The Call for Papers for HITB Security Conference 2009 Malaysia is now open!

Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Summaries not exceeding 1250 words should be
submitted (

[ more ]  [ reply ]

This is a gentle reminder that the Call for Papers for ClubHack2008 is
closing on the 10th of November.
URL: http://clubhack.com/2008/CFP

Papers are expected to be of 40 minutes each. The schedule time for
each presenter would be 50 minutes out of which 40 minutes are for the
presentation & 10 for

[ more ]  [ reply ]

On Tue, Sep 23, 2008 at 3:43 AM, Florencio Cano
<florencio.cano (at) gmail (dot) com [email concealed]> wrote:
> run it inside GDB. Does GDB alter the memory map of a process when
> executed inside it? In which way? Where I can read info about this?

Yes, your offsets will differ. Put a break at start of main(),
recompile, and

[ more ]  [ reply ]

> I'm beggining studying deeply exploits. Now I have a problem. I'm
> trying a return-to-libc exploit but I get a segmentation fault when
> executed in the terminal and I get the code correctly executed when I
> run it inside GDB. Does GDB alter the memory map of a process when
> executed inside it?

[ more ]  [ reply ]

Hi,
I'm beggining studying deeply exploits. Now I have a problem. I'm
trying a return-to-libc exploit but I get a segmentation fault when
executed in the terminal and I get the code correctly executed when I
run it inside GDB. Does GDB alter the memory map of a process when
executed inside it? In wh

[ more ]  [ reply ]

I tried this code on c2600-I-M 12.3(6c),but it did not work.is it really version independent?

[ more ]  [ reply ]

Hi,

One of the biggest problems with IOS exploitation is that on every
different version of IOS, the addresses required to execute useful
shellcode are different. Therefore, hard-coded addresses were inserted
into shellcode and this made exploits very version-dependent.

I have been working on a wa

[ more ]  [ reply ]

TOORCON X

9 years have gone by since we released our first CFP and crammed into
a couple of small rooms at UCSD, but we're very proud to have come
this far and to be finally accepting submissions for the 10th ToorCon.
I could go on and on talking about how great this year's event is
going to be, bu

[ more ]  [ reply ]

Step-by-step instructions for debugging IOS using gdb - Andy Davis,
2008 (iosftpexploit "at" googlemail <dot> com):

I have been asked by many people for a simple step-by-step guide for
setting up an IOS exploit development environment, which includes
connecting to a Cisco router using gdb, so here

[ more ]  [ reply ]

Greetings,

I am glad to release ProcL v1.0. ProcL employs many different methods
to detect hidden processes. Essentially, ProcL detailed and
implemented a mechanism to embed all these different approaches in one
tool to detect hidden processes. Our methods of detecting hidden
processes req

[ more ]  [ reply ]

@Mail PHP Version 5.41 patch Release
http://atmail.com/demo/atmailphpdemo.tgz

The default install of Atmail 5.41 creates the following
file in the atmail/ directory: build-plesk-upgrade.php

If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php
it will execute

[ more ]  [ reply ]

Just back from SyScan Singapore, which once again
was filled with great speakers on a variety of topics.

If you were not there, and are in the Singapore area
then I highly recommend going along next year.

Our presentation detailing some heap exploitation
techniques for Windows 2003 can be found

[ more ]  [ reply ]

While this doesn't seem to apply to this particular bug, usually if
you have a short unfiltered injection then your best bet is to look
for a filtered injection later in the page and do a fragmentation
attack in 5 chars like this: (the </b=" is your unfiltered injection;
if they use " for quotes, yo

[ more ]  [ reply ]

Hello list,

I updated a tool I wrote a long time ago. This time, it
features:

- full SSL support (client and server with certificates)
- port proxying (TCP and UDP)
- SSL proxying
- IPv4/IPv6 proxying
- IPv4 and IPv6 support

To know more:
http://www.gomor.org/bin/view/GomorOrg/SslNetcat

--
^

[ more ]  [ reply ]

Am I the only one who sees the irony of an XSS related email/question
and example URLs to click? Heh.

Serg

On Thu, Apr 24, 2008 at 9:36 AM, Kristian Erik Hermansen
<kristian.hermansen (at) gmail (dot) com [email concealed]> wrote:
> Just been noticing all the talk about Obama and Clinton sites and how
> the media keeps m

[ more ]  [ reply ]

Yes, you make a good point :-). However, the purpose of the email was
that we can't inject anything useful in 5 chars, so the XSS I posted
merely corrupts the page a little, and does not execute any scripts on
you. Honest! Go click the links and see ... Hehe

On 4/26/08, Serg B <sergeslists@gmai

[ more ]  [ reply ]

Just been noticing all the talk about Obama and Clinton sites and how
the media keeps making a big deal out of all these XSS vulns, heh.
However, I have a rather technical question about what, if anything,
you can do when you have such a small buffer to exploit XSS? Check
out this one I found and i

[ more ]  [ reply ]

Look at python PoC...

http://www.joomla.com.br/blog/2008/04/17/poc-of-denial-of-service-in-ssh
-daemons/

[ more ]  [ reply ]

Thanks sipherr i test can i succeed thanks

[ more ]  [ reply ]

the Call for Paper for SyScan'08 Singapore will close in 10 days' time
on 30th April 2008.

the program for SyScan'08 Hong Kong is out. do not miss the first hacker
conference in this exotic "pearl of the orient" city.

********************************
CALL FOR PAPERS/TRAINING

SyScan'08 Singapore

[ more ]  [ reply ]

Playing around with the configuration files will reveal?..even though the admin accounts password has been changed, there is still another administrative account burried in there.

username: isp

password: isp

*Sneaks one past*

sipherr (at) gmail (dot) com [email concealed]

http://www.elitter.net

[ more ]  [ reply ]

Hi all,

I would like to post here some

problems that i found in Foxit

Reader 2.2 software.

I sent to the company support

two depthly detailed descriptions

about these bugs with both pdfs

causing them. The answer

from the company was:

"Hello.

Both Foxit Reader and Adobe Read

[ more ]  [ reply ]

There's a bug in OOo which make it crash if number of styles in a
document > 65535
http://qa.openoffice.org/issues/show_bug.cgi?id=84159

Seems like the problem is in the framework so it could potentially
affect other areas in a document. I am wondering if this can be
potential security problem too

[ more ]  [ reply ]

(We've moved the conference this year to the a club
in Leicester Square in the heart of London and SoHo.
We'll be putting speakers up across the square at the
Radisson Edwardian Hampshire, but there are lots of
hotels in the region there in the center of London
for those who want to attend (the ve

[ more ]  [ reply ]

On Thu, 03 Apr 2008 10:58:14 PDT, "Thor (Hammer of God)" said:
> Hey Valdis -
>
> > > So, if you have someone who is going to run as administrator anyway,
> > > download the untrusted .exe, execute it, and then confirm the
> > > execution of the program without concern for what happens, we can't
>

[ more ]  [ reply ]

On Wed, 02 Apr 2008 13:39:36 PDT, "Thor (Hammer of God)" said:

> So, if you have someone who is going to run as administrator anyway,
> download the untrusted .exe, execute it, and then confirm the execution
> of the program without concern for what happens, we can't really fault
> the OS for that

[ more ]  [ reply ]

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
> Valdis.Kletnieks (at) vt (dot) edu [email concealed]
> Sent: Sunday, March 30, 2008 8:52 PM
> To: Steve Shockley
> Cc: vuln-dev (at) securityfocus (dot) com [email concealed]
> Subject: Re: Windows Vista winsat.exe Integer Overflow
>
>

[ more ]  [ reply ]

On Fri, 28 Mar 2008 23:03:55 EDT, Steve Shockley said:

> You'd still have to convince the user to bypass UAC when he wasn't
> expecting a UAC prompt, in addition to getting them to run it in the
> first place.

Experience has proved that neither of these should be all that difficult
for an attack

[ more ]  [ reply ]

jose (at) eyeos (dot) org [email concealed] wrote:
> if you can control the
> process, you can use this kind of bugs as way to trick the user to
> bypass the UAC and get admin.

You'd still have to convince the user to bypass UAC when he wasn't
expecting a UAC prompt, in addition to getting them to run it in the
first place.

[ more ]  [ reply ]

There is a flaw in windows vista benchmarking tool, called winsat.exe, that runs withs administrative privileges.

The problem, is an integer overflow in -totalobj argument, example:

winsat d3d -texshader -totalobj 2147483648

this result in a overflow of the signed int that stores the totalo

[ more ]  [ reply ]