lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ricky.blaikie at servercity.co.uk (Ricky Blaikie)
Subject: Shortcut...... may cause 100% cpu use!!!

proper 1337 :-)
--
Ricky Blaikie - Server City Ltd
http://www.servercity.co.uk - sales@...vercity.co.uk
T:0871-260100 F: 0871-2601001


----- Original Message ----- 
From: "Maxime Ducharme" <maxime@...dore-design.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, October 30, 2003 3:43 PM
Subject: Re: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!!


> From: "Bipin Gautam" <door_hUNT3R@...ckcodemail.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Thursday, October 30, 2003 9:02 AM
> Subject: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!!
>
>
> >
> > --[Effected]--
> > The exploit has been tested in WINDOWS xp
>
>
> wow a new exploit !
>
>
> >
> > --[Description]--
> > Running a specially crafted "shortcut" that points to itself! IF
executed
> through 'Windows Explorer' or IE may cauze 100% cpu use... THAT CAN LEAD
> TODoS in the victim.
>
>
> ohhh wait, this a DoS too !
>
> >
> >
> >
> > --[Simple! proof of concept]--
> > http://www.geocities.com/visitbipin/shortcut.zip
> >
> > [Note: You *may* have to RUN the 'shortcut' few* time's to have a
> effective 100% CPU use...]
> >
> >
> > EXTRACT this file and copy it to c:\   [root] and double click IT... or
> open it through IE after copying it in c:\
> >
> >
> >
> >
> > PS: Anyone willing to craft* it for IIS        (O;
>
>
> I found how, send the file to the sysadmin and tell his this is a patch !
>
>
>
> >
> > --[credit]--
> > Bipin Gautam (hUNT3R)
>
>
> congrats to our security specialist bipin
>
> >
> > _____________________________________________________________
> > Secure mail ---> http://www.blackcode.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ