Is this thread about a sk who talk about shit he doesnt know, or impacket, or about an actual vuln ?
Not sure here Le 14 nov. 2011 00:56, "Dan Tulovsky" <[email protected]> a écrit : > http://www.secdev.org/projects/scapy/build_your_own_tools.html > > Seems to be what you want. > > On Sat, Nov 12, 2011 at 12:27 PM, Darren Martyn > <[email protected]> wrote: > > Off topic (kinda) but with all this talk on SCAPY, has anyone a good > > reference on using it IN a python script for crafting/reading packets? Me > > and a friend wanted to write a python version of Ettercap/dsniff using > the > > SCAPY libraries as a challenge and as a learning experience. Even if we > can > > just get some reliable ARP poisoning to work with it we will be pretty > > happy, and will have learned something. Any good literature? > > > > Also, ON topic - > > http://packetstormsecurity.org/files/106873/winnuke2011.sh.txt > > > > On Sat, Nov 12, 2011 at 11:39 AM, Mario Vilas <[email protected]> wrote: > >> > >> I've used Impacket to craft raw packets of all kinds. Then again I don't > >> know if that counts - used to work at Core at the time, so it was pretty > >> much the only choice due to licensing issues with other libraries. > >> I don't mean to say it's a bad tool to work with, not at all. I happen > to > >> prefer the newer Scapy, but it's just a matter of personal taste. :) > >> > >> On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal <[email protected] > > > >> wrote: > >>> > >>> Dear Dan, > >>> Impacket was at first a Pysmb copy/update from Core Security in order > to > >>> play with RPC. (look at the source) > >>> They've done some work on pysmb library in order to implement DCE/RPC > >>> functionality in this dinosaurus lib. > >>> Saying that we should use Impacket in order to craft *raw* UDP packet > >>> is definitively the dumbest thing I've heard today. Seriously. Anyone > can > >>> confirm that ? Mario ? Carlos ? .... > >>> Anyways, This guy doesn't understand shit, talks a lot about shit he > >>> doesn't know about, why would you even spend time reading his shit ? > >>> This vulnerability is about sending a *huge fucking* stream of UDP > >>> packets on a closed port in order to trigger a int overflow via a ref > count. > >>> Most of the people here didn't even understand what we are talking > >>> about/dealing with. > >>> Anyways, it's probably time for you to unsubscribe since you don't > follow > >>> and S-K's like [email protected] are trying to act like they know. > >>> Yeah right, a UDP int overflow triggered via a refcount UDP overflow > that > >>> you can trigger with 1 single TCP (with the right ACK) packet is the > way to > >>> go. > >>> This mailing list is getting gay, seriously. > >>> Cheers, > >>> Antony. > >>> > >>> > >>> > >>> On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance <[email protected] > > > >>> wrote: > >>>> > >>>> Okay, now I'm confused! > >>>> From http://oss.coresecurity.com/projects/impacket.html > >>>> "Impacket is a collection of Python classes focused on providing > access > >>>> to network packets. Impacket allows Python developers to craft and > decode > >>>> network packets in simple and consistent manner. It includes support > for > >>>> low-level protocols such as IP, UDP and TCP, as well as higher-level > >>>> protocols such as NMB and SMB. Impacket is highly effective when used > in > >>>> conjunction with a packet capture utility or package such as Pcapy. > Packets > >>>> can be constructed from scratch, as well as parsed from raw data. > >>>> Furthermore, the object oriented API makes it simple to work with deep > >>>> protocol hierarchies." > >>>> Thanks for your input Antony. Can you explain why impacket has nothing > >>>> to do with crafting UDP packets? > >>>> > >>>> Fascinating thread this. Thanks to all!! > >>>> > >>>> dan :) > >>>> On 11 November 2011 22:42, Antony widmal <[email protected]> > >>>> wrote: > >>>>> > >>>>> You are definitely a lamer secn3t. > >>>>> Also for you little brain, impacket has nothing to do with crafting > UDP > >>>>> packets.. > >>>>> Thanks for proving this again and again. > >>>>> On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <[email protected]> wrote: > >>>>>> > >>>>>> well look at that :P > >>>>>> not same author but , nice coding predelka! good one, i will add you > >>>>>> to crazycoders.com coderslist... i guess there is a few codes you > have > >>>>>> now done wich might be useful... cheers. > >>>>>> xd > >>>>>> > >>>>>> > >>>>>> > >>>>>> On 12 November 2011 05:43, Ryan Dewhurst <[email protected]> > >>>>>> wrote: > >>>>>> > An attempt at a possible MS11-083 DoS/PoC exploit, by > >>>>>> > @hackerfantastic: > >>>>>> > > >>>>>> > http://pastebin.com/fjZ1k0fi > >>>>>> > > >>>>>> > On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) > >>>>>> > <[email protected]> wrote: > >>>>>> >> Yeah, I gotta say, I’m going to use it at some point ;) > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> >> From: [email protected] > >>>>>> >> [mailto:[email protected]] On Behalf Of > >>>>>> >> Mario Vilas > >>>>>> >> Sent: Friday, November 11, 2011 9:02 AM > >>>>>> >> To: Ryan Dewhurst > >>>>>> >> > >>>>>> >> Cc: [email protected] > >>>>>> >> Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in > >>>>>> >> TCP/IP > >>>>>> >> Could Allow Remote Code Execution (2588516) > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> >> I liked the "heavy breather in the perv closet" bit. > >>>>>> >> > >>>>>> >> On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst > >>>>>> >> <[email protected]> > >>>>>> >> wrote: > >>>>>> >> > >>>>>> >> I think Jon just said what everyone else was thinking, he said > what > >>>>>> >> I > >>>>>> >> was thinking at least. > >>>>>> >> > >>>>>> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <[email protected]> > >>>>>> >> wrote: > >>>>>> >>> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <[email protected]> > wrote: > >>>>>> >>>> About the PPS, i think thats a very bad summary of the exploit, > >>>>>> >>>> 49days > >>>>>> >>>> to send a packet, my butt. > >>>>>> >>>> There is many people assuming wrong things, when it can be done > >>>>>> >>>> with > >>>>>> >>>> seconds, syscanner would scan a -b class in minutes, remember > it > >>>>>> >>>> only > >>>>>> >>>> has to find the vulns, gather, then it would break scan, and > >>>>>> >>>> trigger > >>>>>> >>>> vuln... so in real world botnet, yes then, with tcpip patchers, > >>>>>> >>>> like > >>>>>> >>>> somany ppl i know myself, even use (tcpipz)patcher ) , wich > >>>>>> >>>> rocks... > >>>>>> >>>> and it is ONLY one wich actually works, when you maybe modify > the > >>>>>> >>>> src > >>>>>> >>>> so the sys file, is dropped from within a .cpp file, well thats > >>>>>> >>>> up to > >>>>>> >>>> you but thats better way to make it work, this will open > >>>>>> >>>> sockets/threads, as i could, easily proove with one exe, but, > the > >>>>>> >>>> goal > >>>>>> >>>> is, to trigger the vuln then exploit it, less than 49days :P , > so > >>>>>> >>>> , > >>>>>> >>>> iguess if this exploit, in real form, gathered 2 million hosts > >>>>>> >>>> over 3 > >>>>>> >>>> nights.. i guessing that the exploit, could possibly be > triggered > >>>>>> >>>> with > >>>>>> >>>> ONE properly setup packet.. people forget that, a packet is one > >>>>>> >>>> thing, > >>>>>> >>>> and a crafted UDP packet, is quite another.. > >>>>>> >>> > >>>>>> >>> I'd really like to see you actually explain this bug with code. > >>>>>> >>> Either > >>>>>> >>> with a poc or with the disassembly. You seem to act like you > know > >>>>>> >>> what's going on, but so far your description has been off base > >>>>>> >>> (from > >>>>>> >>> what I can make of your writing). > >>>>>> >>> > >>>>>> >>> No one cares about paragraphs of speculation and bragging, code > or > >>>>>> >>> you > >>>>>> >>> are just another heavy breather in the perv closet of FD. > >>>>>> >>> > >>>>>> >>> _______________________________________________ > >>>>>> >>> Full-Disclosure - We believe in it. > >>>>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>>>> >>> Hosted and sponsored by Secunia - http://secunia.com/ > >>>>>> >>> > >>>>>> >> > >>>>>> >> _______________________________________________ > >>>>>> >> Full-Disclosure - We believe in it. > >>>>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>>>> >> Hosted and sponsored by Secunia - http://secunia.com/ > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> >> -- > >>>>>> >> “There's a reason we separate military and the police: one fights > >>>>>> >> the enemy > >>>>>> >> of the state, the other serves and protects the people. When > >>>>>> >> the military > >>>>>> >> becomes both, then the enemies of the state tend to become the > >>>>>> >> people.” > >>>>>> > > >>>>>> > _______________________________________________ > >>>>>> > Full-Disclosure - We believe in it. > >>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ > >>>>>> > > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Full-Disclosure - We believe in it. > >>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>>>> Hosted and sponsored by Secunia - http://secunia.com/ > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> Full-Disclosure - We believe in it. > >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>>> Hosted and sponsored by Secunia - http://secunia.com/ > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Full-Disclosure - We believe in it. > >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > >> > >> -- > >> “There's a reason we separate military and the police: one fights > >> the enemy of the state, the other serves and protects the people. When > >> the military becomes both, then the enemies of the state tend to > become the > >> people.” > >> > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > -- > > My Homepage :D > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
