lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041230141112.85467.qmail@web61301.mail.yahoo.com>
From: shreddersub7 at yahoo.com (ShredderSub7)
Subject: Windows (XP SP2): Remotely Code Execution with
	Parameters (Updated)

Hi all,
a few days ago, I released a PoC from an exploit that can allow code execution from a webpage.
Some people asked me if it is possible to execute a random file, that comes from the Internet.
Now, I updated this PoC and it is possible to execute a malware file from the Internet.
http://freehost19.websamba.com/shreddersub7/cmdexe.htm (PoC, installs and opens 2 files called "cmdexe.exe" and "cmdexe.hta" into your root C-drive).
This new PoC works very similar to the old one (which you can still find at http://freehost19.websamba.com/shreddersub7/htm.htm).
The new PoC actually uses the old PoC multiple times, it is build in 3 fases:
The first fase will be used to write the HTML application "cmdexe.hta" to your C-drive. If you want to know how this is done, I refer to the website of Michael Evanchik (http://www.michaelevanchik.com), because he was the first person who founded this writing method (btw, thanks!).
The second fase is very similar to the first one: it opens the file "cmdexe.hta" and it will write the malware file "cmdexe.exe" also to your C-drive.
The third fase then is based on my older exploit (http://freehost19.websamba.com/shreddersub7/htm.htm, Remote Code Execution), it will open the file "C:\cmdexe.exe". For more info about that third fase, I refer to my own explanation found at http://freehost19.websamba.com/shreddersub7/expl-discuss.htm.
 
So, for the PoC about Remote Malware Code Execution with Parameters:
http://freehost19.websamba.com/shreddersub7/cmdexe.htm
 
Contact:
shreddersub7_at_yahoo.com (replace "_at_" with "@" off course)
 
Regards,
shreddersub7

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041230/601b46fe/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ