|
|
Colapse all |
Post message
Taking the control by abusing array index. 2005-02-21 Agustin Gianni (agustingianni gmail com) (1 replies) Re: SAM encrypted with syskey 2005-02-17 Vladimir Katalov (vkatalov elcomsoft com) In-Reply-To: <F36BC027FD4D7E4FB9EA59EFAF86BAAD11AEE4 (at) mex0010mf01.na.xerox (dot) net [email concealed]> >Does any one knows a method to retrieve the password for the SAM >(NT/W2K) that has been encripted with syskey? Or bypass the system >startup password? Proactive Windows Security Explorer allows that: http://www.elco [ more ] [ reply ] RE: SAM encrypted with syskey 2005-02-10 Anzaldo, Oscar (Oscar Anzaldo xerox com) Thank to all for your answers. To avoid misunderstandings what i am looking for is the password for the SAM not the users/passwords. Best regards -----Original Message----- From: Johnson, Joey [mailto:Joey.Johnson (at) MWAA (dot) com [email concealed]] Sent: Jueves, 10 de Febrero de 2005 01:23 p.m. To: Anzaldo, Oscar; vuln- [ more ] [ reply ] RE: SAM encrypted with syskey 2005-02-10 Johnson, Joey (Joey Johnson MWAA com) (1 replies) You have lots of options with Windows. Easiest solution- Get a copy of ERD and just change the password -----Original Message----- From: Anzaldo, Oscar [mailto:Oscar.Anzaldo (at) xerox (dot) com [email concealed]] Sent: Tuesday, February 08, 2005 10:50 AM To: vuln-dev (at) securityfocus (dot) com [email concealed] Subject: SAM encrypted with syskey Hi [ more ] [ reply ] Re: SAM encrypted with syskey 2005-02-11 Brendan Dolan-Gavitt (bdolangavitt wesleyan edu) (1 replies) books or material on mail protocols 2005-02-10 Mads Rasmussen (mads opencs com br) (3 replies) I searched amazon for books on mail protocols such as pop2/3, imap3/4 and smtp but wasn't able to find anything interesting, like code examples. What puzzles me are the mime encodings and if it's possible to write back to an imap server, you read the message, modify the body and write the chang [ more ] [ reply ] RE: SAM encrypted with syskey 2005-02-10 DePriest, Jason R. (jrdepriest firsthorizon com) The boot floppy you can find here http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html seems to have the ability to circumvent syskey. -Jason -----Original Message----- From: Anzaldo, Oscar [[REMOVED]] Sent: Tuesday, February 08, 2005 9:50 AM To: [REMOVED] Subject: SAM encrypted with syskey H [ more ] [ reply ] RE: win2k, XP deletes somename_files when somename.html deleted 2005-02-07 Michael Wojcik (Michael Wojcik microfocus com) > From: q q [mailto:systemcracker (at) gmail (dot) com [email concealed]] > Sent: Saturday, 05 February, 2005 14:08 > To: vuln-dev (at) securityfocus (dot) com [email concealed] > > create a file named foobar.html > create a folder named foobar_files > copy a bunch of files (of any type) inside foobar_files > delete foobar.html > > notice that windows h [ more ] [ reply ] RE: problem in off by one overflow 2005-02-07 Steven Alexander (alexander s mccd edu) Off-by-one exploits do not work by pointing ebp at shellcode like a straightforward exploit does with eip. ebp points to the local stack frame. The ebp stored on the stack points to the previous local stack frame. You need to modify the saved ebp value to manipulate the stack frames in such a way [ more ] [ reply ] problem in off by one overflow 2005-02-05 Breno Pinto (breno secforum com br) (1 replies) Hi, I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, i receive an SIGSEGV message. SIGSEGV message in 0x90909090 ?? I´m using red hat 7.3 and gcc 2.95. Anybody knows why 0x90909090 broke my exploitation ? Thanks Breno [ more ] [ reply ] win2k, XP deletes somename_files when somename.html deleted 2005-02-05 q q (systemcracker gmail com) (1 replies) well, the title says it all really; create a file named foobar.html create a folder named foobar_files copy a bunch of files (of any type) inside foobar_files delete foobar.html notice that windows has also deleted foobar_files and everything inside it the reason is that when you choose to save a [ more ] [ reply ] Re: win2k, XP deletes somename_files when somename.html deleted 2005-02-07 Albert N. Umerov (bert_umerov bluebottle com) RE: xml over https 2005-02-07 Burke, Charles (Charles_Burke HomeDepot com) (1 replies) This web services was not using WS Security was it? I am assuming the xml encryption was custom or was it provided by WSE? -----Original Message----- From: Mads Rasmussen [mailto:mads (at) opencs.com (dot) br [email concealed]] Sent: Friday, February 04, 2005 7:33 AM To: vuln-dev (at) securityfocus (dot) com [email concealed] Subject: Re: xml over https [ more ] [ reply ] Re: xml over https 2005-02-05 Barnett E. Kurtz (barnett entrodata net) Here are some references from MS to get you started: "Stop SQL Injection Attacks Before They Stop You" http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/ "Validating User Input" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/bldgapp s/ba_highprog_11kk.asp "Cross [ more ] [ reply ] RE: xml over https 2005-02-03 Butler, Theodore (tbutler witsusa com) (1 replies) SOAP provides the transport envelope for XML. XML represents and extends HTML data by providing additional descriptions via metadata. WSDL describes the web services, while UDDI supports registration and discovery of web services. All are evolving protocols that take advantage and use existing proto [ more ] [ reply ] xml over https 2005-02-01 Mads Rasmussen (mads opencs com br) I don't have much details on the application yet, but I will have to analyse an application using xml encodings over https. Don't know if it's SOAP although I don't think so. I was thinking of applying some injection techniques, if anyone has some pointers I would appreciate them Thanks Mads [ more ] [ reply ] RE: IE crash 2005-02-02 Scovetta, Michael V (Michael Scovetta ca com) Fabio, It has very little to do with IE. The hs_err_pidXXXX.log files are dumps that the JVM makes when it crashes when in native code. I belive this JVM bug may be: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4816519 There are reports of this happening on NT and XP, but since the bug [ more ] [ reply ] IE crash 2005-02-01 Fabio Ruini (fabio ruini aliceposta it) Hi at all, yesterday evening I was working at my pc, running multiple windows of Internet Explorer at the same time. When I tried to open the 40th IE's windows (I know, 40 windows simultaneously open is a big number, but I had many reasons to do this kind of operation... :-/) I encountered a crash [ more ] [ reply ] Fwd: MS05-002 xploit modification - connectback addition 2005-01-30 Benn Goldman Rivers (benoror gmail com) Filename with greetings ... sorry On Sun, 30 Jan 2005 00:41:16 -0600, <benoror (at) gmail (dot) com [email concealed]> wrote: > /* WC-ms05002-ani-expl-cb.c: 2005-01-30: PUBLIC v.0.2 > * > * Copyright (c) 2004-2005 WhiskyCoders. > * > * (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit > * (CAN-2004-1049) [ more ] [ reply ] RealPlayer 10.5 Denial of Service and possible Overflow 2005-01-24 Carlos Ulver (carlos ulver gmail com) Well i was trying to find something in .ra format. I found something interesting(I think) I had an old .Ra and tryed to change some information of the file(via an hexadecimal editor): All my .ra files begin always with the following code: .ra......ra4.........r.........>................+........ If [ more ] [ reply ] |
|
Privacy Statement |
implementation.
This traceroute has a similar bug, it refers to an array of pointers
and the int value that is acting as the array index is unsigned. The
problem is
that it does something like this
pointer_array[unsigned_int] = mallo
[ more ] [ reply ]