[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJB2JzvOtBBKcsDNjRi27Lsi0J=DR2uGE+yiFLuDF8CuTmFREQ@mail.gmail.com>
Date: Sat, 12 Nov 2011 01:31:11 +0100
From: Mario Vilas <mvilas@...il.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
I have no doubt that a lot of things are lost on you.
On Fri, Nov 11, 2011 at 11:23 PM, xD 0x41 <secn3t@...il.com> wrote:
> are you braindead ?
> your humor, is really lost on me..so, i think, look within :P
>
>
> On 12 November 2011 04:01, Mario Vilas <mvilas@...il.com> wrote:
> > I liked the "heavy breather in the perv closet" bit.
> >
> > On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst <ryandewhurst@...il.com>
> > wrote:
> >>
> >> I think Jon just said what everyone else was thinking, he said what I
> >> was thinking at least.
> >>
> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@...il.com> wrote:
> >> > On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@...il.com> wrote:
> >> >> About the PPS, i think thats a very bad summary of the exploit,
> 49days
> >> >> to send a packet, my butt.
> >> >> There is many people assuming wrong things, when it can be done with
> >> >> seconds, syscanner would scan a -b class in minutes, remember it only
> >> >> has to find the vulns, gather, then it would break scan, and trigger
> >> >> vuln... so in real world botnet, yes then, with tcpip patchers, like
> >> >> somany ppl i know myself, even use (tcpipz)patcher ) , wich rocks...
> >> >> and it is ONLY one wich actually works, when you maybe modify the src
> >> >> so the sys file, is dropped from within a .cpp file, well thats up to
> >> >> you but thats better way to make it work, this will open
> >> >> sockets/threads, as i could, easily proove with one exe, but, the
> goal
> >> >> is, to trigger the vuln then exploit it, less than 49days :P , so ,
> >> >> iguess if this exploit, in real form, gathered 2 million hosts over 3
> >> >> nights.. i guessing that the exploit, could possibly be triggered
> with
> >> >> ONE properly setup packet.. people forget that, a packet is one
> thing,
> >> >> and a crafted UDP packet, is quite another..
> >> >
> >> > I'd really like to see you actually explain this bug with code. Either
> >> > with a poc or with the disassembly. You seem to act like you know
> >> > what's going on, but so far your description has been off base (from
> >> > what I can make of your writing).
> >> >
> >> > No one cares about paragraphs of speculation and bragging, code or you
> >> > are just another heavy breather in the perv closet of FD.
> >> >
> >> > _______________________________________________
> >> > Full-Disclosure - We believe in it.
> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >> >
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > “There's a reason we separate military and the police: one fights
> the enemy
> > of the state, the other serves and protects the people. When the military
> > becomes both, then the enemies of the state tend to become the people.”
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
--
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists