lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 8 Nov 2006 09:14:48 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: Gil Dabah <arkon@...estorm.net>
Cc: full-disclosure@...ts.grok.org.uk, Code-Crunchers@...testar.linuxbox.org
Subject: Re: [Code-Crunchers] windows vulnerability? [was:
	Re: 137 bytes]

On Wed, 8 Nov 2006, Gil Dabah wrote:
> With all due respect to Alex.
> It's still not the Mother.
> You have to install DAV support for some Windows.
> 
> And Windows can read other DLL's from the network, if you set the path to
> point there... of course, it's not the same case,
> but it's also possible.


Unrelated, as to my post, I am explaining my meaning in a follow-up to FD 
and here.

Further, thinking about it, this code execution stuff was mentioned by YOU
of all people a while back. I guess I had the same epiphany.

	Gadi.

> 
> On 11/8/06, Gadi Evron <ge@...uxbox.org> wrote:
> >
> > On Wed, 8 Nov 2006, onisan wrote:
> > > One thing is in this makes it even more interesting, most of the
> > firewalls
> > > do not block this download, so it's smallest and most dangerous
> > downloader
> > > at the same time :o
> >
> > What Alex did is very impressive! Matthew Murphy came up with the idea
> > originally, I think, but it doesn't take from this amazing work in any
> > way.
> > *awe struck*
> >
> > I'd say more though, it's a vulnerability.
> >
> > If you can load a library remotely, and do so with no problems, it's a
> > vulnerability in Windows. I am not sure of what kind quite yet.
> >
> > The mother of all downloaders.
> >
> > "The Zone has a new King!" <we're not worthy x3>
> >         -- Jeff, Coupling (BBC, UK).
> >
> >         Gadi.
> >
> > > -- G
> > >
> > > 2006/11/8, Solar Eclipse <solareclipse@...eedom.org>:
> > > >
> > > > On Tue, Nov 07, 2006 at 10:56:42AM -0800, Peter Ferrie wrote:
> > > > > Why is the idata size present?  AFAIK, no Windows version checks it.
> > > > > Four bytes shorter, then (stop at the idata rva non-zero byte)?
> > > >
> > > > You're right, you can remove the last field and bring the file size
> > down
> > > > to 133 bytes. That's what I get for claiming that the size can't be
> > > > improved :-)
> > > >
> > > > Solar
> > > > _______________________________________________
> > > > Code-Crunchers mailing list
> > > > Code-Crunchers@...testar.linuxbox.org
> > > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> >
> > _______________________________________________
> > Code-Crunchers mailing list
> > Code-Crunchers@...testar.linuxbox.org
> > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> >
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ