lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp5drKVs5T2V7kOfmTyjqxcy-pmvXfJoxcnjYaObxfvgwQ@mail.gmail.com>
Date: Thu, 6 Oct 2011 10:55:38 +1100
From: xD 0x41 <secn3t@...il.com>
To: Juan Sacco <juansacco@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

Juan,
I have not created any opinion (yet) but, is it rally fair, to give people
who code, 2 frigging dollars, for sometimes what would be 0day , or is it
nice, to remove the REAL auithors name, and add your own.
Thats the only grips i see, without having to look at it yet.
The whole look of it, without 'using' it tho, looks alot like canvas ;p but,
thats not bad thing and, i personally, dont mind that, coz canvas, is not
open and, this one is, wich would be great to bring that feel into it.. so,
your reading tomuch into things, when i mean giving credit to author, i dont
mean putting in his email/greetings and notes, i mean, simply one line to
give credit, so people who are using the pack, could atleastfeel sure with
some coders,that the code will be very nice, and not painful to read or ,
modify even to make it nicer.. that is why i like to always makesure authors
get some credit, however it may be, it only needbe a nick/name, but you are
using theyre things, but on your people who your paying, i guess you should
maybe put in place then rules that, all exploits paid for, would not recieve
credits, other than, part of devteam or part of exploit-pack codepack.
It aint hard to keep people happy. Whilst still producing quality, or, non
quality.
i will run your pack, using ONE well know exploit, and if that fails, i will
have results here, compared to backbox scan or, another vuln scan, then, i
will comment further. How does that sound?
Ok. I will do my research, but, i aint angry at you, nor the product, altho
i dislike Insect, this one, seems to have some good features. So yea, ill
take an open look, i only think, if code is NOT paid for, then you should
put authors name or handle in there somwhere, maybe even something for paid
exploits... people do appreciate a 'thanks to' sometimes... especially you
it seems.
xd


On 6 October 2011 10:47, Juan Sacco <juansacco@...il.com> wrote:

> Hey,
> Its really a shame that you didn't even take like 2 minutes to watch the
> source code of Exploit Pack before create an opinion.
> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
> JAVA. See the diference? Also, please take a look at the interface design,
> both are really different. Show me where Exploit Pack is similar to Canvas!
> I think you spent too much time looking for Waldo :-D
>
> We respect the exploit author and that is why I add them at the first line
> of the XML file
> You should run the program before creating this crappy post with your
> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )
>
> Take a look if you want:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Module>
>
> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"  Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
> </Exploit>
>
> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
> when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default
> exploiting these issues could allow an attacker to compromise the application, access or modify data.
> </Information>
>
> JSacco
>
> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> Heya jeff,
>> The author is clearly not smart.
>> He is copying other codes, this is a plain rip off of canvas...hehe... and
>> same with his insect pro... he stole metasplit for tht one, then he wants
>> repect, when we see him removing simplly one line wich would atleast say a
>> ty and, show [ppl who writes, is maybe sometimes stabler than other authors,
>> it would be better to have this in, not out.. he should be able to see thats
>> how it works with exploit code/pocs in general... sometimes, if i see php
>> code from one person, i will tend to look, but if it was from an unknown
>> person, i prolly wouldnt.
>> But this (open sauce) project, i will download and waste 5minutes on.
>> Then illm go back to Backbox and BT5 and things wich work :)
>> hehe
>> (this guy is really mad about his app... and i mean, dang mad angry! I
>> will buy some tissues and send to him, that is my donation for his app)
>> :))
>> xd
>>
>>
>> On 6 October 2011 08:59, Jeffrey Walton <noloader@...il.com> wrote:
>>
>>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@...ertel.com.ar> wrote:
>>> > - * @author Stefan Zeiger (szeiger@...ocode.com)
>>> > - print "   Written by Blake  "
>>> > - <Information Author="Blake" Date="August 23 2011"
>>> Vulnerability="N/A">
>>> >
>>> > +#Exploit Pack - Security Framework for Exploit Developers
>>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>>> > +#
>>> > +#This program is free software: you can redistribute it and/or modify
>>> > it under the terms of the
>>> > +#GNU General Public License as published by the Free Software
>>> > Foundation, either version 3
>>> > +#or any later version.
>>> > +#
>>> > +#This program is distributed in the hope that it will be useful, but
>>> > WITHOUT ANY WARRANTY;
>>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
>>> > PARTICULAR
>>> > +#PURPOSE. See the GNU General Public License for more details.
>>> > +#
>>> > +#You should have received a copy of the GNU General Public License
>>> > along with this program.
>>> > +#If not, see http://www.gnu.org/licenses/
>>> GPL V3 - they had to encumber it to set it free?
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> _________________________________________________
> Insecurity Research - Security auditing and testing software
> Web: http://www.insecurityresearch.com
> Insect Pro 2.5 was released stay tunned
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ