They did last time... But your advice is actually well noted :) >-----Original Message----- >From: James Condron [mailto:[email protected]] >Sent: Sunday, March 18, 2012 10:06 AM >To: Thor (Hammer of God); [email protected]; full- >[email protected] >Subject: Re: [Full-disclosure] ms12-020 PoC > >Nobody said a word. > >Relax more and you might live long enough to write your next book. > >Sent using BlackBerry® from Orange > >-----Original Message----- >From: "Thor (Hammer of God)" <[email protected]> >Sender: [email protected] >Date: Sun, 18 Mar 2012 17:03:25 >To: [email protected]<[email protected]> >Subject: Re: [Full-disclosure] ms12-020 PoC > >P.S. Before someone starts accusing me of "spamming" for the book, (one >asshat tried to compare me to Juan whats-his-face once) note you can actually >view most of the RDP chapter (and others) on the Amazon "preview a page" >feature if you would like. > >If you are interested in RDP security, I suggest you take a free read on >Amazon. Many are worried about worm activity from 020, and I am far more >interested in pointing you to free material that helps you secure yourself and >others than I am trying to make a buck on the book. > >If anyone has any questions about how any of this works, I'm happy to help if I >can. > >t > >>-----Original Message----- >>From: [email protected] >>[mailto:full-disclosure- [email protected]] On Behalf Of Thor >>(Hammer of God) >>Sent: Sunday, March 18, 2012 9:21 AM >>To: Nahuel Grisolía; root >>Cc: [email protected] >>Subject: Re: [Full-disclosure] ms12-020 PoC >> >>You establish a connection to TSGateway via RPC over HTTP in an SSL tunnel. >>Once you are authenticated and authorized, the TSGateway server will >>establish a connection via RDP to the target server, tunneling the RDP >>connection back to you within the RPC/HTTP(S) channel. >> >>As such, TSGateway is obviously unaffected by this vulnerability. For >>those of you looking for mitigation and not kiddie code to pop a box, >>note that simply using NLA mitigates both RDP issues. >> >>This might be a good time to point out than anyone who followed any of >>my advice in the RDP chapter of Thor's Microsoft Security Bible, or who >>is using the little ThoRDP tool I wrote (also in the book) was protected from >these >>vulnerabilities way before they were discovered. I say that to simply >identify >>that some simple, effective techniques can be deployed that thwarts the >>hours and hours people put into developing exploit code and the wasted >>time chasing all this stuff down. *THAT* is what security is about, btw. >> >>t >> >>>-----Original Message----- >>>From: [email protected] >>>[mailto:full-disclosure- [email protected]] On Behalf Of >>>Nahuel Grisolía >>>Sent: Friday, March 16, 2012 11:41 AM >>>To: root >>>Cc: [email protected] >>>Subject: Re: [Full-disclosure] ms12-020 PoC >>> >>>Guys, >>> >>>What about TS Gateway? which is actually listening on port 443 (by def)... >>> >>>thanks! >>> >>>Nahu. >>> >>>On 16 March 2012 15:12, root <[email protected]> wrote: >>>> The SABU code is fake (go figure). >>>> This python script is the first port of the Luigi code to python, >>>> that's why sucks. >>>> >>>> Here are better ports: http://pastebin.com/4FnaYYMz and >>>> http://pastebin.com/jzQxvnpj >>>> >>>> On 03/16/2012 02:50 PM, Exibar wrote: >>>>> Is that the same code from yesterday? I thought that code was a >>>>> fake and >>>didn'kt do anything? >>>>> >>>>> Anyone confirm this? >>>>> >>>>> Exibar >>>>> Sent via BlackBerry by AT&T >>>>> >>>>> -----Original Message----- >>>>> From: kyle kemmerer <[email protected]> >>>>> Sender: [email protected] >>>>> Date: Fri, 16 Mar 2012 12:01:16 >>>>> To: <[email protected]> >>>>> Subject: [Full-disclosure] ms12-020 PoC >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>>_______________________________________________ >>>Full-Disclosure - We believe in it. >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>Hosted and sponsored by Secunia - http://secunia.com/ >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
