lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 10 Sep 2014 23:24:41 -0500
From: Matt Weeks <scriptjunkie@...iptjunkie.us>
To: fulldisclosure@...lists.org
Subject: [FD] Ammyy Admin 0day

Not sure how long this will last, but I didn't want to sit on it forever:
http://www.scriptjunkie.us/2014/09/exploiting-ammyy-admin-developing-an-0day/
tl;dr - a counter-exploit against Ammyy Admin, best known for being used by
scammers to take over unsuspecting non-technical users' computers. Instead,
the scammer's computer would end up getting pwned by the "victim."

Tested against win Vista and 7 x86 and x64, with targets for latest two
versions.

Normally I don't go full disclosure on vulns I find, but in this case, I
see little potential for abuse.

-- 

http://www.scriptjunkie.us/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ