lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANYkwVLFBBx6LeDRKVS-BxkfWhUpoZ0SX3xBhUKhrLzSdfzGsg@mail.gmail.com>
Date: Wed, 5 Oct 2011 21:23:16 -0300
From: Juan Sacco <juansacco@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!!
( Please do me a favor and read the license first )

Wanna keep talking about your personal opinion?

Please.. As it was told stop doing it here, this is not a chatroom. We have
a forum and a mailing list for that.

It would be nice to see you there... Believe me.

I invite you all to the new forum! :-)
http://exploitpack.com

Cheers!


On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 <secn3t@...il.com> wrote:

> Juan,
> I have not created any opinion (yet) but, is it rally fair, to give people
> who code, 2 frigging dollars, for sometimes what would be 0day , or is it
> nice, to remove the REAL auithors name, and add your own.
> Thats the only grips i see, without having to look at it yet.
> The whole look of it, without 'using' it tho, looks alot like canvas ;p
> but, thats not bad thing and, i personally, dont mind that, coz canvas, is
> not open and, this one is, wich would be great to bring that feel into it..
> so, your reading tomuch into things, when i mean giving credit to author, i
> dont mean putting in his email/greetings and notes, i mean, simply one line
> to give credit, so people who are using the pack, could atleastfeel sure
> with some coders,that the code will be very nice, and not painful to read or
> , modify even to make it nicer.. that is why i like to always makesure
> authors get some credit, however it may be, it only needbe a nick/name, but
> you are using theyre things, but on your people who your paying, i guess you
> should maybe put in place then rules that, all exploits paid for, would not
> recieve credits, other than, part of devteam or part of exploit-pack
> codepack.
> It aint hard to keep people happy. Whilst still producing quality, or, non
> quality.
> i will run your pack, using ONE well know exploit, and if that fails, i
> will have results here, compared to backbox scan or, another vuln scan,
> then, i will comment further. How does that sound?
> Ok. I will do my research, but, i aint angry at you, nor the product, altho
> i dislike Insect, this one, seems to have some good features. So yea, ill
> take an open look, i only think, if code is NOT paid for, then you should
> put authors name or handle in there somwhere, maybe even something for paid
> exploits... people do appreciate a 'thanks to' sometimes... especially you
> it seems.
> xd
>
>
> On 6 October 2011 10:47, Juan Sacco <juansacco@...il.com> wrote:
>
>> Hey,
>> Its really a shame that you didn't even take like 2 minutes to watch the
>> source code of Exploit Pack before create an opinion.
>> This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack
>> JAVA. See the diference? Also, please take a look at the interface design,
>> both are really different. Show me where Exploit Pack is similar to Canvas!
>> I think you spent too much time looking for Waldo :-D
>>
>> We respect the exploit author and that is why I add them at the first line
>> of the XML file
>> You should run the program before creating this crappy post with your
>> nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6
>> insulting posts in like.. 2 minutes?.. Dude go find a girl, come on )
>>
>> Take a look if you want:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Module>
>>
>> <Exploit NameXML="Free Float FTP Server" CodeName="FreeFloatFTPServer.py"  Platform="windows" Service="ftp" Type="remote" RemotePort="21" LocalPort="" ShellcodeAvailable="R" ShellPort="4444" SpecialArgs="">
>> </Exploit>
>>
>> <Information Author="Blake" Date="August 23 2011" Vulnerability="N/A">
>> Free Float FTP Server USER Command Remote Buffer Overflow Exploit
>> when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default
>> exploiting these issues could allow an attacker to compromise the application, access or modify data.
>> </Information>
>>
>> JSacco
>>
>> On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 <secn3t@...il.com> wrote:
>>
>>> Heya jeff,
>>> The author is clearly not smart.
>>> He is copying other codes, this is a plain rip off of canvas...hehe...
>>> and same with his insect pro... he stole metasplit for tht one, then he
>>> wants repect, when we see him removing simplly one line wich would atleast
>>> say a ty and, show [ppl who writes, is maybe sometimes stabler than other
>>> authors, it would be better to have this in, not out.. he should be able to
>>> see thats how it works with exploit code/pocs in general... sometimes, if i
>>> see php code from one person, i will tend to look, but if it was from an
>>> unknown person, i prolly wouldnt.
>>> But this (open sauce) project, i will download and waste 5minutes on.
>>> Then illm go back to Backbox and BT5 and things wich work :)
>>> hehe
>>> (this guy is really mad about his app... and i mean, dang mad angry! I
>>> will buy some tissues and send to him, that is my donation for his app)
>>> :))
>>> xd
>>>
>>>
>>> On 6 October 2011 08:59, Jeffrey Walton <noloader@...il.com> wrote:
>>>
>>>> On Wed, Oct 5, 2011 at 5:32 AM, root <root_@...ertel.com.ar> wrote:
>>>> > - * @author Stefan Zeiger (szeiger@...ocode.com)
>>>> > - print "   Written by Blake  "
>>>> > - <Information Author="Blake" Date="August 23 2011"
>>>> Vulnerability="N/A">
>>>> >
>>>> > +#Exploit Pack - Security Framework for Exploit Developers
>>>> > +#Copyright 2011 Juan Sacco http://exploitpack.com
>>>> > +#
>>>> > +#This program is free software: you can redistribute it and/or modify
>>>> > it under the terms of the
>>>> > +#GNU General Public License as published by the Free Software
>>>> > Foundation, either version 3
>>>> > +#or any later version.
>>>> > +#
>>>> > +#This program is distributed in the hope that it will be useful, but
>>>> > WITHOUT ANY WARRANTY;
>>>> > +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR
>>>> A
>>>> > PARTICULAR
>>>> > +#PURPOSE. See the GNU General Public License for more details.
>>>> > +#
>>>> > +#You should have received a copy of the GNU General Public License
>>>> > along with this program.
>>>> > +#If not, see http://www.gnu.org/licenses/
>>>> GPL V3 - they had to encumber it to set it free?
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>>
>> --
>> _________________________________________________
>> Insecurity Research - Security auditing and testing software
>> Web: http://www.insecurityresearch.com
>> Insect Pro 2.5 was released stay tunned
>>
>>
>>
>


-- 
_________________________________________________
Insecurity Research - Security auditing and testing software
Web: http://www.insecurityresearch.com
Insect Pro 2.5 was released stay tunned

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ