lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <10D1CDA5E7B0D41190F800D0B74585640C923A96@cobra.netsolve.net>
From: TimmK at netsolve.net (Timm, Kevin)
Subject: Unusual request

Unicoder by HDmoore will do a lot of unicode checks , plus it can be used
over SSL to evage a NID or through a proxy to obfuscate your ip. I wrote a
little add on to it called firerunner that would actually do the exploit and
ftp Netcat to the host. After that was finished it would connect back to a
Netcat listener with a cmd prompt. The whole process took less than 10
seconds. I tracked down a copy of it. It is kind of old and there are
probobaly some coding errors on my part, since it was really just a test and
never released. Here it is. Keep in mind it's pretty old but with a little
love should be able to demonstrate Unicode attacks and back channel
connections as well as the ability to use a proxy. The script allows it to
function as such 

Attack from IP 1 (which could be a proxy) 
FTP Netcat from another IP 
Create connection to a 3rd ip   

Good luck. 

Kevin 
 

-----Original Message-----
From: Rapaille Max [mailto:Max.Rapaille@....be]
Sent: Thursday, February 13, 2003 7:58 AM
To: Schmehl, Paul L; Full-Disclosure
Subject: RE: [Full-Disclosure] Unusual request


Hi,

I did this kind of demo 2-3 times already, with a Win2k SP2 and IIS.
To add a layer, we just added a firewall between the ISS and the attacker PC
..  with just Port 80 incoming and, as (too)usual, All port open for
outgoing...  Just using a unicode exploit, and then loading some tools,
defacing web page, taking remote control, etc...  A lot of fun for Us, and
great astonishment for the public..  Certainly with the firewall..  A lot of
them where just saying, before the demo : We are secure, our integrator
installed a firewall...  
BTW, we also used some tools ike unicoder.pl and Upload.asp, to demonstrate,
in a second time, how easy it is, even if you don't know what you do...

Good effect of awareness for those managers, Engineer, etc...


Good luck.

Max

-----Original Message-----
From: Schmehl, Paul L [mailto:pauls@...allas.edu] 
Sent: 13 February 2003 14:37
To: Full-Disclosure
Subject: RE: [Full-Disclosure] Unusual request


Thanks to all who offered suggestions.  I don't know why I couldn't remember
"unicode" when I was googling, but then I've read thousands of man pages and
docs since then, and my mind can only hold so much information. :-)

What I plan to do is load a box with a default install of IIS and use a web
browser based attack to demonstrate how easily a box can be compromised when
it's unpatched.  (I'll probably just deface a web
page.)  Since the audience will be "normal" users, I expect most of them to
be astounded and incredulous, which is why I wanted to use something very
simple to understand.  If I ran a program through a netcat session, I
suspect many of them wouldn't get it, but if I type a URL into a browser, I
*hope* they will all see that *anyone* could do that, even with very little
knowledge of exploits or security practices.

And before you ask, no the box will not be connected to our LAN. Otherwise
it would get Code Red and Nimda before I could even complete my
demonstration.  :-)

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN
Founding Member 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030213/93b69b6c/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fire-runner.pl
Type: application/octet-stream
Size: 16427 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030213/93b69b6c/fire-runner.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ