[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp7vgGN4kehTpxxM8GGRq1sUCXA=EM2AeYD575++mZZJZQ@mail.gmail.com>
Date: Fri, 11 Nov 2011 06:59:31 +1100
From: xD 0x41 <secn3t@...il.com>
To: Sergito <sergito.lista@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
Not sure. but the actual real one, is in english :)
About the PPS, i think thats a very bad summary of the exploit, 49days
to send a packet, my butt.
There is many people assuming wrong things, when it can be done with
seconds, syscanner would scan a -b class in minutes, remember it only
has to find the vulns, gather, then it would break scan, and trigger
vuln... so in real world botnet, yes then, with tcpip patchers, like
somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks...
and it is ONLY one wich actually works, when you maybe modify the src
so the sys file, is dropped from within a .cpp file, well thats up to
you but thats better way to make it work, this will open
sockets/threads, as i could, easily proove with one exe, but, the goal
is, to trigger the vuln then exploit it, less than 49days :P , so ,
iguess if this exploit, in real form, gathered 2 million hosts over 3
nights.. i guessing that the exploit, could possibly be triggered with
ONE properly setup packet.. people forget that, a packet is one thing,
and a crafted UDP packet, is quite another..
I would not use that YT as the base for anything, it is bs, the author
is NOT russian.
Anyhow, nice try but no banana.
On 11 November 2011 06:49, Sergito <sergito.lista@...il.com> wrote:
> PoC ?
> http://www.youtube.com/watch?v=4aBE6o0oDlo
>
> []'s
> Sergito
>
> 2011/11/10 Thor (Hammer of God) <thor@...merofgod.com>
>>
>> So, I've looked about on the web to see what software of any consequence
>> you have written, but I can't find any. Can you point me to anything that
>> illustrates that you know how to develop wide scale software applications
>> and execute an SDL plan, or do you just like to sit back and bitch about
>> everyone else without actually doing anything? I'm serious - I'd really
>> like to know. Over all these years, all I've ever seen from you is talk
>> about how stupid everyone else is, but I've never once actually seen you do
>> anything constructive.
>>
>> t
>>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Georgi
>> Guninski
>> Sent: Thursday, November 10, 2011 8:48 AM
>> To: xD 0x41
>> Cc: full-disclosure@...ts.grok.org.uk
>> Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP
>> Could Allow Remote Code Execution (2588516)
>>
>> On Thu, Nov 10, 2011 at 08:46:44AM +1100, xD 0x41 wrote:
>> > You could just google for IRC packs of win2k src ;) I know i have a
>> > copy of it somewhere... acvtually tho, would not be helpful tho, as it
>> > does not affect win2k.. so i guess there would be some code there but
>> > not the code you want.
>> >
>> > @george
>> > and, ideally if 'years' ago existed for this exploit but, it does only
>> > affect v6 and up , this is tested.... so xp/2k/2k3 not affected...
>> > still, i know people are using other ways anyhow , and thats just how
>> > botting is... one way dies, one takes its place :s i guess we wait for
>> > the rls of this.. maybe!
>> >
>> >
>>
>> as in real life, real bugs die (the imaginary case is not clear to me).
>>
>> i suppose "trustworthy computing" doesn't mean "not many bugs still
>> alive".
>>
>> --
>> j
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists