lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Oct 2011 11:17:01 +1100
From: xD 0x41 <secn3t@...il.com>
To: Juan Sacco <juansacco@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

Juan,


why lie dude, i looked at your github LATEST pull/commit, what is this then

Exploit Pack/exploits/Free Float FTP Server - copia.xml

   - View file @
e17cc4d<https://github.com/exploitpack/trunk/blob/e17cc4d5ee893ce93d2e56deccd7595e944210ee/Exploit%20Pack/exploits/Free%20Float%20FTP%20Server%20-%20copia.xml>

 @@ -1,17 +0,0 @@

  -<?xml version="1.0" encoding="UTF-8"?>

  -<Module>

  -

  -<Exploit NameXML="Free Float FTP Server"
CodeName="FreeFloatFTPServer.py"  Platform="linux" Service="ftp"
Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R"
ShellPort="4444" SpecialArgs="">

  -</Exploit>

  -

  -<Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">

  -Free Float FTP Server USER Command Remote Buffer Overflow Exploit

  -when parsing the command 'USR', which leads to a stack based
overflow. Also Free Float FTP Server allow remote anonymous login by
default

  -exploiting these issues could allow an attacker to compromise the
application, access or modify data.

  -</Information>

  -

  -<Targets>

  -Microsoft Windows XP SP2 - Microsoft Windows XP SP3

  -</Targets>

  -

  -</Module>

exposed! and it is rubbish.
5 exploits, i even pointed him, (in pvt) to a million py files he can now
deface... and he acting like, hes all for the author being in the
sploit..right..ye.. and nice use of xml ...

this is worse thing, i have seen, i have seen better made bash exploit
packs.
sorry, again your stuff is a complete fail.
not even the main exploits, who the heck cares about ftpds like, 10 students
use.. you are maybe in need of guidance, wich, i doubt anyone will give
after these lies your pulling... telling ppl, your doing the RIGHT thing,
when your git pull says different!
i alsio have a giot hub, and understanmd how it works,. so stop trying to
stooge people dude, your stuff sux.
and when i tried to seperate links, into different downloads, like your
download page specifies.. it does not work and always gives the base, wich
is linux. only. i believe...unless osme, small tweaking/batfile made for
win32..but, you advertise the win32 binarys..so, your just fake.

....pls explain..why your acting like, i am a liar, when, your removing the
author, from even the exploits now... cheeky,and very rude to me personally.
screw u and ur pathetic crap, open or closed,it is a waste of time.
xd



On 6 October 2011 10:47, Juan Sacco <juansacco@...il.com> wrote:

> Hey,
> Its really a shame that you didn't even take like 2 minutes to watch the
> source code of Exploit Pack before create an opinion.
> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
> JAVA. See the diference? Also, please take a look at the interface design,
> both are really different. Show me where Exploit Pack is similar to Canvas!
> I think you spent too much time looking for Waldo :-D
>
> We respect the exploit author and that is why I add them at the first line
> of the XML file
> You should run the program before creating this crappy post with your
> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )
>
> Take a look if you want:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Module>
>
> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"  Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
> </Exploit>
>
> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
> when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default
> exploiting these issues could allow an attacker to compromise the application, access or modify data.
> </Information>
>
> JSacco
>
> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> Heya jeff,
>> The author is clearly not smart.
>> He is copying other codes, this is a plain rip off of canvas...hehe... and
>> same with his insect pro... he stole metasplit for tht one, then he wants
>> repect, when we see him removing simplly one line wich would atleast say a
>> ty and, show [ppl who writes, is maybe sometimes stabler than other authors,
>> it would be better to have this in, not out.. he should be able to see thats
>> how it works with exploit code/pocs in general... sometimes, if i see php
>> code from one person, i will tend to look, but if it was from an unknown
>> person, i prolly wouldnt.
>> But this (open sauce) project, i will download and waste 5minutes on.
>> Then illm go back to Backbox and BT5 and things wich work :)
>> hehe
>> (this guy is really mad about his app... and i mean, dang mad angry! I
>> will buy some tissues and send to him, that is my donation for his app)
>> :))
>> xd
>>
>>
>> On 6 October 2011 08:59, Jeffrey Walton <noloader@...il.com> wrote:
>>
>>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@...ertel.com.ar> wrote:
>>> > - * @author Stefan Zeiger (szeiger@...ocode.com)
>>> > - print "   Written by Blake  "
>>> > - <Information Author="Blake" Date="August 23 2011"
>>> Vulnerability="N/A">
>>> >
>>> > +#Exploit Pack - Security Framework for Exploit Developers
>>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>>> > +#
>>> > +#This program is free software: you can redistribute it and/or modify
>>> > it under the terms of the
>>> > +#GNU General Public License as published by the Free Software
>>> > Foundation, either version 3
>>> > +#or any later version.
>>> > +#
>>> > +#This program is distributed in the hope that it will be useful, but
>>> > WITHOUT ANY WARRANTY;
>>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
>>> > PARTICULAR
>>> > +#PURPOSE. See the GNU General Public License for more details.
>>> > +#
>>> > +#You should have received a copy of the GNU General Public License
>>> > along with this program.
>>> > +#If not, see http://www.gnu.org/licenses/
>>> GPL V3 - they had to encumber it to set it free?
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> _________________________________________________
> Insecurity Research - Security auditing and testing software
> Web: http://www.insecurityresearch.com
> Insect Pro 2.5 was released stay tunned
>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ