[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALo60KkvzV4zioaQWwdJk9mcKkQ9GT+YBQFPoucmBGbv3_hFLQ@mail.gmail.com>
Date: Sun, 13 Nov 2011 22:19:28 -0800
From: Antony widmal <antony.widmal@...il.com>
To: Dan Tulovsky <dant@...snow.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
Is this thread about a sk who talk about shit he doesnt know, or impacket,
or about an actual vuln ?
Not sure here
Le 14 nov. 2011 00:56, "Dan Tulovsky" <dant@...snow.com> a écrit :
> http://www.secdev.org/projects/scapy/build_your_own_tools.html
>
> Seems to be what you want.
>
> On Sat, Nov 12, 2011 at 12:27 PM, Darren Martyn
> <d.martyn.fulldisclosure@...il.com> wrote:
> > Off topic (kinda) but with all this talk on SCAPY, has anyone a good
> > reference on using it IN a python script for crafting/reading packets? Me
> > and a friend wanted to write a python version of Ettercap/dsniff using
> the
> > SCAPY libraries as a challenge and as a learning experience. Even if we
> can
> > just get some reliable ARP poisoning to work with it we will be pretty
> > happy, and will have learned something. Any good literature?
> >
> > Also, ON topic -
> > http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt
> >
> > On Sat, Nov 12, 2011 at 11:39 AM, Mario Vilas <mvilas@...il.com> wrote:
> >>
> >> I've used Impacket to craft raw packets of all kinds. Then again I don't
> >> know if that counts - used to work at Core at the time, so it was pretty
> >> much the only choice due to licensing issues with other libraries.
> >> I don't mean to say it's a bad tool to work with, not at all. I happen
> to
> >> prefer the newer Scapy, but it's just a matter of personal taste. :)
> >>
> >> On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal <antony.widmal@...il.com
> >
> >> wrote:
> >>>
> >>> Dear Dan,
> >>> Impacket was at first a Pysmb copy/update from Core Security in order
> to
> >>> play with RPC. (look at the source)
> >>> They've done some work on pysmb library in order to implement DCE/RPC
> >>> functionality in this dinosaurus lib.
> >>> Saying that we should use Impacket in order to craft *raw* UDP packet
> >>> is definitively the dumbest thing I've heard today. Seriously. Anyone
> can
> >>> confirm that ? Mario ? Carlos ? ....
> >>> Anyways, This guy doesn't understand shit, talks a lot about shit he
> >>> doesn't know about, why would you even spend time reading his shit ?
> >>> This vulnerability is about sending a *huge fucking* stream of UDP
> >>> packets on a closed port in order to trigger a int overflow via a ref
> count.
> >>> Most of the people here didn't even understand what we are talking
> >>> about/dealing with.
> >>> Anyways, it's probably time for you to unsubscribe since you don't
> follow
> >>> and S-K's like secn3t@...il.com are trying to act like they know.
> >>> Yeah right, a UDP int overflow triggered via a refcount UDP overflow
> that
> >>> you can trigger with 1 single TCP (with the right ACK) packet is the
> way to
> >>> go.
> >>> This mailing list is getting gay, seriously.
> >>> Cheers,
> >>> Antony.
> >>>
> >>>
> >>>
> >>> On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance <tzewang.dorje@...il.com
> >
> >>> wrote:
> >>>>
> >>>> Okay, now I'm confused!
> >>>> From http://oss.coresecurity.com/projects/impacket.html
> >>>> "Impacket is a collection of Python classes focused on providing
> access
> >>>> to network packets. Impacket allows Python developers to craft and
> decode
> >>>> network packets in simple and consistent manner. It includes support
> for
> >>>> low-level protocols such as IP, UDP and TCP, as well as higher-level
> >>>> protocols such as NMB and SMB. Impacket is highly effective when used
> in
> >>>> conjunction with a packet capture utility or package such as Pcapy.
> Packets
> >>>> can be constructed from scratch, as well as parsed from raw data.
> >>>> Furthermore, the object oriented API makes it simple to work with deep
> >>>> protocol hierarchies."
> >>>> Thanks for your input Antony. Can you explain why impacket has nothing
> >>>> to do with crafting UDP packets?
> >>>>
> >>>> Fascinating thread this. Thanks to all!!
> >>>>
> >>>> dan :)
> >>>> On 11 November 2011 22:42, Antony widmal <antony.widmal@...il.com>
> >>>> wrote:
> >>>>>
> >>>>> You are definitely a lamer secn3t.
> >>>>> Also for you little brain, impacket has nothing to do with crafting
> UDP
> >>>>> packets..
> >>>>> Thanks for proving this again and again.
> >>>>> On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <secn3t@...il.com> wrote:
> >>>>>>
> >>>>>> well look at that :P
> >>>>>> not same author but , nice coding predelka! good one, i will add you
> >>>>>> to crazycoders.com coderslist... i guess there is a few codes you
> have
> >>>>>> now done wich might be useful... cheers.
> >>>>>> xd
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 12 November 2011 05:43, Ryan Dewhurst <ryandewhurst@...il.com>
> >>>>>> wrote:
> >>>>>> > An attempt at a possible MS11-083 DoS/PoC exploit, by
> >>>>>> > @hackerfantastic:
> >>>>>> >
> >>>>>> > http://pastebin.com/fjZ1k0fi
> >>>>>> >
> >>>>>> > On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God)
> >>>>>> > <thor@...merofgod.com> wrote:
> >>>>>> >> Yeah, I gotta say, I’m going to use it at some point ;)
> >>>>>> >>
> >>>>>> >>
> >>>>>> >>
> >>>>>> >> From: full-disclosure-bounces@...ts.grok.org.uk
> >>>>>> >> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> >>>>>> >> Mario Vilas
> >>>>>> >> Sent: Friday, November 11, 2011 9:02 AM
> >>>>>> >> To: Ryan Dewhurst
> >>>>>> >>
> >>>>>> >> Cc: full-disclosure@...ts.grok.org.uk
> >>>>>> >> Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in
> >>>>>> >> TCP/IP
> >>>>>> >> Could Allow Remote Code Execution (2588516)
> >>>>>> >>
> >>>>>> >>
> >>>>>> >>
> >>>>>> >> I liked the "heavy breather in the perv closet" bit.
> >>>>>> >>
> >>>>>> >> On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst
> >>>>>> >> <ryandewhurst@...il.com>
> >>>>>> >> wrote:
> >>>>>> >>
> >>>>>> >> I think Jon just said what everyone else was thinking, he said
> what
> >>>>>> >> I
> >>>>>> >> was thinking at least.
> >>>>>> >>
> >>>>>> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.kertz@...il.com>
> >>>>>> >> wrote:
> >>>>>> >>> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <secn3t@...il.com>
> wrote:
> >>>>>> >>>> About the PPS, i think thats a very bad summary of the exploit,
> >>>>>> >>>> 49days
> >>>>>> >>>> to send a packet, my butt.
> >>>>>> >>>> There is many people assuming wrong things, when it can be done
> >>>>>> >>>> with
> >>>>>> >>>> seconds, syscanner would scan a -b class in minutes, remember
> it
> >>>>>> >>>> only
> >>>>>> >>>> has to find the vulns, gather, then it would break scan, and
> >>>>>> >>>> trigger
> >>>>>> >>>> vuln... so in real world botnet, yes then, with tcpip patchers,
> >>>>>> >>>> like
> >>>>>> >>>> somany ppl i know myself, even use (tcpipz)patcher ) , wich
> >>>>>> >>>> rocks...
> >>>>>> >>>> and it is ONLY one wich actually works, when you maybe modify
> the
> >>>>>> >>>> src
> >>>>>> >>>> so the sys file, is dropped from within a .cpp file, well thats
> >>>>>> >>>> up to
> >>>>>> >>>> you but thats better way to make it work, this will open
> >>>>>> >>>> sockets/threads, as i could, easily proove with one exe, but,
> the
> >>>>>> >>>> goal
> >>>>>> >>>> is, to trigger the vuln then exploit it, less than 49days :P ,
> so
> >>>>>> >>>> ,
> >>>>>> >>>> iguess if this exploit, in real form, gathered 2 million hosts
> >>>>>> >>>> over 3
> >>>>>> >>>> nights.. i guessing that the exploit, could possibly be
> triggered
> >>>>>> >>>> with
> >>>>>> >>>> ONE properly setup packet.. people forget that, a packet is one
> >>>>>> >>>> thing,
> >>>>>> >>>> and a crafted UDP packet, is quite another..
> >>>>>> >>>
> >>>>>> >>> I'd really like to see you actually explain this bug with code.
> >>>>>> >>> Either
> >>>>>> >>> with a poc or with the disassembly. You seem to act like you
> know
> >>>>>> >>> what's going on, but so far your description has been off base
> >>>>>> >>> (from
> >>>>>> >>> what I can make of your writing).
> >>>>>> >>>
> >>>>>> >>> No one cares about paragraphs of speculation and bragging, code
> or
> >>>>>> >>> you
> >>>>>> >>> are just another heavy breather in the perv closet of FD.
> >>>>>> >>>
> >>>>>> >>> _______________________________________________
> >>>>>> >>> Full-Disclosure - We believe in it.
> >>>>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>>> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>> >>>
> >>>>>> >>
> >>>>>> >> _______________________________________________
> >>>>>> >> Full-Disclosure - We believe in it.
> >>>>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>>> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>> >>
> >>>>>> >>
> >>>>>> >>
> >>>>>> >> --
> >>>>>> >> “There's a reason we separate military and the police: one fights
> >>>>>> >> the enemy
> >>>>>> >> of the state, the other serves and protects the people. When
> >>>>>> >> the military
> >>>>>> >> becomes both, then the enemies of the state tend to become the
> >>>>>> >> people.”
> >>>>>> >
> >>>>>> > _______________________________________________
> >>>>>> > Full-Disclosure - We believe in it.
> >>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>> >
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Full-Disclosure - We believe in it.
> >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Full-Disclosure - We believe in it.
> >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >>
> >> --
> >> “There's a reason we separate military and the police: one fights
> >> the enemy of the state, the other serves and protects the people. When
> >> the military becomes both, then the enemies of the state tend to
> become the
> >> people.”
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > My Homepage :D
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists