lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANYkwV+7GH=3NBNRrEcSZBTrT8+HhDmA0uvETtKRKay1FCGxjw@mail.gmail.com>
Date: Wed, 5 Oct 2011 20:47:58 -0300
From: Juan Sacco <juansacco@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

Hey,
Its really a shame that you didn't even take like 2 minutes to watch the
source code of Exploit Pack before create an opinion.
This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA.
See the diference? Also, please take a look at the interface design, both
are really different. Show me where Exploit Pack is similar to Canvas! I
think you spent too much time looking for Waldo :-D

We respect the exploit author and that is why I add them at the first line
of the XML file
You should run the program before creating this crappy post with your
nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )

Take a look if you want:

<?xml version="1.0" encoding="UTF-8"?>
<Module>

<Exploit NameXML="Free Float FTP Server"
CodeName="FreeFloatFTPServer.py"  Platform="windows" Service="ftp"
Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R"
ShellPort="4444" SpecialArgs="">
</Exploit>

<Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
Free Float FTP Server USER Command Remote Buffer Overflow Exploit
when parsing the command 'USR', which leads to a stack based overflow.
Also Free Float FTP Server allow remote anonymous login by default
exploiting these issues could allow an attacker to compromise the
application, access or modify data.
</Information>

JSacco

On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@...il.com> wrote:

> Heya jeff,
> The author is clearly not smart.
> He is copying other codes, this is a plain rip off of canvas...hehe... and
> same with his insect pro... he stole metasplit for tht one, then he wants
> repect, when we see him removing simplly one line wich would atleast say a
> ty and, show [ppl who writes, is maybe sometimes stabler than other authors,
> it would be better to have this in, not out.. he should be able to see thats
> how it works with exploit code/pocs in general... sometimes, if i see php
> code from one person, i will tend to look, but if it was from an unknown
> person, i prolly wouldnt.
> But this (open sauce) project, i will download and waste 5minutes on.
> Then illm go back to Backbox and BT5 and things wich work :)
> hehe
> (this guy is really mad about his app... and i mean, dang mad angry! I will
> buy some tissues and send to him, that is my donation for his app)
> :))
> xd
>
>
> On 6 October 2011 08:59, Jeffrey Walton <noloader@...il.com> wrote:
>
>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@...ertel.com.ar> wrote:
>> > - * @author Stefan Zeiger (szeiger@...ocode.com)
>> > - print "   Written by Blake  "
>> > - <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
>> >
>> > +#Exploit Pack - Security Framework for Exploit Developers
>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>> > +#
>> > +#This program is free software: you can redistribute it and/or modify
>> > it under the terms of the
>> > +#GNU General Public License as published by the Free Software
>> > Foundation, either version 3
>> > +#or any later version.
>> > +#
>> > +#This program is distributed in the hope that it will be useful, but
>> > WITHOUT ANY WARRANTY;
>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
>> > PARTICULAR
>> > +#PURPOSE. See the GNU General Public License for more details.
>> > +#
>> > +#You should have received a copy of the GNU General Public License
>> > along with this program.
>> > +#If not, see http://www.gnu.org/licenses/
>> GPL V3 - they had to encumber it to set it free?
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
_________________________________________________
Insecurity Research - Security auditing and testing software
Web: http://www.insecurityresearch.com
Insect Pro 2.5 was released stay tunned

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ