
and, yes, indeed, will be one good packet, if the packet , has the
right SQN + Ack number.
I guess, a stream of udps, would be just as effective....
but, i dont know yet, until my own code scanner is done.
so, i dont care fopr what ppl say... i know my windows... and, know my
ms exploits ... ms, is not as secure as we would love to think, and,
once a hole like this is opened, there is many ways to reopen it..
there is a magic key for every box...
anyhow later..


On 12 November 2011 09:58,  <Valdis.Kletnieks@...edu> wrote:
> On Sat, 12 Nov 2011 09:36:21 +1100, xD 0x41 said:
>> well look at that :P
>> not same author but , nice coding predelka! good one, i will add you
>> to crazycoders.com coderslist... i guess there is a few codes you have
>> now done wich might be useful... cheers.
>
> Did you actually do a code review?  There's some... issues. ;)
>
> First, the comment block says it needs 2^32 packets sent.
>
> Then we do:
>
>        for(lthreads=0;lthreads<250;lthreads++){//UDP flood
>                iret = pthread_create(&thread,NULL,sendpackets,argv[1]);
>
> (250, not 256? Gaak ;)
>
> And then sendpackets() does this:
>
>        for(i=0;i<4294967295;i++){
>
> So this is working 250 times as hard as it has to.  No wonder it takes 52 days. ;)
>
> Also, the variable 'active' is at least theoretically racy - it's *possible*,
> but unlikely, that the main program will kick off the 250 threads, and fall
> through to the 'while(active)' loop before any of the threads have hit the
> active++ in their code.
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ