Vuln Dev Mode:
(Page 25 of 75)  < Prev  20 21 22 23 24 25 26 27 28 29 30  Next >
Taking the control by abusing array index. 2005-02-21
Agustin Gianni (agustingianni gmail com) (1 replies)
Hello, this came up to my head while i was reading a traceroute
implementation.
This traceroute has a similar bug, it refers to an array of pointers
and the int value that is acting as the array index is unsigned. The
problem is
that it does something like this

pointer_array[unsigned_int] = mallo

[ more ]  [ reply ]
Re: SAM encrypted with syskey 2005-02-17
Vladimir Katalov (vkatalov elcomsoft com)
In-Reply-To: <F36BC027FD4D7E4FB9EA59EFAF86BAAD11AEE4 (at) mex0010mf01.na.xerox (dot) net [email concealed]>

>Does any one knows a method to retrieve the password for the SAM
>(NT/W2K) that has been encripted with syskey? Or bypass the system
>startup password?

Proactive Windows Security Explorer allows that:

http://www.elco

[ more ]  [ reply ]
RE: SAM encrypted with syskey 2005-02-10
Anzaldo, Oscar (Oscar Anzaldo xerox com)
Thank to all for your answers.

To avoid misunderstandings what i am looking for is the password for the
SAM not the users/passwords.

Best regards

-----Original Message-----
From: Johnson, Joey [mailto:Joey.Johnson (at) MWAA (dot) com [email concealed]]
Sent: Jueves, 10 de Febrero de 2005 01:23 p.m.
To: Anzaldo, Oscar; vuln-

[ more ]  [ reply ]
RE: SAM encrypted with syskey 2005-02-10
Johnson, Joey (Joey Johnson MWAA com) (1 replies)
You have lots of options with Windows.
Easiest solution- Get a copy of ERD and just change the password

-----Original Message-----
From: Anzaldo, Oscar [mailto:Oscar.Anzaldo (at) xerox (dot) com [email concealed]]
Sent: Tuesday, February 08, 2005 10:50 AM
To: vuln-dev (at) securityfocus (dot) com [email concealed]
Subject: SAM encrypted with syskey

Hi

[ more ]  [ reply ]
Re: SAM encrypted with syskey 2005-02-11
Brendan Dolan-Gavitt (bdolangavitt wesleyan edu) (1 replies)
Re: SAM encrypted with syskey 2005-02-13
Michel Arboi (michel arboi gmail com)
books or material on mail protocols 2005-02-10
Mads Rasmussen (mads opencs com br) (3 replies)

I searched amazon for books on mail protocols such as pop2/3, imap3/4
and smtp but wasn't able to find anything interesting, like code examples.

What puzzles me are the mime encodings and if it's possible to write
back to an imap server, you read the message, modify the body and write
the chang

[ more ]  [ reply ]
Re: books or material on mail protocols 2005-02-11
exon (exon home se)
Re: books or material on mail protocols 2005-02-11
John R. Morris (jrmorris nerdality com)
Re: books or material on mail protocols 2005-02-11
John R. Morris (jrmorris nerdality com)
RE: SAM encrypted with syskey 2005-02-10
DePriest, Jason R. (jrdepriest firsthorizon com)
The boot floppy you can find here
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
seems to have the ability to circumvent syskey.

-Jason

-----Original Message-----
From: Anzaldo, Oscar [[REMOVED]]
Sent: Tuesday, February 08, 2005 9:50 AM
To: [REMOVED]
Subject: SAM encrypted with syskey

H

[ more ]  [ reply ]
SAM encrypted with syskey 2005-02-08
Anzaldo, Oscar (Oscar Anzaldo xerox com)
Hi list,

Does any one knows a method to retrieve the password for the SAM
(NT/W2K) that has been encripted with syskey? Or bypass the system
startup password?

Regards

Oscar.

[ more ]  [ reply ]
RE: win2k, XP deletes somename_files when somename.html deleted 2005-02-07
Michael Wojcik (Michael Wojcik microfocus com)
> From: q q [mailto:systemcracker (at) gmail (dot) com [email concealed]]
> Sent: Saturday, 05 February, 2005 14:08
> To: vuln-dev (at) securityfocus (dot) com [email concealed]
>
> create a file named foobar.html
> create a folder named foobar_files
> copy a bunch of files (of any type) inside foobar_files
> delete foobar.html
>
> notice that windows h

[ more ]  [ reply ]
RE: problem in off by one overflow 2005-02-07
Steven Alexander (alexander s mccd edu)
Off-by-one exploits do not work by pointing ebp at shellcode like a
straightforward exploit does with eip. ebp points to the local stack
frame. The ebp stored on the stack points to the previous local stack
frame. You need to modify the saved ebp value to manipulate the stack
frames in such a way

[ more ]  [ reply ]
problem in off by one overflow 2005-02-05
Breno Pinto (breno secforum com br) (1 replies)


Hi,

I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, i receive an SIGSEGV message.

SIGSEGV message in 0x90909090 ??

I´m using red hat 7.3 and gcc 2.95.

Anybody knows why 0x90909090 broke my exploitation ?

Thanks

Breno

[ more ]  [ reply ]
Re: problem in off by one overflow 2005-02-07
Alex (alex00882007 gmail com)
win2k, XP deletes somename_files when somename.html deleted 2005-02-05
q q (systemcracker gmail com) (1 replies)
well, the title says it all really;

create a file named foobar.html
create a folder named foobar_files
copy a bunch of files (of any type) inside foobar_files
delete foobar.html

notice that windows has also deleted foobar_files and everything inside it

the reason is that when you choose to save a

[ more ]  [ reply ]
Re: win2k, XP deletes somename_files when somename.html deleted 2005-02-07
Albert N. Umerov (bert_umerov bluebottle com)
RE: xml over https 2005-02-07
Burke, Charles (Charles_Burke HomeDepot com) (1 replies)
This web services was not using WS Security was it?
I am assuming the xml encryption was custom or was it provided by WSE?

-----Original Message-----
From: Mads Rasmussen [mailto:mads (at) opencs.com (dot) br [email concealed]]
Sent: Friday, February 04, 2005 7:33 AM
To: vuln-dev (at) securityfocus (dot) com [email concealed]
Subject: Re: xml over https

[ more ]  [ reply ]
Re: xml over https 2005-02-10
Mads Rasmussen (mads opencs com br)
Re: xml over https 2005-02-05
Barnett E. Kurtz (barnett entrodata net)
Here are some references from MS to get you started:

"Stop SQL Injection Attacks Before They Stop You"

http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/

"Validating User Input"

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/bldgapp
s/ba_highprog_11kk.asp

"Cross

[ more ]  [ reply ]
RE: xml over https 2005-02-03
Butler, Theodore (tbutler witsusa com) (1 replies)
SOAP provides the transport envelope for XML. XML represents and extends HTML data by providing additional descriptions via metadata. WSDL describes the web services, while UDDI supports registration and discovery of web services. All are evolving protocols that take advantage and use existing proto

[ more ]  [ reply ]
Re: xml over https 2005-02-04
Mads Rasmussen (mads opencs com br)
xml over https 2005-02-01
Mads Rasmussen (mads opencs com br)

I don't have much details on the application yet, but I will have to
analyse an application using xml encodings over https.
Don't know if it's SOAP although I don't think so.

I was thinking of applying some injection techniques, if anyone has some
pointers I would appreciate them

Thanks

Mads

[ more ]  [ reply ]
RE: IE crash 2005-02-02
Scovetta, Michael V (Michael Scovetta ca com)
Fabio,
It has very little to do with IE. The hs_err_pidXXXX.log files are
dumps that the JVM makes when it crashes when in native code.

I belive this JVM bug may be:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4816519

There are reports of this happening on NT and XP, but since the bug

[ more ]  [ reply ]
IE crash 2005-02-01
Fabio Ruini (fabio ruini aliceposta it)
Hi at all,

yesterday evening I was working at my pc, running multiple windows of
Internet Explorer at the same time. When I tried to open the 40th IE's
windows (I know, 40 windows simultaneously open is a big number, but I had
many reasons to do this kind of operation... :-/) I encountered a crash

[ more ]  [ reply ]
Fwd: MS05-002 xploit modification - connectback addition 2005-01-30
Benn Goldman Rivers (benoror gmail com)
Filename with greetings ... sorry

On Sun, 30 Jan 2005 00:41:16 -0600, <benoror (at) gmail (dot) com [email concealed]> wrote:
> /* WC-ms05002-ani-expl-cb.c: 2005-01-30: PUBLIC v.0.2
> *
> * Copyright (c) 2004-2005 WhiskyCoders.
> *
> * (MS05-002) Microsoft Internet Explorer .ANI Files Handling Exploit
> * (CAN-2004-1049)

[ more ]  [ reply ]
Format Strings nonexec heap/stack 2005-01-30
Alex (alex00882007 gmail com)
Hello, this is my first post. I hope its in the list.

I am posting to get some help in developing an exploit for such a condition.

The environment:
Freebsd machine, nonexec heap/stack. This is a suid binary, but is
not calling setuid().

main()
{
char * ptr ;
ptr = getenv("TERM");

[ more ]  [ reply ]
RealPlayer 10.5 Denial of Service and possible Overflow 2005-01-24
Carlos Ulver (carlos ulver gmail com)
Well i was trying to find something in .ra format. I found something
interesting(I think)
I had an old .Ra and tryed to change some information of the file(via
an hexadecimal editor):
All my .ra files begin always with the following code:
.ra......ra4.........r.........>................+........
If

[ more ]  [ reply ]
(Page 25 of 75)  < Prev  20 21 22 23 24 25 26 27 28 29 30  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus