lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20071010141250.2FDD58BF03@mail.fjaunet.com.br>
Date: Wed, 10 Oct 2007 11:12:50 -0000
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo@...nelhacking.com>
To: "Luiz Eduardo" <le@...lophobia.net>,
	"andy.davis@...plc.com"@fjaunet.com.br,
	"full-disclosure@...ts.grok.org.uk"@fjaunet.com.br
Subject: Re: IRM Demonstrates Multiple Cisco IOS
	Exploitation Techniques

Hey Luiz,

The Gaus´s (cisco) point is the videos just showed a shellcode being
executed, not a vulnerability being exploited.  If you has a vulnerability,
so you can use the shellcode other than in a debugger  or physically
attached to the device.

Anyway, it´s time to ask where is the shellcodes?  I want to see that.


cya,


Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1


--------- Mensagem Original --------
De: Luiz Eduardo <le@...lophobia.net>
Para: Rodrigo Rubira Branco BSDaemon <rodrigo@...nelhacking.com>
Cópia: Andy Davis <andy.davis@...plc.com>, @fjaunet.com.br
<full-disclosure@...ts.grok.org.uk>
Assunto: Re: [Full-disclosure] IRM Demonstrates Multiple Cisco IOS
Exploitation Techniques
Data: 10/10/07 10:42

>
> Oi Rodrigo,
>
> by this statement on Gaus' email I would say it's not possible. But I 
will let the smart people comment.
>
> &gt; &amp;gt; - Having physical access to the device
>
> abraço
> le
>
>
>
> On Oct 10, 2007, at 3:36 AM, Rodrigo Rubira Branco (BSDaemon) wrote:
>
> &gt; Hey Andy,
> &gt;
> &gt; For sure the shellcodes can be used in a local attack, but I want
> &gt; to see you
> &gt; using a connect back shellcode locally in an IOS system ;) that´s 
&gt; why I said
> &gt; explicitly remote.
> &gt;
> &gt; cya,
> &gt;
> &gt;
> &gt; Rodrigo (BSDaemon).
> &gt;
> &gt; --
> &gt; http://www.kernelhacking.com/rodrigo
> &gt;
> &gt; Kernel Hacking: If i really know, i can hack
> &gt;
> &gt; GPG KeyID: 1FCEDEA1
>
>
>
>
>
>
>

________________________________________________
Message sent using UebiMiau 2.7.2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ