| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: Re: Exploit for auth2-pam for vuln linux opensshd (KF's fake HPUX exploit with fake gdb output included free!) First of all I am flattered that you have the time to make incorrect assumptions.... If you had half a clue you would already be aware I do not work for globalintersec....if you are going to harass me at least harass me about SNOSOFT... http://www.globalintersec.com/staff.html Second in regards to your comments on http://www.globalintersec.com/adv/sudo-2002041701.txt what part of that advisory jives with hudo? http://packetstormsecurity.org/0211-exploits/hudo.c > Even Mr. FC could have crafted up an exploit in less than 8 months IF > THAT WERE THE CASE. If I remember fc did create an exploit... I think I saw a log of it on being exploited eurocompton or something.... maybe I am wrong though. something like fc.angelfire.com I forget maybe it was geocities... > Solution: > KF[GLOBALINTERSEC], admit to the world that you are a fraud and faked gdb > output in an effort to gain fame. At least I applaud for not signing your name > as 'KF' to your advisories. Globalintersec would have certainly been out of > business by now if that were the case. > If KF admits he is a liar, this will all stop. What will all stop? You will stop being harassing me if I stop what? I had NOTHING to do with the golobalintersec sudo or ssh advisories... > Potential Counter-Solution: > Say KF does not admit he is a fraud. I will be forced to go back through a pile > of old worthless code to show that his exploitable condition is impossible > (which is not to say at all that exploitation in some way is impossible). Well since I am such a fraud I will contribute yet another fake exploit with fake gdb output and fake results... maybe you guys can go through the code to HPUX ftpd and point out how this is not exploitable...I wouldn't know I have never seen it. This could have something to do with http://files.ruca.ua.ac.be/pub/depot/sw11/PHNE_20714.text But then again... I could be a fraud. -KF -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: HPUX_rest2.pl Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030109/604736c1/HPUX_rest2.pl -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: HPUX_ftpd_rest_notes.txt Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030109/604736c1/HPUX_ftpd_rest_notes.txt
Powered by blists - more mailing lists