[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPLMuLf39s83Hms9StZ_vLzwzFWCjciVKh=Dcesi5dhjSGpk7w@mail.gmail.com>
Date: Fri, 16 Mar 2012 11:32:59 -0700
From: Chris L <inchcombec@...il.com>
To: exibar@...lair.com
Cc: full-disclosure@...ts.grok.org.uk,
full-disclosure-bounces@...ts.grok.org.uk
Subject: Re: ms12-020 PoC
That is the first time I've seen that specific one, so not sure if it is
fake or not. The main one that I saw going around about 12 hours ago was
this one: http://pastebin.com/fFWkezQH and it is the allegedly fake one.
The fake that is was supposedly from "sabu@....com" kind of sent off some
alarm bells right away. That is either someone trying to be funny or trying
to trick some scripties into running something they really shouldn't by
using a recognizable name.
I've seen the BinaryNinja's one being talked about in a few different
places now and the consensus seems to be that it is legit but that at the
moment all it does is blue screen of death any vulnerable Windows machine
that it is used against. I haven't seen any that actually have payloads
yet. That said, I'm just passing on what seems to be the general consensus
I've seen so far. I haven't had the chance to test out any of them yet as I
don't have a spare windows box set up right now. I'm waiting for a working
version to come out before I actually try to go through the shellcode for
any backdoors and test it because who knows what some of these fakes might
REALLY do.
On Fri, Mar 16, 2012 at 10:50 AM, Exibar <exibar@...lair.com> wrote:
> Is that the same code from yesterday? I thought that code was a fake and
> didn'kt do anything?
>
> Anyone confirm this?
>
> Exibar
> Sent via BlackBerry by AT&T
>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists