lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: cheekypeople at sec33.com (CHeeKY)
Subject: RE: possible MS03-026 worm?

if the guy did a pen test for his bank was that internal or external, for
sure I can crash everything inside the network..

I expect that a worm will develop there no doubting in that, I am just not
one for the sensationalism of these things, yeah its expected, but wtf why
panick people, the patches are out there, have faith and trust in what you
protect..

-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com


----- Original Message ----- 
From: "morning_wood" <se_cur_ity@...mail.com>
To: "mobly99" <dhopper@...ritech.net>; <full-disclosure@...ts.netsys.com>
Sent: Saturday, August 02, 2003 7:59 PM
Subject: Re: [Full-Disclosure] RE: possible MS03-026 worm?


> funny.. i had traces and warnings about this for a while now...
>
> http://exploit.philez.com/attack/RPC-DCOM-DD0S-attack.txt  ( relocated
> www.exploitlabs.com files )
>
>
> http://nothackers.org/pipermail/0day/2003-July/000140.html
>
> http://nothackers.org/pipermail/0day/2003-July/000143.html
> http://nothackers.org/pipermail/0day/2003-July/000154.html
>
> this was when the world said.. umm
>
> http://nothackers.org/pipermail/0day/2003-July/000146.html
>  and I quote
>
> "hi !
> i did a pentest for a bank in order to verify the RPC attack consequences
> !!
> .. It's the biggest attack .. I broke into many servers and also crash
many
> others !!
> I think 95% of the windows infrastructure was under control in less than 2
> hours !!
>
> so, morning_wood was RIGHT !"
>
>
>
> guess ppl should listen to me instead of waiting for @steak (sic) to read
> my postings.
>
> etc etc
>
> Donnie Werner
> co-founder e2-labs
> morning_wood@...labs.com
>
>
>
> ----- Original Message ----- 
> From: "mobly99" <dhopper@...ritech.net>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Saturday, August 02, 2003 11:03 AM
> Subject: [Full-Disclosure] RE: possible MS03-026 worm?
>
>
> > I forwarded the files I found to  neohapsis and securityfocus.
> > I'm not equipped with the knowledge to disassemble the code hopefully
> > they can shed some light.
> >
> > The rpctest.exe appears to determine the remote system's OS and spawns a
> > shell, which you can then telnet to.
> >
> > Tftpd.exe is this tftp server : http://www.hanewin.de/e-tftp.htm
> >
> > Worm.exe is a SFX that has rpc.exe tftpd.exe and rpctest.exe in them,
> > extracts and launches them....
> >
> >
> >
> > -Dave Hopper
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>



Powered by blists - more mailing lists