| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cheekypeople at sec33.com (CHeeKY) Subject: RE: possible MS03-026 worm? if the guy did a pen test for his bank was that internal or external, for sure I can crash everything inside the network.. I expect that a worm will develop there no doubting in that, I am just not one for the sensationalism of these things, yeah its expected, but wtf why panick people, the patches are out there, have faith and trust in what you protect.. ------------------------------------------------------------------------- FIGHT BACK AGAINST SPAM! Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com ----- Original Message ----- From: "morning_wood" <se_cur_ity@...mail.com> To: "mobly99" <dhopper@...ritech.net>; <full-disclosure@...ts.netsys.com> Sent: Saturday, August 02, 2003 7:59 PM Subject: Re: [Full-Disclosure] RE: possible MS03-026 worm? > funny.. i had traces and warnings about this for a while now... > > http://exploit.philez.com/attack/RPC-DCOM-DD0S-attack.txt ( relocated > www.exploitlabs.com files ) > > > http://nothackers.org/pipermail/0day/2003-July/000140.html > > http://nothackers.org/pipermail/0day/2003-July/000143.html > http://nothackers.org/pipermail/0day/2003-July/000154.html > > this was when the world said.. umm > > http://nothackers.org/pipermail/0day/2003-July/000146.html > and I quote > > "hi ! > i did a pentest for a bank in order to verify the RPC attack consequences > !! > .. It's the biggest attack .. I broke into many servers and also crash many > others !! > I think 95% of the windows infrastructure was under control in less than 2 > hours !! > > so, morning_wood was RIGHT !" > > > > guess ppl should listen to me instead of waiting for @steak (sic) to read > my postings. > > etc etc > > Donnie Werner > co-founder e2-labs > morning_wood@...labs.com > > > > ----- Original Message ----- > From: "mobly99" <dhopper@...ritech.net> > To: <full-disclosure@...ts.netsys.com> > Sent: Saturday, August 02, 2003 11:03 AM > Subject: [Full-Disclosure] RE: possible MS03-026 worm? > > > > I forwarded the files I found to neohapsis and securityfocus. > > I'm not equipped with the knowledge to disassemble the code hopefully > > they can shed some light. > > > > The rpctest.exe appears to determine the remote system's OS and spawns a > > shell, which you can then telnet to. > > > > Tftpd.exe is this tftp server : http://www.hanewin.de/e-tftp.htm > > > > Worm.exe is a SFX that has rpc.exe tftpd.exe and rpctest.exe in them, > > extracts and launches them.... > > > > > > > > -Dave Hopper > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > >
Powered by blists - more mailing lists