lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 12 Nov 2011 23:33:10 +0000
From: Dan Ballance <tzewang.dorje@...il.com>
To: Antony widmal <antony.widmal@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
 Could Allow Remote Code Execution (2588516)

Cheers Antony, I began by asking if Scapy was a suitable tool for crafting
this attack - and then asked more generally what tools/languages/frameworks
do people recommend for this kind of task? Are you suggesting due to the
very large numbers of packets involved that for performance reasons this
needs to be written in c/c++?

On 12 November 2011 06:22, Antony widmal <antony.widmal@...il.com> wrote:

>
>
> On Fri, Nov 11, 2011 at 10:08 PM, Jeffrey Walton <noloader@...il.com>wrote:
>
>> On Sat, Nov 12, 2011 at 12:53 AM, Antony widmal <antony.widmal@...il.com>
>> wrote:
>> > Dear Dan,
>> > Impacket was at first a Pysmb copy/update from Core Security in order to
>> > play with RPC. (look at the source)
>> > They've done some work on pysmb library in order to implement DCE/RPC
>> > functionality in this dinosaurus lib.
>> You can also try Dave Aitel's SPIKE.
>>
>> Yeah sure;
> If you're passionate about medieval history and you are a fan of
> the Flintstones, you'll be happy with Dave's Aitel fuzzer.
>
> Regards,
> Antony
>
>  > This vulnerability is about sending a *huge fucking* stream of UDP
>> packets
>> > on a closed port in order to trigger a int overflow via a ref count.
>> > Most of the people here didn't even understand what we are talking
>> > about/dealing with.
>> Is this related to the undisclosed MS09-048, which we were told did
>> not require remediation because the Windows firewall (et al) mitigated
>> the vulnerability?
>> http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx.
>>
>> Jeff
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ