lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: pdt at jackhammer.org (Paul Tinsley)
Subject: RE: Re: Bad news on RPC DCOM vulnerability

Just out of curiosity could you specify why you consider the other one 
"better code?"  The only real differences between the two are that they 
both "fix" the 'cs+=buf;' line differently which is kind of silly to 
bother fixing in the first place, considering the function that line of 
code sits on isn't even called so it should be commented out or deleted 
to start with.  The only other real difference is one decided to use an 
int main and one uses void main.  Well that and the SecurityLab copy 
breaks part of main with the 'if(argc!=2){' check, as it is meant to 
have two different modes of operation, one target or a class B.

Mike Gordon wrote:

> A compiled version is found at 
> _http://www.SecurityLab.ru/_exploits/rpc3.zip_
> But it seems to only crash systems.
>
> Does any one have a clean complile of the "better code" from 
> _http://www.cyberphreak.ch/sploitz/MS03-039.txt_
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ