lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAAOnDKd2u1yoeMyt2viL1PHgFrimhXkThpE97Q2egLdkek0y8A@mail.gmail.com>
Date: Tue, 22 May 2012 09:55:48 +0100
From: Michele Orru <antisnatchor@...il.com>
To: Juan Sacco <jsacco@...loitpack.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	Charles Morris <cmorris@...odu.edu>,
	Juan Sacco <jsacco@...ecurityresearch.com>
Subject: Re: FW: Curso online - Profesional pentesting -
 Promocion ( 25% de descuento )

LOL, when did I say ExploitPack is cool ?
Maybe in your dreams!

And btw, the Javascript agent you sent are not the one I analyzed.
This is the one: http://pastebin.com/7j1wfB2n
After you scroll down, skipping jquery, you see the BeEF code that you included.

You were just replacing the BeEF global variable calling it "bot",
and re-using large parts of BeEF.

Anyway, everyone knows you...you're like the second MustLive.
Your Metasploit clone, apart from shitty InfoSec articles, is a
complete failure and clone.

So get a life man!

Cheers
antisnatchor

On Sun, May 20, 2012 at 8:04 PM, Juan Sacco <jsacco@...loitpack.com> wrote:
> Michele Orru.. Sorry to write you directly to the list.. But you did it
> too.. So.. please allow me to answer..
>
> Exploit Pack != Beef ... Just similar projects.. different approaches
>
> In fact you came to a webcast where I showed the code of Exploit Pack... I
> remember you saying that Exploit Pack is a cool project...
>
> Please check out our javascript agent...
> http://www.exploitpack.com/Gate/jsacco.js
> http://www.exploitpack.com/Gate/PLAINdoMagic.js
>
> I am not pointing you with a gun.. if you don not like Exploit Pack tools..
> just do not use our tools...
>
> In my personal opinion, beef is a good project, in fact I am a big fan of
> it. But it doesnt work like i want it, beef cannot handle more than 10
> bots.. almost all the times I run the ruby project it crashes.. also some
> modules doesnt work either.. the popup persistent is old and do not work on
> recent browsers.. among other things.. Also beef doesnt have any module for
> defense like clientside SQLi / XSS protection...
>
> SQLi: http://www.youtube.com/watch?v=kD2gI8giOQA
> XSS: http://www.youtube.com/watch?v=1rYy5SA9PPs&feature=relmfu
>
> Regards
> JSacco
>
> On Sun, May 20, 2012 at 7:40 AM, Michele Orru <antisnatchor@...il.com>
> wrote:
>>
>> An btw, his WebSecurity tool is a pure clone of BeEF.
>>
>> If you try it, and analyze the Javascript hook file, is the same thing.
>> He just change the global variable name from beef to bot, leaving
>> everything else :D including the BeEF version he used to copy from.
>>
>> LOL.
>>
>> On Sun, May 20, 2012 at 8:30 AM, BMF <badmotherfsckr@...il.com> wrote:
>> > Actually, this Juan Sacco assclown has been pissing me off too. I'm in
>> > some group with him on linkedin and getting his messages. I keep
>> > flagging them as spam. I wish I knew how to get him to stop emailing
>> > and messaging me.
>> >
>> > Juan: Knock it off, you disaffected deleterious douchenozzle.
>> >
>> > On Sat, May 19, 2012 at 10:44 AM, Charles Morris <cmorris@...odu.edu>
>> > wrote:
>> >>> I request your permission to test any and all of your facilities in
>> >>> any way I deem appropriate including (by not limited to) your personal
>> >>> machines, the machines of your coworkers and family, and any other device I
>> >>> deem within scope of my testing.   Further, I request you to grant full,
>> >>> unlimited access and authorization for me to test these devices in any way I
>> >>> see fit with full unadulterated impunity.
>> >>>
>> >>
>> >> stop flexing
>> >>
>> >> _______________________________________________
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> --
>> /antisnatchor
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>



-- 
/antisnatchor

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ